Frontpage
Forums
Tutorials
Members
Calendar
Subscription
Donate
Links
Contact 
Help
In WinNT4 and Win2k it was possible to recover from lost or maliciously changed Domain Admin passwords using these methods:
http://www.jms1.net/nt-unlock.html
http://www.petri.co....or_password.htm
It appears, at least in my testing, that the methods described in the above links no longer work in W2k3. In my testing I've found the the cmd shell that you get in W2k3 when you perform the registry change which modifies the default screensaver to cmd.exe runs in the context of the "LOCAL SERVICE" account. In previous versions of NT4/2000 the screensaver (the cmd.exe shell) would run as the SYSTEM account.
The "LOCAL SERVICE" account doesn't have the necessary permissions to use the described techniques to change the Domain Admins password (I used the default Administrator account in my testing).
Has anyone else tried this? Has anyone succeded?
TIA,
Robert
Page 1 of 1
W2k3 - Recover from lost Domain Admin passwords
W2k3 - Recover from lost Domain Admin pa
Rate Topic:
Back to top
#2
- Twist of Fate
-
- Group: Members
- Posts: 76
- Joined: 13-January 04
Posted 23 January 2004 - 01:36 AM
Im assuming in this case if u are domain networking, that u use the domain administration account to reset passwords.
You shouldnt use a local service account.
You shouldnt use a local service account.
#3
Posted 23 January 2004 - 09:47 AM
Yes, I'm referring to a domain as opposed to a workgroup.
The point / problem I'm describing is the fact that a BAD domain admin has changed all the other domain admin passwords and no one can get into the domain to administer it.
You used to be able to resolve this problem as long as you had physical access to a domain controller by performing the steps described in the web pages listed in my original post.
Robert
The point / problem I'm describing is the fact that a BAD domain admin has changed all the other domain admin passwords and no one can get into the domain to administer it.
You used to be able to resolve this problem as long as you had physical access to a domain controller by performing the steps described in the web pages listed in my original post.
Robert
#4
Posted 26 March 2004 - 04:21 PM
Check out the solution to the problem
http://www.petri.co.il/reset_domain_admin_...ver_2003_ad.htm
HTH,
Robert
http://www.petri.co.il/reset_domain_admin_...ver_2003_ad.htm
HTH,
Robert
- ← dosnet.inf in windows 2003 server?
- Windows NT4/2000/2003
- Advanced Hard Drive Performance in Windows 2K3? →
Share this topic:
Page 1 of 1