User's logon domain was switched to another one, is it hacking?
We have user left his computer on overnight and he found the logon domain was switched to another one (we have several domains in company). He suspected it's due to any hacking activity. Would anyone please advise? Thanks in advance!2 people need an answerI do too
July 19th, 2010 4:40am

I might be, that someone try to add itself to your domain. First discuss it with employee and see if anyone done it or not. Then if you suspect of hacking have a look at log files, if you have Anti-Virus in your enviroment run full system scan in all PC and see which PCs are come with Spyware or Trojan .Check Firewall too.
Free Windows Admin Tool Kit Click here and download it now
July 19th, 2010 6:06am

Thanks Cyber_Defend_Team, Users cannot add themselves into domain, only authorized IT staff can.
July 19th, 2010 11:19am

It is possible that someone might gain clearance or password of IT staff that can connect to domain, check their log files and see if any other suspect thing is there. I guess review log files is best way in this case.If case is hacking, I suggest to run full scan with MBSA and see if there is a vulnerability in something?http://www.microsoft.com/downloads/details.aspx?familyid=F32921AF-9DBE-4DCE-889E-ECF997EB18E9&displaylang=enAlso check with IT people that could make change in domain and make sure they password is strong and is NOT guessable.
Free Windows Admin Tool Kit Click here and download it now
July 20th, 2010 11:44am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics