Solved

Unknown Administrator Password

Posted on 2013-01-22
7
713 Views
Last Modified: 2013-01-23
Here is what is going on. I recently took over an account from another IT company. I changed the AD administrator password. It was working just fine but yesterday I had to get on the Server and the password would not work. I tried using a Linux password hack cd but could not get it to work. I went ahead and tried logging in using another users account and it logged in. I found out that almost every user had administrative rights. I went ahead and changed the administrator password again and removed administrative right for all the users. So today I needed to install two new desktops and when I went to join the domain, the password that I just changed it to yesterday no longer works. Unfortunately in trying to make things more secure, I no longer could use any of the other logins now either. I realized that the Linux CD was only changing the local administrator password so I bought Asunsoft's Windows password reset advanced software that said it could change the password for the AD administrator account. It also said it could add new users with administrator rights. The software did not work. I also bought and downloaded another program that said it could do it but no go with it either. Since I could change the local administrator password, I tried using the method from Petri's website to boot into Directory Service Restore Mode that would allow me to login with the local administrator account but even though the Linux CD said it had successfully change the password, I could not login. It seems that there is something going on with this Server that is preventing me from accessing the Administrator account. My guess is that is the reason why the previous IT company had most of the users accounts with administrative privileges. They couldn't fix the issue, so they just made sure they could still access the system. I am hoping that someone has a good suggestion as to what I can do to get the Administrator account password changed so that I can login. Or if not the administrator then how can I either add a new user to AD with administrative rights or add administrative rights to an existing user account without being in Windows.
0
Comment
Question by:BigNate99
7 Comments
 
LVL 25

Accepted Solution

by:
Tony Giangreco earned 500 total points
ID: 38808386
We ran into the same type of situation at a new client a few years ago. We used this utility and it worked great:

Active@ Password Changer Professional
http://www.lsoft.net/pwch.aspx
0
 

Author Comment

by:BigNate99
ID: 38808415
i remembered that most times the Linux password changer always worked best to blank the administrator password rather than changing it. I was worried about password complexity requirements but in this case it shouldn't matter. I blanked the password and was able to login while booted to Directory Services Repair Mode. I have run the solution from Petri.com and am booting Windows SBS 2003 right now to see if it works. I did notice that WinRar was set to some sort of Cyrillic language that looked Russian. I am wondering if the Server has been hacked.
0
 

Author Comment

by:BigNate99
ID: 38808435
That worked, I am in. Now to start looking for the possibility of being hacked.
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:BigNate99
ID: 38810213
I've requested that this question be closed as follows:

Accepted answer: 0 points for BigNate99's comment #a38808415
Assisted answer: 500 points for TG-TIS's comment #a38808386

for the following reason:

I figured it out but I figure that TG-TIS's solution may have worked also.
0
 
LVL 10

Expert Comment

by:cpmcomputers
ID: 38808469
Great to see you are back in :-)
Just to suggest that I had two (new) clients with not dissimilar problems
One had been hacked and after adding more than one admin account and changing all user passwords (I also particularly changed the listening port for rdp from the standard 3389) this system has been fine since
The second had a "fallout" with the previous IT company and they had added several third party plugins to both the server and LAN client pcs that allowed them to access the server  to keep resetting the accounts
(Even after I changed IP address) which at the time completely floored me
I checked for goto assist ,kassaya,logmein,ntr support,etc
Good luck with this
0
 
LVL 76

Expert Comment

by:arnold
ID: 38808481
The question is closed, the issue is less likely a hack, but possibly a GPO, scheduled task resets the admin password to a known value.
Make sure you have auditing enabled on AD resources, then look for administrator account password change events track it back to the system if not n the DC.
0
 
LVL 25

Expert Comment

by:Tony Giangreco
ID: 38809536
To close the question and award points, under my suggestion, click the green check that says Accept As Solution and click Submit at the bottom.

Glad I could provide help. Good luck in resolving your hacking problem.
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

I've often see, or have been asked, the question about the difference between the Exchange 2010 SP1 version, available as part of Small Business Server (SBS) 2011, and the “normal” Exchange 2010 SP1 Standard. The answer to the question is relativ…
When you upgrade from Windows 8 to 8.1 or to Windows 10 or if you are like me you are on the Insider Program you may find yourself with many 450MB recovery partitions.  With a traditional disk that may not be a problem but with relatively smaller SS…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now