Hello all, hope you are well.
We have a troubling issue, and I thought I would solicit some feedback from the community.
First, some quick background. We are running 2 co-DCs with Win2k8 r2. One runs DHCP and DNS, the other runs Terminal Services (I do know it is not recommended, save that for another post).
A remote client, who only logs in via VPN and remote desktop, was having difficulty connecting to the internet today. Upon investigation, the client had their IP set to the static IP 192.168.173.1, despite having not changed it themselves (and believe me, they don't know how to even get that deep).
ALSO, in AD the account had been removed from the Remote Access group, despite no one (believe me, no one -- there are only two of us!) having changed it.
Our thoughts went right to Malware, so we are starting various scans now, but I was curious if folks had any other thoughts or experiences that could shed some light on this.
Let me know, and thanks in advance!
Dan