Jump to content

Domain users being added to Administrators

Guest thajuggla4478

By Guest thajuggla4478
in Techno Babble

 Share

Recommended Posts

Guest thajuggla4478

Guest thajuggla4478

Posted
Posted

Hello all,

 

I have ran into a problem where our doamin users group is being added to

our administrators group nightly. I have tried several different things, but

to no avail. I am beginning to suspect that we have a hacker running loose

on our network here. Is there a way that I can lock this out short of using

the GPO?

 

Thank you,

Brett

  • Replies 2
  • Created
  • Last Reply

Popular Days

Popular Days

Guest Mathieu CHATEAU

Guest Mathieu CHATEAU

Posted
Posted

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

 

Hello,

 

does this occur only at night or after every reboot ?

 

Is it the domain admins group or the local administrators group ?

 

If it's domain admins, review the group membership, and change all

password of member's account

 

If it's local admin, it may be already a GPO, or scheduled tasks

 

Cordialement,

Mathieu CHATEAU

french blog: http://www.lotp.fr

english blog: http://lordoftheping.blogspot.com

 

 

thajuggla4478 a écrit :<span style="color:blue">

> Hello all,

>

> I have ran into a problem where our doamin users group is being added to

> our administrators group nightly. I have tried several different things, but

> to no avail. I am beginning to suspect that we have a hacker running loose

> on our network here. Is there a way that I can lock this out short of using

> the GPO?

>

> Thank you,

> Brett</span>

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.4.9 (MingW32)

Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

 

iEYEARECAAYFAkjX3C4ACgkQR16rF5v5prD+zwCeOHBJgLE9q5uzvW9OKgGqZYJw

P8MAn2+tmiXp9u20f0bZHsTyDkXf6BiJ

=+13k

-----END PGP SIGNATURE-----

Guest thajuggla4478

Guest thajuggla4478

Posted
Posted

Thank you for the fast response.

 

It happens every evening. I have not had it happen during a reboot.

 

It is the Local Administrators group.

 

Thank oyu for the help,

Brett

 

 

 

"Mathieu CHATEAU" wrote:

<span style="color:blue">

> -----BEGIN PGP SIGNED MESSAGE-----

> Hash: SHA1

>

> Hello,

>

> does this occur only at night or after every reboot ?

>

> Is it the domain admins group or the local administrators group ?

>

> If it's domain admins, review the group membership, and change all

> password of member's account

>

> If it's local admin, it may be already a GPO, or scheduled tasks

>

> Cordialement,

> Mathieu CHATEAU

> french blog: http://www.lotp.fr

> english blog: http://lordoftheping.blogspot.com

>

>

> thajuggla4478 a écrit :<span style="color:green">

> > Hello all,

> >

> > I have ran into a problem where our doamin users group is being added to

> > our administrators group nightly. I have tried several different things, but

> > to no avail. I am beginning to suspect that we have a hacker running loose

> > on our network here. Is there a way that I can lock this out short of using

> > the GPO?

> >

> > Thank you,

> > Brett</span>

> -----BEGIN PGP SIGNATURE-----

> Version: GnuPG v1.4.9 (MingW32)

> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

>

> iEYEARECAAYFAkjX3C4ACgkQR16rF5v5prD+zwCeOHBJgLE9q5uzvW9OKgGqZYJw

> P8MAn2+tmiXp9u20f0bZHsTyDkXf6BiJ

> =+13k

> -----END PGP SIGNATURE-----

> </span>

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...