Permissions changing virus?

By winsane ·
I recently took on a new position as Network Admin. While entering a new user account in the domain, I noticed that the person who I was copying permissions from was Enterprise Admin. This particular user is just a welder. When I logged out of my RDP session and sat at the console of the server, I looked again and the user had only 3 permissions, Everyone, Authenticated User and Eng_Drawings (read only access to Engineering drawings). I changed nothing. Is this some kind of rootkit or virus?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

Could be almost anything with what you have provided here

by OH Smeg Moderator In reply to Permissions changing viru ...

As we do not know what you are using or how it is being used we need to be told so we can help you out.

So what OS is in use here and so on so that we can help you out?

Depending on how the Linux Sever was configured it could just be a bad Setup or it could indicate a Infection from a specialized Attack Vector in an attempt to steal the Business Data.

OH if you are using some form of Windows the Same applies but without the Specialized Attack Vector as it is much easier to Break into any Windows Server some more so than others though so it's hard to say what is happening here.


Collapse -

I would recommend that you DON'T tell the user ...

by OldER Mycroft In reply to Permissions changing viru ...

That they are JUST a welder.

Not unless you are a welder as well as a Network Admin.

Related Discussions

Related Forums