Windows 2008 no administrator user problem
Hope someone can help. Got two Dell Inspiron Laptops Windows 8 64bit. Joined them to our company domain with a domain user who had admin rights to the laptops. Had not activated the administrator user yet when staff members took laptops into the field, changed from on our domain to WORKGROUP, must have deleted the domain user with admin privilages and now I'm stuck with one laptop where I can login as the one existing local user ( no admin rights but same password works as the network user) and the other laptop says incorrect password for the same user and no login possible. I have tried everything including pulling the drive to look at it on another pc in hopes of using SAM and other files from the repair folder under system32 but there is no repair folder in Win 8.
Can anyone tell me how I can at least get a user with admin rights on the laptop i can log into. All access is denied to all admin features for that one existing local user.
Thanks
In addition, forgot to say that on the laptop I can log onto when I try to run cmd as an administrator to be able to do net user administrator/ active:yes.... I get a screen that says
User account control
Do you want to make changes....
To continue, type an administrator password, and then click Yes, however there is no field to type a password and Yes is grayed out.
Can anyone tell me how I can at least get a user with admin rights on the laptop i can log into. All access is denied to all admin features for that one existing local user.
Thanks
In addition, forgot to say that on the laptop I can log onto when I try to run cmd as an administrator to be able to do net user administrator/ active:yes.... I get a screen that says
User account control
Do you want to make changes....
To continue, type an administrator password, and then click Yes, however there is no field to type a password and Yes is grayed out.
you can try the McKnife post and you can try from a remote computer that has admin privileges and psexec
net user administrator /active:yes
net user administrator new-password
net user administrator /active:yes
net user administrator new-password
ASKER
I tried this option on the laptop that that I cannot log into. Had to change to Legacy in Bios to make it boot to the CD but pogostick did not recognize any partitions. You get your usual options for
boot nodrivers
boot nousb
boot irgpoll
boot vga-ask
I did not select anything and then it loads itself giving me:
Step one: select disk whre the windows install is
Disks:
Disk /dev/sda 500.1 GB
Candidate windows partitions found:
Please select partition by number or
q=quit
d=automatically start disk drivers
m=manually start drivers
f=fetch additional drivers from usb.
a=show all partitions found
l-show probable windows ntfs partitions only
Select: [1]
Please advise what to do from here. Pressing ENTER all the way through as they suggest leaves me at the choices prompt above. It says that there is a registry editor - could I just use that to activate the administrator user?
Thanks, Mike
boot nodrivers
boot nousb
boot irgpoll
boot vga-ask
I did not select anything and then it loads itself giving me:
Step one: select disk whre the windows install is
Disks:
Disk /dev/sda 500.1 GB
Candidate windows partitions found:
Please select partition by number or
q=quit
d=automatically start disk drivers
m=manually start drivers
f=fetch additional drivers from usb.
a=show all partitions found
l-show probable windows ntfs partitions only
Select: [1]
Please advise what to do from here. Pressing ENTER all the way through as they suggest leaves me at the choices prompt above. It says that there is a registry editor - could I just use that to activate the administrator user?
Thanks, Mike
ASKER
Hi PantherTech,
Remote access was not yet enabled on these laptops. :(
Remote access was not yet enabled on these laptops. :(
for most of that program you can default your way through (press enter) which in this case is l-show probable windows ntfs partitions only. then you can modify administrator and the only thing you need to remember is something about write data back you enter y.
ASKER
Entering L does nothing - only brings me back to those selections.
Entering d for automatic said
Loading ahci
Driver load done, if none loaded try manual instead.
Still no partitions when pressing L
Should I change from ahci to ata in bios?
Entering d for automatic said
Loading ahci
Driver load done, if none loaded try manual instead.
Still no partitions when pressing L
Should I change from ahci to ata in bios?
ASKER
Ok when I changed to ata I get my choices and
Select: [1] usb 2-1.5: new full speed usb device using ehci_hcd and address 3
Select: [1] usb 2-1.5: new full speed usb device using ehci_hcd and address 3
You may have already tried but since your post did not explicitly state....
Rejoin to your domain. Log on as domain admin, create a new local user under management. I belive you can join to a domain with limited local rights, but I cant verify at my current location
Rejoin to your domain. Log on as domain admin, create a new local user under management. I belive you can join to a domain with limited local rights, but I cant verify at my current location
ASKER
cannot change settings and re-join domain without admin privileges
Oh yes, you may join the domain without admin rights, any user may join up to 10 stations unless the domain admin hasn't changed that - unjoining however cannot be done without.
So if you fail with the bootdisk (maybe the disk is encrypted and therefore no "candidate windows partition" can be found?), and you want to try rejoining it, have your domain admin delete the computer account from the domain, otherwise you would indeed need domain admin rights to rejoin it because that would mean overwriting the old computer account.
"It says that there is a registry editor - could I just use that to activate the administrator user? " - no.
So if you fail with the bootdisk (maybe the disk is encrypted and therefore no "candidate windows partition" can be found?), and you want to try rejoining it, have your domain admin delete the computer account from the domain, otherwise you would indeed need domain admin rights to rejoin it because that would mean overwriting the old computer account.
"It says that there is a registry editor - could I just use that to activate the administrator user? " - no.
ASKER
Hi McKnife,
I won't have access to those laptops again until tomorrow but I wanted to comment on what you wrote about rejoining the domain. As I mentioned he single existing user that I login as has no admin rights. When I go to "my computer" properties and see that I am now on Workgroup instead of my domain there is of course the selection to the right for making changes that would usually allow me to enter the domain name, administrator of domain and password. Problem is that when I click on that selection to "make changes" I get a box that says "To continue, type an administrator password, and then click Yes", however there is no field to type a password and Yes is grayed out. Is there any other way to rejoin the domain? Those laptop accounts still exist on the server domain. If only I had enable the admin user on the laptops or enabled remote access before all was lost. I even get access denied if I try to go to local security policy or the system32 folder with the SAM file to replace it with another from cmd prompt. :( When I run on the laptop it also goes right to Eenter the password for the one existing use with no option to login as another. Whats up with Windows 8?
I won't have access to those laptops again until tomorrow but I wanted to comment on what you wrote about rejoining the domain. As I mentioned he single existing user that I login as has no admin rights. When I go to "my computer" properties and see that I am now on Workgroup instead of my domain there is of course the selection to the right for making changes that would usually allow me to enter the domain name, administrator of domain and password. Problem is that when I click on that selection to "make changes" I get a box that says "To continue, type an administrator password, and then click Yes", however there is no field to type a password and Yes is grayed out. Is there any other way to rejoin the domain? Those laptop accounts still exist on the server domain. If only I had enable the admin user on the laptops or enabled remote access before all was lost. I even get access denied if I try to go to local security policy or the system32 folder with the SAM file to replace it with another from cmd prompt. :( When I run on the laptop it also goes right to Eenter the password for the one existing use with no option to login as another. Whats up with Windows 8?
It's not win8's fault.
Did you ever enable user accounts by deleting/exchanging the SAM? I don't think so.
Let's go one step back: The normal and easy way is the bboot disk - yours does not seem to find your windows installation, that's what we got to fix and were good to go.
So please (2nd try) answer if the drive is encrypted. if it ain't, there will be a way to use the bootdisk.
Did you ever enable user accounts by deleting/exchanging the SAM? I don't think so.
Let's go one step back: The normal and easy way is the bboot disk - yours does not seem to find your windows installation, that's what we got to fix and were good to go.
So please (2nd try) answer if the drive is encrypted. if it ain't, there will be a way to use the bootdisk.
ASKER
Hi McKnife,
The drive is straight from Dell so I do not believe it is encrypted. The http://pogostick.net/~pnh/ntpasswd/ program does not find any partitions. I just don't know what to do next. Like I said I did need to change from drive to Legacy in the bios in order to get the laptop to boot the pogostick cd. Please excuse if I am missing something or not understanding something obvious that you are trying to explain to me. I am denied access to the system32 folder with the SAM file.
The drive is straight from Dell so I do not believe it is encrypted. The http://pogostick.net/~pnh/ntpasswd/ program does not find any partitions. I just don't know what to do next. Like I said I did need to change from drive to Legacy in the bios in order to get the laptop to boot the pogostick cd. Please excuse if I am missing something or not understanding something obvious that you are trying to explain to me. I am denied access to the system32 folder with the SAM file.
It's odd that no win partition was found, because the boot disk found you hdd as it stated it's a 500GB one, or isn't it? I would take out the disk and connect it to a different machine and retry with the boot cd. I have used this bootdisk at least 50 times and never ever no partition was found. However, if the boot dvd has a problem with your hard drive controller, it won't find anything, but logically it wouldn't be able to state 500GB.
Retry on another machine.
Retry on another machine.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Glad you made it!
ASKER
I found software myself that solved my user account problem.
For ages, there's this password reset bootable CD: http://pogostick.net/~pnh/ntpasswd/
Works with 8, can blank the admin password AND activate (="unlock") the account, yes, all possible.
This normally cannot happen to you unless you remove the domain membership. No one on that laptop could have unjoined it from the domain unless he had local admin rights, by the way.