I have a network with a domain controller and active directory users in one location Also in other location i have different domain controller and active directory users, There are separate domains
My problem is that i have a person who manages to connect from one location to another
Each location that has domain controller and active directory has a firewall.....it's about fortigate machineThis person has only user account in active directory. Local accounts of his computer are disable. On his computer the IP adress is static.Both server and workstations are up to date.
He succeeds using the Internet to connect to other network, using administrator privileges. This person makes changes on other computers both locations....normal changes that are made only by the network administrator.
I think it's a virus / trojan undetectable.I would like to know how can I scan servers, services from viruses / trojan undetectable and tracing how this persoon connect. From what I knew so far the user succeed to intervene over the user's session from a different computer without the user's knowledge or realizing and make any changes he wish
Any suggestion / feedback / opinion is appreciated...thank you