Security Breached - New SBS Installation

---

• From: "Nick" <Nick@xxxxxxxxxxxxxxxxxxxxxxxxx>
• Date: Fri, 26 Aug 2005 13:45:03 -0700

---

Our 2003 SBS Security has been breached with some "undesirables" remotely
logging in, and changing Policies and Permissions and effectively disrupting
the Server.
Fortunately the server had not long been setup, and therefore wasn't actually
'in service'.
(This all started when we had the web server and remote connections up and
running, using the in built wizards) The Router's firewall was also remotely
disabled, so a "fun time" was had by all!!
Anyhow, an interesting experience, and lessons to be learnt.
The question is however, we had a couple of non important client w\stations
joined to the domain, and am wondering if by re installing the server once
again, will this have a negative impact on the client side?
Apart from the obvious sharing\data links to the server (of which nothing
set up)
We've noticed that by joining the clients to the domain through the SBS
wizard, all local profiles\folders from the clients were successfully
imported over.
Consequently if they log in locally, their original local profiles no longer
exist, and are presented with a "Clean" Desktop.
Before we take the server offline for reinstallation, should we set the
clients back to a Workgroup to avoid complications later when trying to log
back on to a non existent domain, and in which case, does this restore the
local profiles and personal folders to the local machine?
There are currently extra user directories in 'Documents and Settings' that
were setup when joining the domain I.E 'user \ user. user \ user. Domain' -
Presumably these will remain.

Any help\guidance would be appreciated.
Tks guys


.

---

• Follow-Ups:
  • Re: Security Breached - New SBS Installation
    • From: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]

• Prev by Date: RE: SBS 2003 - http://companyweb - not working with ISA 2004
• Next by Date: Re: Shares for Mac on SBS2003
• Previous by thread: RE: SBS 2003 - http://companyweb - not working with ISA 2004
• Next by thread: Re: Security Breached - New SBS Installation
• Index(es):
  • Date
  • Thread

---

Relevant Pages RE: Group Policy, Firewall and RDP - Terminal Services ... I tried to tel net and ping the Clients by name and IP and received nothing. ... Re Ran CEICW on SBS server and VPN connector and still nothing. ... I went into the Group Policy and enable Remote Connection, ... I did mention that I CAN Remote into the Server right? ... (microsoft.public.windows.server.sbs) RE: Group Policy, Firewall and RDP - Terminal Services ... the clients cannot be connected remotely. ... How to configure Internet access in Windows Small Business Server 2003 ... Allow Remote Desktop exception. ... Microsoft Online Newsgroup Support ... (microsoft.public.windows.server.sbs) Re: TS Licensing problem ... I don't see why my activated W2000 TS server does't ... the remote computer. ... Remote clients are W2000 Pro and XP-Pro machines. ... but it wasn't my intention to mix up CALs and TS CALs! ... (microsoft.public.win2000.termserv.apps) SecurityFocus Microsoft Newsletter #152 ... MICROSOFT VULNERABILITY SUMMARY ... Real Networks Helix Universal Server Remote Buffer Overflow ... ... NEW PRODUCTS FOR MICROSOFT PLATFORMS ... (Focus-Microsoft) Re: remote web workplace no log on screen ... > actual server machine itself there was the login. ... Does the issue occur to external clients or LAN clients? ... On the SBS server, go to http://localhost/remote and log on as the ... Can you connect to Remote Desktop of your server? ... (microsoft.public.windows.server.sbs)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(18)