Server access revoked by rogue admin

Home Forums Server Operating Systems Windows Server 2008 / 2008 R2 Server access revoked by rogue admin

Viewing 1 post (of 1 total)
  • Author
    Posts

  • Paul_Y
    Member
    #166841

    Hi all
    I consult for a company which has a file server running Server 2008 r2
    On Thursday afternoon the manager contacted me regarding RDP & VPN access to their server Based in Birmingham

    I got an RDP connection to the server with a view to a quick investigation

    Oh what a can of worms I opened

    I found the following

    · Symptom – Whenever we tried to RDP, the session would be disconnected within a minute automatically

    · Cause – RDP-TCP listener was not properly configured .

    · Resolution – I changed the setting in registry and this resolved the issue.

    Then on Friday we began a little deeper research
    There are 8 users of this server which had access either via RDP or VPN or both

    I do know that team viewer is installed to connect to clients around the country and have now revoked all access apart from myself and the manager
    Team viewer has now been removed, until we can trace which user logged in

    I know it wasn’t me or the manager, as he is a personal friend and I do trust him not to wreck his business
    There are thousands of confidential files that ‘could’ have been removed by another employee (they don’t have the skill set to wreck a server)

    Q1.What is the easiest way to find out if an RDP session was used to make registry changes?

    Q2. Where in the event logs does it show the connection IP addresses

    Q3. do RDP session connections show up in event logs etc

    that’s a start, answers please on a post card

    many thanks

    Paul

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.

External Sharing and Guest User Access in Microsoft 365 and Teams

This eBook will dive into policy considerations you need to make when creating and managing guest user access to your Teams network, as well as the different layers of guest access and the common challenges that accompany a more complicated Microsoft 365 infrastructure.

You will learn:

  • Who should be allowed to be invited as a guest?
  • What type of guests should be able to access files in SharePoint and OneDrive?
  • How should guests be offboarded?
  • How should you determine who has access to sensitive information in your environment?

Sponsored by: