0

One of our servers running Server 2019 was recently infected with malware. I removed the malware using malwarebytes but since then have not been able to connect to the server using RDP. It connects to the server and then gives me the message "Access is Denied".

I ran DISM and sfc to check system files. DISM repaired the store but sfc said nothing was wrong. The system was up to date on updates but I reran the 2021-11 cumulative update to be sure. I can log into the server locally with Administrator and my own account which is also an administrator. Terminal services are running but query session shows "no sessions exist for *".

This server is a domain controller so everything is through AD. Both accounts are members of the administrator group. I checked the group policies for this server against another working server and they were the same.

A side note, when I checked that remote desktop being enabled, I noticed that clicking the link from Settings gave me an error that "c:\windows\system32\systempropertiesremote.exe" cannot be accessed and that I may not have permission. This was on the Administrator account. I went to system32 and double clicked the file and it came right up so it is there and I have permission to access it. Something really got screwed up with permissions but I am at a loss as what to check next.

MaKAngribe
  • 1
  • 1
  • Have you tried to create a new domain user with the appropriate permissions to see if the issue extends to new domain users? – Ramhound Nov 30 '21 at 19:26
  • Yes. I created a new user that is a member of only the Domain Admins group and it also receives access is denied when I connect using it. – MaKAngribe Nov 30 '21 at 19:32
  • These users that you are attempting to use RDP with are part of the appropriate group giving them that privilege? Simply being part of the Administrator group does not give that access. – Ramhound Nov 30 '21 at 19:52

1 Answers1

0

Windows on this computer is now in a bad shape after being infected and then uninfected. Some settings and software may now be missing or corrupted.

The best solution is to format the disk and reinstall the server from scratch. This is guaranteed to give you a viable server.

If a fresh install is impossible, you will at least need to Repair Install of Windows 10 with an In-place Upgrade (applies also to Windows Server).

For more information see the post How can I remove malicious spyware, malware, adware, viruses, trojans or rootkits from my PC?

harrymc
  • 455,459
  • 31
  • 526
  • 924