Results 1 to 21 of 21
  1. #1
    Join Date
    Dec 2002
    Location
    Prince Edward Island
    Posts
    2,287

    Windows 2003 server administrator password reset?

    Recently I was asked to look at a Windows server. The company was well aware I know nothing about windows servers (im a linux guy) but they asked anyway.

    In the end the problem was they were missing the correct administrator login info and none of the users have administrative rights. How do you go about reseting the administrator login on Windows 2003? We keep getting a user/pass is incorrect.

    Its either that the password they have is incorrect or the administrator account was disabled.

    Any tips from the windows pros?
      0 Not allowed!

  2. #2
    Join Date
    Dec 2005
    Location
    Internet
    Posts
    1,337
    Its not so easy to reset the password without reloading the OS. You can see some tips here: http://www.petri.co.il/forgot_admini...r_password.htm
      0 Not allowed!

  3. #3
    Join Date
    Dec 2002
    Location
    Prince Edward Island
    Posts
    2,287
    John the Ripper (v1.7.0.1) worked good to crack everyone elses account except for the administrators. Kept giving password as ####### or something (which didn't work).

    Offline NT Password & Registry Editor (v060213 - February 2006) didn't work either no matter how many times I tried to change the pass of the administrator user.
      0 Not allowed!

  4. #4
    Join Date
    Aug 2004
    Location
    Sheffield, United Kingdom
    Posts
    238
    If you have access to the server to allow you to boot from CD, this tool:
    http://home.eunet.no/~pnordahl/ntpasswd/
    is a very good one for allowing password reset of the local admin account. If it is a domain controller though, you are more than likely out of luck.
      0 Not allowed!

  5. #5
    Join Date
    Dec 2002
    Location
    Prince Edward Island
    Posts
    2,287
    Tried it, didn't work. Can anyone suggest something they have tried and worked for them?
      0 Not allowed!

  6. #6
    Join Date
    Aug 2004
    Location
    Sheffield, United Kingdom
    Posts
    238
      0 Not allowed!

  7. #7
    Join Date
    Dec 2002
    Location
    Prince Edward Island
    Posts
    2,287
    I doubt it, its only suppose to be a file server. What have you done when it doesn't work?
      0 Not allowed!

  8. #8
    Join Date
    Aug 2004
    Location
    Sheffield, United Kingdom
    Posts
    238
      0 Not allowed!

  9. #9
    Join Date
    Jun 2002
    Location
    Waco, TX
    Posts
    5,292
    if sp1 is installed, nothing will work for administrator users. Sorry, time to reinstall!
      0 Not allowed!

  10. #10
    Join Date
    Dec 2002
    Location
    Prince Edward Island
    Posts
    2,287
    grrr...I don't like the sound of that considering they can't find their Windows install CD....ya this company isn't too organized.


    Any other ways?
    Last edited by jmweb; 12-24-2006 at 12:47 PM.
      0 Not allowed!

  11. #11
    Join Date
    Apr 2004
    Location
    SF Bay Area
    Posts
    877
    Quote Originally Posted by jmweb
    grrr...I don't like the sound of that considering they can't find their Windows install CD....ya this company isn't too organized.


    Any other ways?
    Those other tools have never worked for me either. The only way I was able to hack into a box was by trying this little trick:

    1. Get the BartPE utility (PEBuilder) to create a BartPE CD. It will require some form of Windows XP or 2003 installation media. It shouldn't be as hard for you to find XP install media.
    2. Boot off the BartPE CD from the system you are trying to hack. It creates a small Explorer-like environment and has the tools to access the hard drive of that other system.
    3. Go to the hard drive of the other system. Go to the C:\windows\system32 directory (or wherever that system's %WINDIR%\System32 directory is).
    4. Find a binary called sethc.exe in this directory. Rename it to something like sethc.bak.
    5. Copy cmd.exe to sethc.exe in this same directory.
    6. Now reboot normally into the OS of the box you want to hack.
    7. At the ctrl-alt-del screen, hit the shift key several times. A command window should pop up.

    Now you can run whatever commands you want with elevated system privilege. For example, type "compmgmt.msc" then go to Local Users and Groups so you can create/add/edit local accounts or change those account passwords (like Administrator).

    Remember this will ONLY change the LOCAL user accounts. A domain controller is a different animal because in theory it does not have local user accounts. If this is a domain member server you can change the password and logon locally as an administrator but this will do nothing for you if your privileges need to be on the domain.

    Best-o-luck.
      0 Not allowed!

  12. #12
    Join Date
    Nov 2005
    Location
    Minneapolis, MN
    Posts
    1,648
    The last company I worked for had a licensed copy of the password reset tool from Passware:

    http://www.lostpassword.com/windows-xp-2000-nt.htm

    It's definitely not cheap, but it was successful every time we needed to use it.
    Eric Spaeth
    Enterprise Network Engineer :: Hosting Hobbyist :: Master of Procrastination
    "The really cool thing about facts is they remain true regardless of who states them."
      0 Not allowed!

  13. #13
    Join Date
    Dec 2002
    Location
    Prince Edward Island
    Posts
    2,287
    I will try serverminds suggestion as first chance...anyone else have any suggestions though in case his fails?
      0 Not allowed!

  14. #14
    Join Date
    Jun 2002
    Location
    Waco, TX
    Posts
    5,292
    jmweb,

    servermind's method works. I have used a similar method before.
      0 Not allowed!

  15. #15
    Join Date
    Aug 2004
    Location
    South Daytona, FL
    Posts
    2,476
    If it is a domain controller you can still reset the password. First you will need a tool to reset the local admin account, I like ERD commander but a free option is EBCD (Emergency Boot CD). Once you have reset the local administrator account reboot the server, press F8 at startup and select Directory Service Restore Mode, this will startup the server without loading active directory and allow you to logon using the local administrator account (the one you just reset).

    Next you will need two tools included on the resource CD, SRVANY and INSTSRV. You will have to install srvany as this utility allows other programs to run as a service with elevated privileges. Copy srvany and instsrv to a temp folder, ie C:\temp, along with cmd.exe (from the %windir%\system32 folder).

    open a command prompt pointing to you temp folder then run the following:
    instsrv PassRecovery "c:\temp\srvany.exe"

    Now configure srvany, open up the registry editor and navigate to
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\PassRecovery
    Create a new subkey called Parameters then add the following two values:

    name: Application
    type: REG_SZ (string)
    value: c:\temp\cmd.exe

    name: AppParameters
    type: REG_SZ (string)
    value: /k net user administrator 123456 /domain

    Replace 123456 with your password, remember domain policies still apply regarding password length and complexity.

    Now go to the services control panel and make certain that the PassRecovery service is set to automatic startup. Last go to the logon tab and make certain it is set to allow service to interact with the desktop.

    Now you can reboot the server and let it startup normally. Srvany will run net user command and reset the administrator password for you, so when prompted press ctl-alt-del and logon as administrator with the password you set above.

    Congrats you are now logged in. Now a little cleanup and your done. from a command prompt:

    net stop passrecovery
    sc delete passrecovery

    delete the temp folder you created earlier.

    Your Done
    "Arms discourage and keep the invader and plunderer in awe, and preserve order in the world as well as property... Horrid mischief would ensue were the law-abiding deprived of the use of them." - Thomas Paine
      0 Not allowed!

  16. #16
    Join Date
    Aug 2004
    Location
    Sheffield, United Kingdom
    Posts
    238
      0 Not allowed!

  17. #17
    Join Date
    Dec 2002
    Location
    Prince Edward Island
    Posts
    2,287
    Thanks for the suggestions sam but I am not looking for anti-virus stuff.
      0 Not allowed!

  18. #18
    Winternals has a boot CD that you can use to reset the admin password, other than that there's really no way to do it.
    Linux/BSD Systems Administrator
      0 Not allowed!

  19. #19
    Join Date
    Aug 2004
    Location
    Sheffield, United Kingdom
    Posts
    238
    [FONT='Verdana','sans-serif'][FONT='Verdana','sans-serif']Woops, looks like I posted in the wrong thread. Wondered why that post hadn't turned up in the thread its relevant to. Sorry![/FONT]
    [/FONT]
      0 Not allowed!

  20. #20
    Join Date
    Jan 2004
    Location
    North Yorkshire, UK
    Posts
    4,163
    FYI you are much better trying a blank password when resetting rather than "123456", you stand a much higher chance of success.

    You should also be aware that if you have anything encrypted once you reset the password it will be gone and useless.

    Dan
      0 Not allowed!

  21. #21
    Join Date
    Dec 2002
    Location
    Prince Edward Island
    Posts
    2,287
    Quote Originally Posted by serverminds
    Those other tools have never worked for me either. The only way I was able to hack into a box was by trying this little trick:

    1. Get the BartPE utility (PEBuilder) to create a BartPE CD. It will require some form of Windows XP or 2003 installation media. It shouldn't be as hard for you to find XP install media.
    2. Boot off the BartPE CD from the system you are trying to hack. It creates a small Explorer-like environment and has the tools to access the hard drive of that other system.
    3. Go to the hard drive of the other system. Go to the C:\windows\system32 directory (or wherever that system's %WINDIR%\System32 directory is).
    4. Find a binary called sethc.exe in this directory. Rename it to something like sethc.bak.
    5. Copy cmd.exe to sethc.exe in this same directory.
    6. Now reboot normally into the OS of the box you want to hack.
    7. At the ctrl-alt-del screen, hit the shift key several times. A command window should pop up.

    Now you can run whatever commands you want with elevated system privilege. For example, type "compmgmt.msc" then go to Local Users and Groups so you can create/add/edit local accounts or change those account passwords (like Administrator).

    Remember this will ONLY change the LOCAL user accounts. A domain controller is a different animal because in theory it does not have local user accounts. If this is a domain member server you can change the password and logon locally as an administrator but this will do nothing for you if your privileges need to be on the domain.

    Best-o-luck.
    When nothing else worked, this did. Thanks a million.
      0 Not allowed!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •