hudsonbeck
asked on
All Domain User Accounts Locked - Including Admin
The title says it all...
Every account on the domain is locked out. I can not get in to unlock any of them.
This is a NT4.0 domain.
My primary concern is How do i get in so that i may unlock the accounts?
THis is urgent for me, so i am giving as many points as i can.
Thanks,
Hudson
Every account on the domain is locked out. I can not get in to unlock any of them.
This is a NT4.0 domain.
My primary concern is How do i get in so that i may unlock the accounts?
THis is urgent for me, so i am giving as many points as i can.
Thanks,
Hudson
Since time is of the essence, I'll drop a quickie here then go look for details. There exist small floppy-based linux distributions with a utility to blank or change any passwords on an NT based system. I'll be googling for a specific url for you. I carry such a floppy with me in my cd case for the times I am to fix a computer and the admin is on vacation or quit.
well that was easy...this isn't the tool I used in particular, but it's one option.
http://www.petri.co.il/forgot_administrator_password.htm#1
http://www.petri.co.il/forgot_administrator_password.htm#1
and http://home.eunet.no/~pnordahl/ntpasswd/bootdisk.html is the one I used on XP and 2k before. Should work on NT as well according to the author of the program. Good luck!
Hi,
Ok if I'm on the wrong lines here then I apologise as I'm win2k rather than NT - however - doesn't the account lockout policy have a fixed duration after which time you should be able to get back in? If I were you I'd consider isolating the network from external sources (or maybe even internal) as quickly as possible then proceed to examine whatever event/audit logs that you have in place to try find out what happened. It sounds possible that this is some sort of malicious attack, either way you obviously need to figure out exactly what's going on,
Deb :))
Ok if I'm on the wrong lines here then I apologise as I'm win2k rather than NT - however - doesn't the account lockout policy have a fixed duration after which time you should be able to get back in? If I were you I'd consider isolating the network from external sources (or maybe even internal) as quickly as possible then proceed to examine whatever event/audit logs that you have in place to try find out what happened. It sounds possible that this is some sort of malicious attack, either way you obviously need to figure out exactly what's going on,
Deb :))
I'd maybe be tempted to review your lockout policy so that you can get back in more quickly until you can resolve this , malicious user activity or virus perhaps?
Deb :))
Deb :))
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I will try your sugestions asap. I really appreciate your help.
I'll let you know as soon as i get this figured out.
Any more info/suggestions are appreciated :)
Thanks
I'll let you know as soon as i get this figured out.
Any more info/suggestions are appreciated :)
Thanks
ASKER
Sry for the delay... got hit by a hurricane.
I was able to find our network admin account password and resolve the issue. one of the PC had an IRCBot that was hammering the administrative shares locking accounts out. we have resolved all issues.
Thanks soooo much for the help.
awarding points and again, Thank You!
Hudosn
I was able to find our network admin account password and resolve the issue. one of the PC had an IRCBot that was hammering the administrative shares locking accounts out. we have resolved all issues.
Thanks soooo much for the help.
awarding points and again, Thank You!
Hudosn
curiously, how did you track down the IRCBot?
ASKER
The Admin account is locked as well...
Immediate help is very much appreciated, I will try to increase points