Over the past few weeks we've had two unwanted connections to our SBS 2003 box, in that without us knowing someone is connecting through remote desktop, being able to successfully log in and then do some of the following:
- Create new Admin accounts
- Remove Software
- Install Software
We are only noticing this when we see software has altered or new users have appeared in Active Directory Users & Computers.
We've changed all domain admin account passwords and thoroughly scanned the server for Malware/Viruses when this first happened but its happened again over the past few days.
My next step was going to be to disable the built in administrator account.
Any more thoughts on what this could be or how to stop it?
Thanks!
- Create new Admin accounts
- Remove Software
- Install Software
We are only noticing this when we see software has altered or new users have appeared in Active Directory Users & Computers.
We've changed all domain admin account passwords and thoroughly scanned the server for Malware/Viruses when this first happened but its happened again over the past few days.
My next step was going to be to disable the built in administrator account.
Any more thoughts on what this could be or how to stop it?
Thanks!