Enterprise Software

Quickly regain administrator access using EmAdmin

If you've forgotten the password to your Admin account, don't panic. Using the EmAdmin tool, you can quickly create a new user with full Admin rights to regain access to your network.

The Admin account is the most powerful user object in a NetWare network. If you've forgotten the password for the Admin account, or suffered an NDS error that destroyed the Admin account, you can be in deep trouble. Unless you've created a backup account with Admin rights, you're stuck. Fortunately, you can use the EmAdmin utility to quickly create a new Admin account or grant Admin rights to an existing account.

What's EmAdmin?
EmAdmin will create a user object with Admin rights anywhere in the NDS tree. You can even create user objects within hidden organizational units. You can use it to quickly create a user with Admin rights in case you've lost or forgotten the Admin password. Once you've created the object, you can then reset the password to the original Admin account.

EmAdmin is a freeware utility, but it's not written or supported by Novell. EmAdmin was written by Jean-Francois Burdet and is based on a Monster Munch, a utility that creates users with no passwords. Burdet includes the source code with the utility so you can see how it works or make your own modifications if you know how to write C.

Even though Novell doesn't support the utility, you can obtain it from Novell's Cool Solutions Web site. In the age of multi-megabyte downloads, EmAdmin may surprise you. It's only 12 KB in size. That's kilobytes, not megabytes. Don't blink or you'll miss it when you download the emadmin.zip file.

Installing and running EmAdmin
Also unlike most utilities today, not only is EmAdmin tiny, it also installs very easily. There are no fancy windows or setup routines that you have to go through. Extract the emadmin.nlm file from the emadmin.zip file and copy it to your server's SYS volume, preferably in the System directory. If you want extra security, copy the file to a floppy disk. That's the end of the installation process.

To run EmAdmin, you must have access to the server's console prompt. You can do so either by physically accessing the server or by using a remote access utility like Rconsole. At the server's console prompt, type load emadmin and press [Enter]. If you're running EmAdmin from a floppy disk, naturally, you'll want to be physically present at the server, insert the disk, and type load a:emadmin to start the program.

When you do, EmAdmin will prompt you to enter a user name. You have the choice between entering the name of an existing user or entering the name of a new user. If you enter the name of a new user, EmAdmin will create the user and grant it Admin trustee rights. If you enter the name of an existing user, EmAdmin will grant the Admin trustee rights to that user and otherwise leave it alone.

Enter the name of the user at the Enter A User Name prompt. You must enter the full name of the user, not simply a user ID. For example, to grant Admin rights to the jsheesley user in the TechProGuild tree, you must enter jsheesley.tpg. Simply entering jsheesley will cause EmAdmin to error out. Enter the name and container for your new or existing user and press [Enter].

You must then enter the name of the Organizational Unit (OU) to which you want to grant the Admin rights. You can do so by entering the name of the OU in the Enter A Target OrgUnit field. EmAdmin allows you to grant Admin rights at any OU in your NDS tree, including [Root]. To grant rights at the root of the tree, type [Root] and press [Enter]. To specify an OU, type .orgunit and press [Enter], where orgunit is the name of the unit you want to grant trustee rights to. Make sure you precede the name of the OU with a [.].

After you enter the name of the OU and press [Enter], EmAdmin will check for the existence of the user. If you've entered the name and OU correctly, EmAdmin will validate the existence of the user and add the trustee rights to the OU you selected. If the user doesn't exist, EmAdmin will create the user object and then grant the trustee rights. If there's a problem, EmAdmin will display an NDSAddObject error and exit. You can then restart the utility and try again.

When you return to the console prompt, you're done. Log into the network as the user you created or modified and start NWAdmin or ConsoleOne. Check the Trustees Of This Object properties for the OU, and you'll find the user object with full rights to the object. You can then fix the Admin account or finish doing whatever else you were doing in NDS.

Caveat Admin
After you're done using the program, you might want to erase it from your server's System folder. If any users on your network knew the program existed, they might be able to use it to grant themselves Admin rights to your network. That's why it may be best to only run the program from a floppy disk. Although you may need physical access to the server to run it, at least you can lock the disk up when you're done.
0 comments

Editor's Picks