One of our customers has found that someone from outside is logging onto their server and creating new users/giving current users administrative rights and then using those accounts to remote desktop onto the server.
After going through their security logs I have found that the account used was the GHOST_WIN2K3SR account which I have now disabled. Does anyone know if there is a default password for this account or whether its set during the installation?
I havent had to install solution suite for a while.
They are using Ghost 8.2 Corperate