Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

is it possible to log on to SBS server via local admin unauthorised?

Posted on 2014-10-01
3
Medium Priority
?
279 Views
Last Modified: 2014-10-14
Hi, I am facing issues with a server where, every time I log on I am having to revert back to the domain to be able to logon.   When I have logged on in the past it has always defaulted to the domain\administrator so I enter the password and I am straight in.

recently when I then go to RDP back in, first of all I am getting randomly kicked off and secondly its as if there is another account that someone else is logging on to.  

I believe its not possible to have a local admin account on a DC but how do i check to see if someone is logging on to this server without authorisation, is there some logging software or a quick way to check logs etc?

I may just be being paranoid but when I last logged on there were some software that was open for auditing and I know I didn't open it and as far as I am aware or my client, nobody else has access..

Thoughts please?

Thanks

Chris
0
Comment
Question by:chrishoy-iis
3 Comments
 
LVL 8

Expert Comment

by:Acosta Technology Services
ID: 40354494
Check the security log for event ID 528.  That is the event for a successful logon.  If the other user is using the same account as you (kicking you off the sessions) then this won't work, but a quick password change would probably fix that.
0
 
LVL 14

Accepted Solution

by:
Andy M earned 2000 total points
ID: 40354496
Hi Chris

No, an SBS server is always a domain controller so there won't be any local accounts - only the domain accounts. The 'Administrator' account name (and also admin) is a common target for hacking attempts so depending on how strong your password is it may have been compromised.

In this instance I would firstly prevent internet access to the server.
Reset the administrator password to something stronger (or even better - setup a domain admin account with a different name and disable the administrator account - make sure any services run under the new account before doing so)
I would then run a full anti-virus and anti-spyware scan on the system, check for any new applications that may have been installed.
It would also be worth checking through your AD to see if any strange looking/unknown accounts have been setup which may be also used to allow access to the server.

To check on logins the first port of call would be the Security log in event viewer as any login is recorded in there. There is also many different auditing software available as well as some batch/vb scripts that can create a log of when users log on when run as part of a startup script.
0
 

Author Closing Comment

by:chrishoy-iis
ID: 40379318
Checked all of the above and now secure from future access by anybody else.

Thanks
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here's a look at newsworthy articles and community happenings during the last month.
The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question