Domain Admin account cannot login interactively, SBS 2003

Schuyler Dorsey
Schuyler Dorsey used Ask the Experts™
on
I have a client who has an SBS03 server. Their domain admin account was set to no password (I know, I know. I tried and  tried but it is what they wanted).

A password mysteriously appeared on the admin account last week and neither of the two employees knew why so they asked me to reset it. So I went through the process of resetting the local admin password, logging into directory services restore mode and running the exe's from Microsoft. I reset the password and was able to get in fine. They specifically asked me to blank it again.

Now it has a password yet again. I reset the local admin password and ran the exe's again. Now when I try to log in to the domain admin account I get the message "this computers security policy does not permit this account to log in interactively".

I tried logging into the local security policy while back in directory services restore mode, it only lists SID's under the user rights assignments and not the domain accounts. Regardless, I cannot change or remove anything in the security policy. The options to, are grayed out.

I would appreciate a point in the right direction so I can get in and clean up/harden the server the way it needs to be.

Thanks!
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Check your User Rights Assignment within your applicable GPO.
Abbas HaidarSenior Infrastructure Manager

Commented:
rejoing the computers to the domain!

Author

Commented:
I am sorry I forgot to mention, this is a domain controller. It is SBS2003.

I cannot access the GPO while logged into a local account. I cannot login to the domain admin account as noted in my previous message.

There are no other accessible domain accounts.
Success in ‘20 With a Profitable Pricing Strategy

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Do you have another DC to see what GPO settings are configured?

Author

Commented:
I do not. This is their one and only server. There are no member computers either.
Maybe you can boot into safe mode and you use your directory service mode account if you know the credentials. From there you can do some more troubleshooting.

Author

Commented:
Thanks for the help all. Through booting into directory services recovery mode, I looked through the event logs and discovered rdp access had been brute forced. Due to this, the business owner has opted to have the whole server reformatted.
That sounds like a wise decision by the owner. Good luck.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial