Mobiltech
asked on
CONCERNS ON SERVER 2003 BASIC PASSWORD RECOVERY, NEED HELP PLEASE
I am a server newbie that IS going trial by fire.
I have a business owner whose Admin quit and doesn't want to give up the paswords.
There is an exchange 2000 server
SQL server
Webserver
and what appears to be the DC and each have their own server.
I know how to get local admin access to the server and I plan to use this method to change the domain admin password:
http://www.petri.co.il/reset_domain_admin_password_in_windows_server_2003_ad.htm
The client used to employ about 30 people but is now down to 10 so I think its safe to assum AD is in place??
I am concerned that if I change the password, will it have adverse affects on anything?
Also, the former I.T. guy was a real control freak from what I hear, I would think that I would have to have everyone change their passwords, check VPN, terminal services and RDC? there is also a Pix506e that I probably have to change the password to also???
What other concerns are there?
I would greatly appreciate your input and help asap please.
Thanks.
I have a business owner whose Admin quit and doesn't want to give up the paswords.
There is an exchange 2000 server
SQL server
Webserver
and what appears to be the DC and each have their own server.
I know how to get local admin access to the server and I plan to use this method to change the domain admin password:
http://www.petri.co.il/reset_domain_admin_password_in_windows_server_2003_ad.htm
The client used to employ about 30 people but is now down to 10 so I think its safe to assum AD is in place??
I am concerned that if I change the password, will it have adverse affects on anything?
Also, the former I.T. guy was a real control freak from what I hear, I would think that I would have to have everyone change their passwords, check VPN, terminal services and RDC? there is also a Pix506e that I probably have to change the password to also???
What other concerns are there?
I would greatly appreciate your input and help asap please.
Thanks.
ASKER
I have it resolved. thank you.
ASKER
disregard the last entry. I was able to get in and change the admin account through AD as well as the former Admin's account.
ASKER
I have disabled most of the user accounts that are not in use. There are several 3rd party remote programs such as VNC, GoToMeeting, Dameware mini remote control. By changing his password and the admin password, will the former admin still have access?
I have checked the event viewer and he did log in remotely days before he quit but there are no other entry's with his account.
I can get into his account, the W2k exchange, 2k3 SQL but I cannot get into the webserver.
I have full access to the DC and AD. How do I change that password???
I have checked the event viewer and he did log in remotely days before he quit but there are no other entry's with his account.
I can get into his account, the W2k exchange, 2k3 SQL but I cannot get into the webserver.
I have full access to the DC and AD. How do I change that password???
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
the webserver is not on the domain.
I have tried knoppix and a few other programs but the sam on the webserver is read only.
i have accessed it with ntfdos and copied the sam.
i have tried attrib but the sam remains in read only.
I have changed the password to all domain and admin accounts
all i need now is to reset the local admin pw on the webserver
i tried cscript and had a script:
Const ReadOnly = 1
Set objFSO = CreateObject("Scripting.Fi
Set objFolder = objFSO.GetFolder("C:\Windo
Set colFiles = objFolder.Files
For Each objFile in colFiles
If objFile.Attributes AND ReadOnly Then
objFile.Attributes = objFile.Attributes XOR ReadOnly
End If
Next
but it does not run in dos mode.
I have tried knoppix and a few other programs but the sam on the webserver is read only.
i have accessed it with ntfdos and copied the sam.
i have tried attrib but the sam remains in read only.
I have changed the password to all domain and admin accounts
all i need now is to reset the local admin pw on the webserver
i tried cscript and had a script:
Const ReadOnly = 1
Set objFSO = CreateObject("Scripting.Fi
Set objFolder = objFSO.GetFolder("C:\Windo
Set colFiles = objFolder.Files
For Each objFile in colFiles
If objFile.Attributes AND ReadOnly Then
objFile.Attributes = objFile.Attributes XOR ReadOnly
End If
Next
but it does not run in dos mode.
ASKER
if i copy the sam onto a laptop and remove the permissions then copy it back to the server, will that work?
Ok.
Do a Google for "winternals erd commander". Download the ISO (about the third or fourth in results). Burn it to a CD and then reboot the server onto that.
From there it will allow you to change the admin password and/or create local accounts on the box to log into the server. Note that if there is a Group Policy for password lengths and such (i.e. Min 8 characters with a numeric) you will have to follow it.
After you create the account and/or change password, reboot and you should be able to get in.
Do a Google for "winternals erd commander". Download the ISO (about the third or fourth in results). Burn it to a CD and then reboot the server onto that.
From there it will allow you to change the admin password and/or create local accounts on the box to log into the server. Note that if there is a Group Policy for password lengths and such (i.e. Min 8 characters with a numeric) you will have to follow it.
After you create the account and/or change password, reboot and you should be able to get in.
ASKER
ok. will post as soon as I'm done
ASKER
I have booted off the erd disk but it is not finding a windows installation
ASKER
the server is a dell poweredge 1750
Is the boot drive local?
Can you get to a command prompt and find the boot.ini file?
Which version of ERD did you download?
Can you get to a command prompt and find the boot.ini file?
Which version of ERD did you download?
ASKER
boot drive should be local
once in erd there is no disk to mount, search or anything, just floppy and the CD
2007
once in erd there is no disk to mount, search or anything, just floppy and the CD
2007
ASKER
downloading 2005
You may need to add the Dell PERC drivers to ERD cd, or put them on a floppy, and manually load them.
Its been a while since I've used the ERD, so I'm kind of rusty.
Its been a while since I've used the ERD, so I'm kind of rusty.
Any luck with this?
So the ERD worked?
Glad to be of assistance. May all your days get brighter and brighter.
Glad to be of assistance. May all your days get brighter and brighter.
ASKER
no sir, ERD did not work. could not find the Admin Pak to create a new boot disk with the perc drivers and trying to slipstream them into an exisiting image looked iffy at best considering that i was a time crunch.
I copied the sam and system from the repair folder using ntfs dos with USB drive support and 0phed the pw.
I copied the sam and system from the repair folder using ntfs dos with USB drive support and 0phed the pw.
Sorry that didn't work. But I'm glad you came up with a good solution.
Thanks for letting us know.
Thanks for letting us know.
Then from there, use the new domain admin and change all the services that use admin to that new account.
Also look for any strange accounts that may be on the domain as well. It sounds like this guy probably created a back door account. Also any service accounts that don't regularly get their passwords changed, such as backup agents, or any services that run under account names instead of just LoaclSystem/NT Authority.