We help IT Professionals succeed at work.

sbs 2003 r2 workaround? cant login as admin and all other users disabled

REDCROSSPC
REDCROSSPC asked
on
cant login as administrator or any other users. all users are disabled. used a password reset cd & tried to reset password to blank, didnt work, tried password changer again and set a generic simple password, didnt work. is there a workaround in ds or something to login? im in the process of backing up raid 5 data before any attempts to mess with registry or ds. while backing up some of the data my pc found 7 trojans "Win32:Hupigon-ONX" in 1 a $MFT file? where do i get the exchange emails from?
Comment
Watch Question

Distinguished Expert 2018
Commented:
Hupigon logs keystrokes and steals passwords. If this was on your domain controller (and SBS is a domain controller) then your entire network has been compromised. Rebuild SBS from scratch.

Commented:
I agree with cqaliher.  If you had Hupigon, you need to rebuild as every username & password on your domain is suspected compromised.  If you don't have a current backup, you could consider doing a parallel installation of windows on the RAID Array (leaving the array as-is) to salvage the data and the exchange databases. to another computer or to an external drive or tape.  Rebuild your new SBS Server with the same computer name, domain name, exchange organization name, etc. or you'll have a hard time restoring your exchange database.

If you really want to try to regain ownership control of your Active Directory, consider using NTAccess (http://www.mirider.com/ntaccess.html).  The paid version is relativley cheap.  We've used it successfully on at least five (5) instances where we need to reset the domain administrator in active directory.  

I would strongly consider isolating your server from the network and Internet (plug it into an empty switch) before you attempt to turn it on and reset the password.

Author

Commented:
thanx rehamris & cgaliher, i will now try these solutions right now and get back to let you know if successful or not, i just successfully recovered all data and verified with client, i did find exchsrvr database for emails, they are .edb & .stm.

Author

Commented:
mmmmmmm. thats what i was afraid of. oh well off to the races.