Solved

Win2000 Server - local admin password changed to blank

Posted on 2004-08-13
6
194 Views
Last Modified: 2010-04-13
Setup:
Win2000 Server SP4
File and Printer server, not a DC
Not running Active Directory

Our sysadmin tried to reboot this server and found that he couldn't.
While investigating, he discovered some strange behaviour:
  - could not run Norton AV
  - the local admin password was blank
  - couldn't surf the internet
  - couldn't open Computer Management
  - couldn't open Services
  - couldn't execute batch files in a command window
  - couldn't run 'net stop' in command window
  - could not stop most processes in task manager. "Access denied"
  - computer would not shut down.  When he pressed the power button, a message flashed
    saying something about Remote Storage not shutting down. (message flashed too quickly to get more detail)

When he powered the computer back up, he booted into safe mode and ran a virus scan.  It came back clean.

After determining the admin password was blank, he changed the password and all is running fine now.

The questions are:  have you heard of this happening before?  What would cause this?

bkt
0
Comment
Question by:bkthompson2112
6 Comments
 
LVL 15

Accepted Solution

by:
Rob Stone earned 200 total points
ID: 11793505
Someone may have been taking the p**s and used the password recovery tools to mess your server up (http://home.eunet.no/~pnordahl/ntpasswd/)

Other than that I don't know
0
 
LVL 4

Assisted Solution

by:shard26
shard26 earned 100 total points
ID: 11794725
For those of you who don't know, "taking the p**s" means messing with you.
0
 
LVL 9

Assisted Solution

by:BigC666
BigC666 earned 100 total points
ID: 11796591
sounds like they did a good job too
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 15

Expert Comment

by:Rob Stone
ID: 11807855
Cheers shard26 :-)
0
 
LVL 6

Author Comment

by:bkthompson2112
ID: 11809360
Thanks for your responses.

Yeah, we thought we were probably hacked, but can't determine how they got in.

Unlikely it's an insider.

I'll leave this open, hopefully get some more responses.

Thanks again,
bkt
0
 

Assisted Solution

by:RobertMAtkins
RobertMAtkins earned 100 total points
ID: 11893857
Make sure that you read and UNDERSTAND the syskey.txt at that site :)
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Join & Write a Comment

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
HOW TO: Connect to the VMware vSphere Hypervisor 6.5 (ESXi 6.5) using the vSphere (HTML5 Web) Host Client 6.5, and perform a simple configuration task of adding a new VMFS 6 datastore.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now