Ghost Solution Suite

One of our customers has found that someone from outside is logging onto their server and creating new users/giving current users administrative rights and then using those accounts to remote desktop onto the server.

After going through their security logs I have found that the account used was the GHOST_WIN2K3SR account which I have now disabled. Does anyone know if there is a default password for this account or whether its set during the installation?

I havent had to install solution suite for a while.

They are using Ghost 8.2 Corperate

In 8.2 (which is what's in GSS1.0), the name and password for that account is asked for at install time, and I believe that the installer did have a default value for the password if a different one wasn't specified (what that default was, I don't know off the top of my head). In more recent editions there is no longer an installer prompt, and instead the configuration server will choose a randomly generated password.

If you drop me a line at nigel dot bree at gmail dot com I will get you in contact with the right folks from our side to help you investigate this.