Everything posted by OutkastN8
Yea its pretty decent sized. We are under the umbrella of a company called BCG that buys up a bunch of smaller companies to leverage their ability to control the market share in that industry. The one I work for is pretty big also by itself http://www.ngkf.com/ we have about 400 offices around the world, so yea there is a team that manages GPO along with other things for us and our subsidiaries / partners. It becomes a huge mess though because as you can imagine the communication and ability to keep everyone on the same page gets more and more difficult the larger you become. I myself just do general IT but would like to move into info security in the future. Just trying to wrap my head around all ive missed over the years. Love this site and their YouTube channel though. Great source of info.
Just to update the thread you guys were right.. I spoke to the GPO team and they said in rare occasions they have seen something in the GPO knock the machine off the domain during updates on reboot and then the local admin accounts get wiped also. They were surprised that the Enterprise admin account could not be activated when they tried but I ended up having to re-image this machine to remedy the issue.. thanks to everyone who responded quickly .
Ok so I work in a domain environment and one of my machines has somehow lost domain trust relationship. I attempted to reset the account in AD and no luck so then I think no big deal Ill log in as a local admin and then rejoin it right? Wrong. I log in as the local admin account that is standard on our network when we image a machine and somehow it is no longer part of the group "administrators." So I have a few backup accounts to try.. One being a admin account for our help desk and one service account for auditing and other use. Both of these accounts are also either not part of the local administrators group anymore or they have been disabled. I tried unplugging the network cable and logging in as well as power-shell scripts and other things from safe-mode but so far cannot get admin level access. I can login to the desktop but im stuck. How do you think these accounts got removed from the administrators group and how the machine randomly lost domain trust? Were we hacked?