Solved

how do i reset the administrator password on win2k3 werver from windows rescue system?

Posted on 2009-05-06
2
631 Views
Last Modified: 2013-11-25
Our server was hacked and the administrator password reset. I access normally through RDK but now cannot et access. I can reboot the server via a web console and get in to windows rescue system mode, where i can get a command line interface and basic file browsing etc. I need to reset the admin passsword, i have already done the : net user administrator newpassword, which seemed successful but wouldn't let me in. Is it possible to reset or change the admin password via this method, if so what am I doing wrong? Failing this, is it possible to set up a new user and password using windows rescue system?
0
Comment
Question by:Bigimpact
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 77

Accepted Solution

by:
Rob Williams earned 500 total points
ID: 24319328
You will need to use 3rd party tools. If it is not a domain controller:
There are several ways to reset the administrators password. A warning though if you have set up EFS (Encrypted File System) you will loose the administrators access certificate.
The following link lists the most popular options. The first requires a third party and the second is the most common method.
http://www.petri.co.il/forgot_administrator_password.htm 

Another option (my favorite) is to create a BartPE boot CD and add the Sala Windows Password Renew 1.1 plugin.
The Bart CD boots to a Windows environment from the CD and the Sala utility allows you to create a new admin account and password. With that, you could log in and edit the existing accounts. You can also reset the Administrators password with the Bart CD and Sala application though creating the new account is the safer method.
The basic Bart CD includes many useful utilities and there are hundreds of plugins/add-ons available on the internet. Best of all it is free.
Links to create the BartCD and obtain the Sala plugin are listed below. Though it takes a bit to create your first CD it is a very useful set of tools, to have handy in emergencies :
http://www.nu2.nu/pebuilder/
http://www.nu2.nu/bootcd/
http://sala.pri.ee/?page_id=9

Another easy option but not free is Passware which is very simple and works very well.
Windows workstation version
http://www.lostpassword.com/windows.htm
Server domain admin capable
http://www.lostpassword.com/windows-enterprise.htm

--------------------------------
If it is a domain controller:
Though I have never had the misfortune to have to try it, the following link is probably the best known method to reset the domain admin password. I have read several posts in the past saying it does work on Server 2003, as well as SBS 2003, and Daniel Petri says it should work on 2008 as well. Having said that, I cannot make any guarantees, you are on your own. As a caution; I have had some Linux password changing disks corrupt the administrator account, fortunately in a test environment, but never heard of that with Petter Nordahl-Hagen's disk (see articles), so follow the steps carefully. Make sure you have a complete backup before doing any "tinkering".

The following link outlines the procedure:
http://www.petri.co.il/reset_domain_admin_password_in_windows_server_2003_ad.htm
Some folks have found it confusing as the first step is to reset the local account admin password, and of course on a DC there is no local admin. Apparently using the reset local password disk resets the local account to allow you to access the AD restore mode (note: choose "no password" option), and then proceed with the Domain account changes as in the link provided earlier. In the link above there is a tiny hyperlink to the following site:
http://www.jms1.net/nt-unlock.shtml
This is where the domain account procedure originates. Though it is the same, it explains in a little more detail. ( note: you cannot access this page with Internet Explorer you need a different browser such as FireFox or Opera  http://www.mozilla.com/en-US/firefox/ )
Please read the nt-unlock.shtml page in its entirety, and the link on that page for server 2003, as the procedure is a little different.

I am sorry I have not tried this and cannot provide details, but perhaps it will be of some help.
0

Featured Post

Now Available: Firebox Cloud for AWS and FireboxV

Firebox Cloud brings the protection of WatchGuard’s leading Firebox UTM appliances to public cloud environments. It enables organizations to extend their security perimeter to protect business-critical assets in Amazon Web Services (AWS).

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are looking at this article, you have most likely been hit by some version of ransomware and are trying to find out if there is anything you can do, or what way you should react - READ ON!
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question