local admin password had been hacked

Question

hi all

lately i installed new pc's with windows 10 and joined them to active directory

moreover each pc has local admin user and hard password but some how these password were changed

and i had to reset them to my admin password

its realy embarassing as if some one else manage my network and delete docs and data from a share folder

1. could this be a cyber attack since also many files have been deleted from ashared folder from june 2023 few times
2. what should be the actions to avoid such events

thanks for the help !!

Answer 1

Hello, It does sound like there could be unauthorized access to your network. Here are some steps you could try to secure your network: Change all passwords: Start by changing all passwords on your network, including for Active Directory, local admin accounts, and shared folders. Make sure to use strong, unique passwords. Check for malware: Run a thorough malware scan on all systems in the network. Some types of malwares can give attackers remote access to your systems. Update and patch systems: Make sure all your systems are updated with the latest security patches. Out-of-date systems can have vulnerabilities that attackers can exploit. Review user accounts and permissions: Check all user accounts in Active Directory and on local systems. Delete any accounts that shouldn’t be there and review the permissions for all accounts. Only give users the permissions they need to do their jobs. Implement a security policy: If you don’t already have a security policy, now is a good time to implement one. This should include rules for password complexity and change frequency, acceptable use, and rules for accessing and sharing files. Monitor network activity: Use network monitoring tools to keep an eye on network traffic. Look for any unusual activity that could indicate an attack. Best Regards,
Hania Lian

---If the Answer is helpful, please click "Accept Answer" and upvote it.