.
DC to this user. I have SBS server scripts which alerted me that the user =
had been created, a user had tried to log in, but then the server kicked th=
em off (I then deleted the account).
ts. I have very strong passwords on all user accounts and would have been =
notified if they got through and RDC'd/logged in to any of these accounts?
through SQL or something? Really confused (and concerned).
First of all, why on earth do you have port 3389 facing the internet? This =
is VERY bad security practise!
Here is what you should do, in order:
1) Change all administrator passwords and anyone who could have logged on r=
emotely via RDP that has permission.
2) Configure remote settings on the server to ONLY allow ONE user account t=
o log on (e.g srv-admin)
3) DO NOT USE THE ADMINISTRATOR ACCOUNT on SBS2003 - Create another admin a=
ccount with full domain admin privileges and disable the 'administrator' ac=
count.=20
4) Configure RRAS/VPN so you can VPN to your server, and access RDP that wa=
y.
These are basic security principles, if you have not done these basic steps =
you should obtain professional assistance as you are putting your business =
(or the business you run) at serious risk.
Hope this helps.