I have a client who has an SBS03 server. Their domain admin account was set to no password (I know, I know. I tried and tried but it is what they wanted).
A password mysteriously appeared on the admin account last week and neither of the two employees knew why so they asked me to reset it. So I went through the process of resetting the local admin password, logging into directory services restore mode and running the exe's from Microsoft. I reset the password and was able to get in fine. They specifically asked me to blank it again.
Now it has a password yet again. I reset the local admin password and ran the exe's again. Now when I try to log in to the domain admin account I get the message "this computers security policy does not permit this account to log in interactively".
I tried logging into the local security policy while back in directory services restore mode, it only lists SID's under the user rights assignments and not the domain accounts. Regardless, I cannot change or remove anything in the security policy. The options to, are grayed out.
I would appreciate a point in the right direction so I can get in and clean up/harden the server the way it needs to be.