Need some quick help, Active Directory / VPN / Exchange

Y

yroc

Limp Gawd
Joined
Jun 24, 2004
Messages
131
So long story short, my wife's IT guy is no longer working at her company(small office of 6) and my first concern was VPN access to database files and website access. The website is serviced offsite by a company so not too worried about that.

So I went over there today right after it happened and disabled their internet access (unpluged the modem, wireless router, and switch).

So now I need to go in and try and lock this thing down or at least change the passwords that he may have setup. So I have a short list of questions that any resources would be helpful.

1. How to stop VPN services
2. Remove his password from his profile so there is no chance he can get back in (mostly because they have exchange deployed and that would give him email access still until we change his password right?)

Im going to go in and change wireless network passkey and such, my main thing is I do know that they have VPN setup and im not familiar with the server side setup(is it a password i can change?)

Sorry if this is a little muddled, its been a weird day, I'll know more once I get in front of it and can take a look how he has the profiles setup and what not, anything helps.

Thanks guys and gals!
 
In AD you can right click his user account and select RESET PASSWORD. Type in the new password and taht is all set. This will change that. Notice other user accounts and if possible only allow folks who need VPN to have VPN. I would recommend that users with the dial-in access checked change passwords. Look around through the AD items for tucked away accounts. In all honesty, if the guy who had the keys wants to, he can get in. There are too many holes to try and outline how to plug them all.

VPN services - how are the provided? Is there a dedicated VPN appliance, through the firewall, running a RAS server? If RAS than by clearing the dial in tic you will disable that.

Good luck.


yroc said:
So long story short, my wife's IT guy is no longer working at her company(small office of 6) and my first concern was VPN access to database files and website access. The website is serviced offsite by a company so not too worried about that.

So I went over there today right after it happened and disabled their internet access (unpluged the modem, wireless router, and switch).

So now I need to go in and try and lock this thing down or at least change the passwords that he may have setup. So I have a short list of questions that any resources would be helpful.

1. How to stop VPN services
2. Remove his password from his profile so there is no chance he can get back in (mostly because they have exchange deployed and that would give him email access still until we change his password right?)

Im going to go in and change wireless network passkey and such, my main thing is I do know that they have VPN setup and im not familiar with the server side setup(is it a password i can change?)

Sorry if this is a little muddled, its been a weird day, I'll know more once I get in front of it and can take a look how he has the profiles setup and what not, anything helps.

Thanks guys and gals!
Click to expand...
 
yeah their use of VPN is mainly once a year when they are offsite for large event, but could be easily remedied by bringing a copy of their database with them and having it available.

Ideally removing the VPN would be best because they really just dont need it and its a security risk at this point, or until they can get someone permanent in there to configure it back up.

I want to say its Server 2003 but thats just speculation at this point.

Also from what I've read the exchange deployment integrates in with the users active directory profile(as far as usernames and passwords are concerned with getting emails) so if I go in to the active directory and reset his user password that will reset his email password as well? (ie their network login and email credentials are they same and I am assuming because they are indeed based of the same set of data?)
 
first things to do:

change domain admin password
reset it guy's password
change VPN key or cert
change wireless password/key
change password on firewall

What are you using for VPN?

Check server and workstations for remote control software like LogMeIn or CrossLoop, etc and either disable or uninstall.
Posted via [H] Mobile Device
 
Last edited:
Captain Colonoscopy said:
first things to do:

change domain admin password
reset it guy's password
change VPN key or cert
change wireless password/key
tunnel change password on firewall

What are you using for VPN?

Check server and workstations for remote control software like LogMeIn or CrossLoop, etc and either disable or uninstall.
Posted via [H] Mobile Device
Click to expand...

Don't know specifics at this point about VPN implementation, as stated earlier the guy probably googled how to do it and picked the easiest way to do it.

I'm really just there to patch things up, chances are he won't try anything, but you never know. I'm just wanting to go in with at least a basic laundry lists of things to try and do.

I just hope I'm better at googling than him :p

EDIT
Also he didn't have any idea about what was going to happen to him and he wasn't allowed near a computer once he had been notified (told the wife to tell the boss that when I heard about what was going on haha)
 
If you are patching security risks up shouldn't you know how to determine what type of vpn system is running?

Normally what we do is, especially for that small of a company.
1 - reset all user passwords, chances are the IT guy did alot of remote access or stuff after hours.
2 - reset server/administrator password
3 - reset routers/firewall/wireless passwords
4 - look through active directory and disable any old accounts/old employees/etc

Resetting password, and disabling his account will remove his VPN access..

5 - most are using Logmein these days, uninstall and reinstall with your account.

Thats usually all thats needed.

Getting more serious, look at hte domain registration, if its in that old guys name, swap the account before he gets fired cause lots of people hold hte .com hostage. Look at any hosted services and change account to your new email or the owners email, etc.
 
I reset the Domain admin password, his user account(so they can still access his email and such, I don't know anything about forwarding his mail to another account so for now I just made it so someone else can go in and check it) also any odd accounts that were set up as users but had generic names to them.

I also set up so all of the other users had to reset their passwords upon login

After rooting around a bit I didn't see any active services on the server system that was VPN related(unless active directory has built in services and I was looking in the wrong place)

hopefully it will tie them over until they get someone in there that can go through it and do things right

Thanks to all that got back to me last night, made me feel much more confident going in there this morning!

Any other suggestions will still be great, apparently I am the "IT" guy for the time being until they figure out whats going on.
 
You must log in or register to reply here.
Back
Top