Sign in with
Sign up | Sign in
Your question
Solved

Should I reinstall SBS 2011 and Exchange 2010 or wade through the poor setup and malware?

Tags:
  • Virtual Machine
  • Malware
  • Clean Install
  • Exchange
  • Windows Server
  • Active Directory
  • Servers
  • Business Computing
Last response: in Business Computing
Share
July 27, 2013 7:57:33 PM

I am in need of advice from those far more knowledgeable than myself!

Long story short; I am on the board of a non-profit and until recently we had an on-call IT contractor that we thought took care of our server and local network while I took care of the website, minor tech support, network cabling, etc... as part of my volunteering. Our IT guy recently took another job and could no longer be on contract so I volunteered to fill that role as well. I have very little server experience (especially with anything not apache), but I am always up to learn and help out.

After finally getting the password to log onto our server to get a feel of what small business server 2011, Exchange 2010, a virtual host, active directory, etc... was like, I soon discovered things were not as they should be. The exchange account set up is ancient and wrong (guess we stopped using it 2 years ago when I built our new website that was not hosted in house?), All of the active directory settings were simply at non-configured default, 5-6 computers that no longer exist were there, along with sever users who had left years ago. No updates had been pushed out for quite some time, and it just kept going. Along with an ever failing server backup and constantly crashing sbs 2011 console. I discovered root kits on 4 of the workstations soon enough, and today confirmed my great fear of having a nasty infestation on the server itself.

On the bright side, I have managed to secure all of the install discs and our tech soup account has more software to pull down for any product with a few mouse clicks.

My question then is this: should I take on the malware infested, horribly configured server as it is and work my way to a clean and well configured set up, or do I need to take off and nuke the entire site from orbit? I should add that the rootkits on the server seem to be confined to user shares that belong to no longer extant users and since nothing was set up correctly, most of the organization's files are, for better or worse, all on the local workstation hard drives and for the time clear of infection/rootkits. Emails are all on our web host's servers, so it looks like even a total format of the server (if that is the way to go), would not result in any sort of crippling loss.

If anyone has any advice on the road I should be taking, I would definitely appreciate it!

More about : reinstall sbs 2011 exchange 2010 wade poor setup malware

Best solution

July 27, 2013 8:16:41 PM

With that level of previous screwup, I would blow it away and start fresh. Otherwise, you'll be chasing that fools problems for months.

Design what you want it to do, and build it.
Share
July 27, 2013 8:43:55 PM

USAFRet said:
With that level of previous screwup, I would blow it away and start fresh. Otherwise, you'll be chasing that fools problems for months.

Design what you want it to do, and build it.



Thanks for the reply! After the ever growing list of things to fix, a complete wiped began to look like the best route, but again, little server experience so wanted to make sure I was not jumping into an even worse situation. Besides, after seeing all the mess, the thought of a clean and shiny install and build from the ground up is rather appealing at this point!
m
0
l
July 29, 2013 9:27:42 PM

I agree. But for one simple fact: malware.

If you even think you have it, start clean. You WILL be chasing it forever. And all the while, your NPO will be used to host malware, steal your information, send spam, etc., etc. You definitely don't want your NPO to be blacklisted for anything like that.

There is a very good reasons any competent IT department of any major corporation instantly pulls an infected machine and replaces it with a clean system. You should too. Plus, building it up from the ground you WILL know how it is setup, configured, and intended to be used.
m
0
l
August 8, 2013 3:43:38 AM

tigerg said:
I agree. But for one simple fact: malware.

If you even think you have it, start clean. You WILL be chasing it forever. And all the while, your NPO will be used to host malware, steal your information, send spam, etc., etc. You definitely don't want your NPO to be blacklisted for anything like that.

There is a very good reasons any competent IT department of any major corporation instantly pulls an infected machine and replaces it with a clean system. You should too. Plus, building it up from the ground you WILL know how it is setup, configured, and intended to be used.


Did a clean install. Very glad I went that route. Other than some driver issues at install, went very well, and looks so much nicer all clean and new, not to mention easier to actually use (no more zombie computers/users, yay!). And knowing there is no malware is a big plus, lol.
m
0
l
!