Windows SBS 2003 administrator password breaker
I have a windows 2003 Small business server (which means it is a domain controller), administrator user cannot login, it gives the error that "the system could not log you on. Make sure your username and domain are correct ......" Same error for remote desktop attempts.
I have used a few password breakers to try to reset the administrator account, but I keep getting the same login error message, even though the password breakers finish normally. I have used these breakers before with non-domain servers and have had good luck.
This is why I think it is a password issue, the administrator was logged in at the console and the screen saver comes on as usual. You could log in again using ctrl-alt-del and the "known" password to get past the screen saver password. I tried to access the server remotely to check why the backups had been failing, but I could not login. In hindsight, I think the backups stopped because the password had been changed and the reason the local console could login was because it was the cached screen saver password.
When I rebooted the server to try to clear the issue, it no longer would let me login, locally or remotely. Again in hindsight, had I known that the password was changed, I would have changed it before rebooting the server. I don't know how the password could get changed but I believe it was done through remote desktop since the screen saver locally was still the "known" password. It may be a hack and I am looking at the router logs to determine that. The server runs fine and shares files and everything else it is suppose to do.
Can anyone suggest how I can get into the server as the administrator with a password breaker that works on domain controllers? I don't have another user that is an administrator.
Thanks
I have used a few password breakers to try to reset the administrator account, but I keep getting the same login error message, even though the password breakers finish normally. I have used these breakers before with non-domain servers and have had good luck.
This is why I think it is a password issue, the administrator was logged in at the console and the screen saver comes on as usual. You could log in again using ctrl-alt-del and the "known" password to get past the screen saver password. I tried to access the server remotely to check why the backups had been failing, but I could not login. In hindsight, I think the backups stopped because the password had been changed and the reason the local console could login was because it was the cached screen saver password.
When I rebooted the server to try to clear the issue, it no longer would let me login, locally or remotely. Again in hindsight, had I known that the password was changed, I would have changed it before rebooting the server. I don't know how the password could get changed but I believe it was done through remote desktop since the screen saver locally was still the "known" password. It may be a hack and I am looking at the router logs to determine that. The server runs fine and shares files and everything else it is suppose to do.
Can anyone suggest how I can get into the server as the administrator with a password breaker that works on domain controllers? I don't have another user that is an administrator.
Thanks
Ouch. Well if it helps, a client had corrupt backup, and corrupt hardware. Couldn't fix server there either.
Did you try ERD commander?
Also, try this thread.
http://forums.msrportal.com/archive/index.php?t-7850.html
Did you try ERD commander?
Also, try this thread.
http://forums.msrportal.com/archive/index.php?t-7850.html
http://www.lostpassword.com/windows.htm?utm_source=petri&utm_medium=banner&utm_content=v1
this will do it but it will cost
this will do it but it will cost
Don't you have any other accounts configured as members of the Domain Admins group? (such as your own)?
If so, use that account to log in and then change the administrator account password. However, to keep that synched, log out and then log back in with the Administrator Account and change the password again using CTRL-ALT-DEL > Change Password.
You might also need to reset the authoritative account username/password on the DHCP Scope as well to make sure it matches.
Jeff
TechSoEasy
If so, use that account to log in and then change the administrator account password. However, to keep that synched, log out and then log back in with the Administrator Account and change the password again using CTRL-ALT-DEL > Change Password.
You might also need to reset the authoritative account username/password on the DHCP Scope as well to make sure it matches.
Jeff
TechSoEasy
>> I don't have another user that is an administrator <<
Its always a mistake to have only one adminidtrator account for the reasons you have discovered. - .
Your data could be recovered by placing the drive in another machine as a secondary drive, copyiing and taking ownership of the data.
I'm not very optomistic of a solution without resorting to recovery specialists and commiting to significant cost.
Its always a mistake to have only one adminidtrator account for the reasons you have discovered. - .
Your data could be recovered by placing the drive in another machine as a secondary drive, copyiing and taking ownership of the data.
I'm not very optomistic of a solution without resorting to recovery specialists and commiting to significant cost.
""I'm not very optomistic of a solution without resorting to recovery specialists and commiting to significant cost.""
Thats a pessimistic approach. Look through the site and you will see plenty off occurences of the domain admin account being reset.
Thats a pessimistic approach. Look through the site and you will see plenty off occurences of the domain admin account being reset.
Since I missed the "I don't have another user that is an administrator" line, I'll make this suggestion...
Create a UBCD4Win Boot CD (from http://www.ubcd4win.com) and then boot the SBS off of that. Then, you can use one of it's included tools, Sala Password Renew, to create a NEW Administrator level account so you can then follow my suggestion posted above. There are also tools to allow you to change the current Administrator password, but I don't recommend that you use those.
I've done this before on an SBS and it works just fine. Of course, with anything like this, you should always perform a full backup first.
Jeff
TechSoEasy
Create a UBCD4Win Boot CD (from http://www.ubcd4win.com) and then boot the SBS off of that. Then, you can use one of it's included tools, Sala Password Renew, to create a NEW Administrator level account so you can then follow my suggestion posted above. There are also tools to allow you to change the current Administrator password, but I don't recommend that you use those.
I've done this before on an SBS and it works just fine. Of course, with anything like this, you should always perform a full backup first.
Jeff
TechSoEasy
ASKER
Thanks for all of the suggestions, but none of them worked. I think it maybe that the password was not changed but that the number of login attempts was set to 0. The reason for this thought is that when I use my normal password breaker that I have used on win2k, xp etc, it shows number of attempts as 0 and it never clears the 14 bad attempts.
Is there such a thing as setting the login attempts to 0 before locking the account? If so, how do I change it? I cannot get into directory restore mode because the local admin has been tried 14 times and it won't reset.
thanks,
Mike
Is there such a thing as setting the login attempts to 0 before locking the account? If so, how do I change it? I cannot get into directory restore mode because the local admin has been tried 14 times and it won't reset.
thanks,
Mike
The AD restore password does not lockout so this is not the issue.
As I said at the very first post. Chances of recovery ... minimal ... if windows security was that east to break there would be little point to it.
As I said at the very first post. Chances of recovery ... minimal ... if windows security was that east to break there would be little point to it.
How can none of the suggestions work? You tried creating a NEW Administrator account using UBCD4Win?
Jeff
TechSoEasy
Jeff
TechSoEasy
usual password breaker tools will fail as they cant hit AD accounts....
ASKER
To Jeff, the ubcd4win says it works with winxp, there were no instructions for SBS 2003, so I did not try that one. I will try it now. I assume that when it wants the windows xp CD during the creation of the cd, I should really put in the sbs #1 cd? Or, maybe even a server 2k3 cd.
I will try this today.
Mike
I will try this today.
Mike
I've created UBCD4WIN cd's with both WinXP as well as Server 2003 (using the full download of Windows Server 2003 SP1 which is actually the full server installation -- http://www.microsoft.com/downloads/details.aspx?FamilyId=22CFC239-337C-4D81-8354-72593B1C1F43&displaylang=en)
It really doesn't matter which you use since Server 2003 is really just XP Server.
Jeff
TechSoEasy
It really doesn't matter which you use since Server 2003 is really just XP Server.
Jeff
TechSoEasy
ASKER
Hi all, none of the solutions worked, that ubcd would not create a cd. it kept giving me errors, so I gave up and whacked the server and reloaded. Thanks for all of the attempts.
Mike
Mike
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
hi all, getting back to you a few months later. The UBDC would create a CD for XP but not 2003.
Thanks for all the good suggestions. I love this site
Thanks for all the good suggestions. I love this site
I have a customer with a situation nearly identical to the above thread. I have some additional information for the forum. I have discovered that the administrator password in my case has not been changed, but rather is just not recognized by the logon service. I know this to be true, because I can access the recovery console with the administrator password to gain access to the windows directory. With this knowledge, I utilized the UBCD4WIN to attempt a new password. The process appeared to work, but it did not actually change anything. I also tried to create a new administrator account again with an appearant success but actually no change was recorded. I have attempted to reinstall SBS in repair mode and tried to recover the Active Directory in safemode with no success. It seems that Microsoft has built a tidy hole in the ground that traps the user and not the peretrator. By the way, the administrator password failed on Friday the 13th. I this a serious security threat or just a fluke?
Edited by TechSoEasy -- EE's Microsoft Zone Advisor:
Please see related question: http:Q_24163647.html
Edited by TechSoEasy -- EE's Microsoft Zone Advisor:
Please see related question: http:Q_24163647.html
Chances of recovery ... minimal ... if windows security was that east to break there would be little point to it.