>I am still open to suggestions. Any hackers out there? There are quite a few exploits out there, but the most obvious thing is to make certain that there aren't an Domain Admin accounts that have obvious passwords. Have you ever run l0phtcrack against your server? If half of your users are using their first name as their password then it doesn't take a very brilliant hacker to get in. :) The suggestion to run MBSA or hfnetchk is also a good one...it is a lot of work to stay current with all of the security patches.