I am about 7 months into the job of an IT assistant and all of a sudden my boss decides to take a month long vacation at the last minute. Everything went good for about a week when we have found administrator password changes that no one made. Called tech support and fixed that one. Things ran smoothly for a couple of weeks and this past Thursday, now have random folders that will not open even as the administrator on the server itself. Says to contact server administrator, but already logged in as such. We have Windows 2003 Server networked to about 25 computers. Only 6 computers are having issues, but we are talking about alot of files in each folder that won't open. Some with XP and some with Windows 7. Like I said, I am new at all of this and am left with this mess. Can anyone help please?

Hello, sorry but password changes are not done on its own. It is made from someone. Did you check all admin groups in AD UC Users container that only users are listed that are admins? Which TechSupport are you talking about, i thought you are the admin? Which error is shown if you try to open a folder? Did yo check the machine with up to date AntiVirus? Is the server installed with SP2 and the latest updates?Best regards Meinolf Weber MVP, MCP, MCTS Microsoft MVP - Directory Services My Blog: http://msmvps.com/blogs/mweber/ Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

Hi Lissa, The administrator password change was more than likely changed by someone or the administrator account was subject to password expiration which is generally not set by default. Microsoft tech could have provided a RCA for this as per the logs. Either way you need to secure your system as there is someone/something interfering with it. First step is to email or call your boss and see if he/she can have a conference call with you for 30 mins to discuss some security issues. It is important that you discuss this with your boss and seek direction on what to do next and how to handle it. I dealt with a situation in a previous job where we had destructive activity by a past employee and here is how I dealt with it. * Conduct an employee survey of all computer users, include items such as Job Title, Department, Shares Used, Applications Used * Identify the access of the employees applications and create associated groups (Generic Corp Accounting / Generic Corp Payroll) * Have their respective Managers/Supervisors sign off each survey for access reasons * Build a plan of action - On paper put the users in their respective groups (Finance-RO / Finance-FULL / Customer Care-RO) where RO- is read only etc. * Look for an opportunistic moment where the server can be taken offline for maintenance (Usually after business hours or at weekend) * Disable the switch port which connects to the outside world (Internet) or just power down the modem - (If Running Exchange in house DO NOT DO THIS) * Identify any installed software which may pose a business risk such as remote login software, malware etc and remove them once discussed with your boss * Update both virus and malware scanners and perform full scan * Change the administrator password to a good strong password and keep it on a need to know basis. * Create an additional administrator account again with a good password as above, however with this account, restrict its login times to certain times of the day (e.g. 12pm and 12am for 30 mins each) This helps as an emergency admin login. Again keep confidential the password and login windows * Disable all business user accounts - (NOTE - If this is also an exchange server DO NOT DISABLE) * Check share groups and ensure users have the respective access as per their managers sign-off (Add/Remove as appropriate) * Enforce a password change for all users and set an expiry date and password strength policy (Recommended 30-90 days) * Re-Enable only active users who have submitted a survey and is signed off by manager * Disable all other accounts from previous employees and change the password to a random password * Re-Enable your internet connectivity port on switch or power up the modem * Test Test Test! Test shares, applications, NT Login etc. * Document all your actions and file away appropriately. Do not include passwords on documentation, ensure that the passwords are kept save via another means like a password vault appliance or other means. Things To Consider: * When you have a contractor or 3rd party working on your systems, Create a temporary account for them and remove once completed. * Ensure all non-employees sign a non disclosure agreement before granting access * Have your company draft up an IT access policy which can be signed by all employees * Create and enforce SOP's (Standard Operating Procedures) for the creation and removal of IT access and ensure strict adherence. Hope it works out for you! Martin If you find my information useful, please rate it. :-)

hi Lisa, It seems someone messed with ACLs on the files and folders and caused those issues. Might even have been a user who had Full Control on the folders (that's why you don't usually grant Full Control to users). In a simple way, as admin you can take ownership of the files and folders and correct the access rights, but this sounds more like an issue for you to check with your boss before taking any action (as mentioned by Martin). The admin password would not change by itself, but this indicates another issue I think - do multiple people use the same admin account/pwd? If yes, there's another problem. Your boss should have his own admin account, you should have your own admin account...otherwise there's no control. Speak to your boss and confirm the course of action to solve the issue. Afterwards you should put the appropriate controls and practices in place to avoid these issues. Martin has written a lot of good advice and best practices commonly used. hope this helps, David