| Author | Messages | |
TG
Posts:86
 | | 08/07/2008 9:15 AM |
| True, that is why I said it was the last resort solution. That being
said, that is a DC, therefore local SAM is only used in dsrm mode, so
should be less risky then a regular server.
Thank you, Tony.
Tony Gordon
Windows 2003 & 2000 MCSE, Windows 2003 MCSA, PMP
ITS Infrastructure Engineering
Hewitt Associates | 100 Half Day Road | Lincolnshire, IL 60069 |
USA
Tel 847.295.5000 x50526 | Fax 847.554.1574
tony dot gordon at hewitt dot com | www.hewitt.com
From:
"Bart Van den Wyngaert" <bart.vdw@gmail.com>
To:
ActiveDir@mail.activedir.org
Date:
08/07/2008 08:05 AM
Subject:
Re: [ActiveDir] Server, DSRM password known 500 account can't be logged
into
That's a real disadvantage of doing that: you will loose all non-default
accounts etc. I wouldn't be keen on doing this except if you know for sure
there aren't any special accounts created for some reason.
-Bart
On Thu, Aug 7, 2008 at 2:41 PM, Tony Gordon <Tony.Gordon@hewitt.com>
wrote:
I am not sure if it still works on newer OS', but in the old NT4 days, you
could boot from an a cd (pick your favorite utility) and delete local SAM
in system32/config (and it's back up copy in %systemroot%\repair) and then
boot back into OS. Which will present you with the default Admin account
with no password.
Needless to mention you loose all existing non-default local accounts,
groups and their membership. So it is a last resort solution.
Thank you, Tony.
Tony Gordon
Windows 2003 & 2000 MCSE, Windows 2003 MCSA, PMP
ITS Infrastructure Engineering
Hewitt Associates | 100 Half Day Road | Lincolnshire, IL 60069 |
USA
Tel 847.295.5000 x50526 | Fax 847.554.1574
tony dot gordon at hewitt dot com | www.hewitt.com
From:
"Michael B. Smith" <michael@TheEssentialExchange.com>
To:
ActiveDir@mail.activedir.org
Date:
08/06/2008 08:16 PM
Subject:
RE: [ActiveDir] Server, DSRM password known 500 account can't be logged
into
I would use the pnordahl solution. It's always worked for me.
http://home.eunet.no/pnordahl/ntpasswd/
Does require onsite (unless you have ILO/DRAC)
Regards,
Michael B. Smith
MCITP:SA,EMA/MCSE/Exchange MVP
http://TheEssentialExchange.com
-----Original Message-----
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Susan Bradley,
CPA
Sent: Wednesday, August 06, 2008 8:43 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Server, DSRM password known 500 account can't be
logged
into
DC, can't log into the 500 account and there are no other administrator
accounts. (yeah it's a SBS box, what else, with a consultant coming in
behind another consultant).
They have used various password (Petri, Sysinternals) sites to reveal
the recovery mode password, but neither this is working nor the ability
to log into DSRM to log to change the main password.
Server is functioning fine otherwise for all other users. Everyone else
can browse and log in as users.
Is there ever a time that a profile or something in AD is so horked that
it won't allow the 500 account to be logged into either locally or
remotely?
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
The information contained in this e-mail and any accompanying documents
may contain information that is confidential or otherwise protected from
disclosure. If you are not the intended recipient of this message, or if
this message has been addressed to you in error, please immediately alert
the sender by reply e-mail and then delete this message, including any
attachments. Any dissemination, distribution or other use of the contents
of this message by anyone other than the intended recipient is strictly
prohibited. All messages sent to and from this e-mail address may be
monitored as permitted by applicable law and regulations to ensure
compliance with our internal policies and to protect our business. E-mails
are not secure and cannot be guaranteed to be error free as they can be
intercepted, amended, lost or destroyed, or contain viruses. You are
deemed to have accepted these risks if you communicate with us by e-mail.
The information contained in this e-mail and any accompanying documents may contain information that is confidential or otherwise protected from disclosure. If you are not the intended recipient of this message, or if this message has been addressed to you in error, please immediately alert the sender by reply e-mail and then delete this message, including any attachments. Any dissemination, distribution or other use of the contents of this message by anyone other than the intended recipient is strictly prohibited. All messages sent to and from this e-mail address may be monitored as permitted by applicable law and regulations to ensure compliance with our internal policies and to protect our business. E-mails are not secure and cannot be guaranteed to be error free as they can be intercepted, amended, lost or destroyed, or contain viruses. You are deemed to have accepted these risks if you communicate with us by e-mail.
| | | |
|
|