Solved

All Domain User Accounts Locked - Including Admin

Posted on 2004-08-11
10
411 Views
Last Modified: 2008-03-10
The title says it all...
Every account on the domain is locked out. I can not get in to unlock any of them.
This is a NT4.0 domain.

My primary concern is How do i get in so that i may unlock the accounts?

THis is urgent for me, so i am giving as many points as i can.

Thanks,
Hudson
0
Comment
Question by:hudsonbeck
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
  • +1
10 Comments
 

Author Comment

by:hudsonbeck
ID: 11778722
I have been unable to find much helpfu info on the net...

The Admin account is locked as well...

Immediate help is very much appreciated, I will try to increase points
0
 
LVL 9

Expert Comment

by:fixnix
ID: 11778843
Since time is of the essence, I'll drop a quickie here then go look for details.  There exist small floppy-based linux distributions with a utility to blank or change any passwords on an NT based system.  I'll be googling for a specific url for you.  I carry such a floppy with me in my cd case for the times I am to fix a computer and the admin is on vacation or quit.
0
 
LVL 9

Expert Comment

by:fixnix
ID: 11778866
well that was easy...this isn't the tool I used in particular, but it's one option.

http://www.petri.co.il/forgot_administrator_password.htm#1
0
Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

 
LVL 9

Expert Comment

by:fixnix
ID: 11778918
and http://home.eunet.no/~pnordahl/ntpasswd/bootdisk.html is the one I used on XP and 2k before.  Should work on NT as well according to the author of the program. Good luck!
0
 
LVL 20

Expert Comment

by:Debsyl99
ID: 11779344
Hi,

Ok if I'm on the wrong lines here then I apologise as I'm win2k rather than NT - however - doesn't the account lockout policy have a fixed duration after which time you should be able to get back in? If I were you I'd consider isolating the network from external sources (or maybe even internal) as quickly as possible then proceed to examine whatever event/audit logs that you have in place to try find out what happened. It sounds possible that this is some sort of malicious attack, either way you obviously need to figure out exactly what's going on,

Deb :))

0
 
LVL 20

Expert Comment

by:Debsyl99
ID: 11779364
I'd maybe be tempted to review your lockout policy so that you can get back in more quickly until you can resolve this , malicious user activity or virus perhaps?

Deb :))
0
 
LVL 9

Accepted Solution

by:
fixnix earned 500 total points
ID: 11779787
pull the cat-5, run the nix boot disks, get back in, and asess the situation (network cable still unplugged).  If you're compromised, you better reformat/reinstall, and don't restore executable files from backup media.  If you were r00t3d by someone good, you're done if you do.  If it was some other reason for getting locked out (human error or a stupid script kiddie pseudo-r00ting you w/ no backdoors), then you're in good shape simply booting the disks I mewntioned previously.....checking start/all programs/administrative tools/event logs/ or settings/control panel/event log/ once back in would definately be worthwhole tho.  If you enen have ONE hair stand up safing "this is an attack" you better follow Deb's advice and pull the ethernet plug before going farther.  If you've been r00ted you better plan on a reformat/reinstall.  If I r00ted your NT system, you wouldn't see *my* processes in task manager and I would be free to do whatever I wanted as user: SYSTEM..  Safe mode or not.
0
 

Author Comment

by:hudsonbeck
ID: 11780230
I will try your sugestions asap. I really appreciate your help.
I'll let you know as soon as i get this figured out.

Any more info/suggestions are appreciated :)

Thanks
0
 

Author Comment

by:hudsonbeck
ID: 11810263
Sry for the delay... got hit by a hurricane.

I was able to find our network admin account password and resolve the issue. one of the PC had an IRCBot that was hammering the administrative shares locking accounts out. we have resolved all issues.

Thanks soooo much for the help.

awarding points and again, Thank You!

Hudosn
0
 

Expert Comment

by:jelzein
ID: 14342177
curiously, how did you track down the IRCBot?
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question