General discussion
-
CreatorTopic
-
August 3, 1999 at 3:57 pm #2080524
nt security
Lockedby npressley · about 24 years, 8 months ago
i had a call from a customer who said he can’t get in his server. for some reason it has been changed or something. is there any way to get in to reset password?
npressley@inetnow.netTopic is locked -
CreatorTopic
All Comments
-
AuthorReplies
-
-
August 3, 1999 at 7:37 pm #3902690
nt security
by fido · about 24 years, 8 months ago
In reply to nt security
There are thre answers to this situation that I can think of, I hope at least one of them is useful.
A1) The Microsoft text book answer
Rebuild your server.A2) The cook-book answer
There is a utility freely available on the net called L0phtCrackhttp://www.l0pht.com/l0phtcrack) which has the ability to rip passwords out of the NT registry, rescue disk, and network packets. This may perhaps be able to extract the password from the NT server’s registry. Of course access to the server console is aplus as doing it remotely can be painful.A3) Last ditch answer
You could also try using the NT rescue disk generated when the NT server was installed to restore the SAM database. I wouldn’t suggest it if this is a business critical server, but as aast resort before rebuilding the server you might want to try it.-
September 20, 2000 at 7:00 pm #3792072
nt security
by npressley · about 23 years, 6 months ago
In reply to nt security
The question was auto-closed by TechRepublic
-
-
August 6, 1999 at 6:09 am #3902668
nt security
by mkelley · about 24 years, 8 months ago
In reply to nt security
Also,
This doesn’t help now, but it is helpful to have more than one admin level account on the server, perhaps two local admin logins, and two domain admin level logins. Don’t forget to put the domain level logins in the local admin group. And if tis is a BDC, you don’t need to worry about the local admin accounts.-
September 20, 2000 at 7:00 pm #3792073
nt security
by npressley · about 23 years, 6 months ago
In reply to nt security
The question was auto-closed by TechRepublic
-
-
August 11, 1999 at 2:14 pm #3902638
nt security
by jhoward · about 24 years, 7 months ago
In reply to nt security
There are a number of utilities at http://www.winternals.com and http://www.sysinternals.com that allow you to change the administrator account (ERD Commander, ERD Professional, NTRecover & NT Locksmith). They aren’t free but are worth the money when you considerhow much your time, and the time of your staff costs when they can’t work while you rebuild the server.
-
September 20, 2000 at 7:00 pm #3792074
nt security
by npressley · about 23 years, 6 months ago
In reply to nt security
The question was auto-closed by TechRepublic
-
-
August 11, 1999 at 2:53 pm #3902637
nt security
by patfa · about 24 years, 7 months ago
In reply to nt security
Is it a BDC, PDC, Stand alone? There would be different courses of action depending on the role the server plays in your domain.
Did the customer forget his password? If so, is the original administrator account available or has it been disabledas it should be?
If no one, even normal users are not able to log onto the server, it is likely that the systems SAM database was corrupted at some point. Again, It would be most helpful if we knew what type of NT server we are discussing, but inthis case, a up-to-date NT repair disk would be an invaluable tool because a copy of the SAM database resides on this disk. If there is no disk available, and the SAM database is indeed corrupt, a rebuild is the only way I know of to regain control of your locked server.
-
September 20, 2000 at 7:00 pm #3792034
nt security
by npressley · about 23 years, 6 months ago
In reply to nt security
The question was auto-closed by TechRepublic
-
-
August 17, 1999 at 5:21 am #3902603
nt security
by johnny398430 · about 24 years, 7 months ago
In reply to nt security
Just a reminder that any other NT user id with domain admin privileges may logon and reset the NT administrator password.
-
September 20, 2000 at 7:00 pm #3792075
nt security
by npressley · about 23 years, 6 months ago
In reply to nt security
The question was auto-closed by TechRepublic
-
-
August 18, 1999 at 2:40 am #3902584
nt security
by egowen · about 24 years, 7 months ago
In reply to nt security
If he has an emergency recovery diskette (ERD) of recent vintage, he could boot from the the three diskette set and restore the registry. He should then be able to login with the old Administrator password.
-
September 20, 2000 at 7:00 pm #3792076
nt security
by npressley · about 23 years, 6 months ago
In reply to nt security
The question was auto-closed by TechRepublic
-
-
August 18, 1999 at 3:16 am #3902582
nt security
by sjh87 · about 24 years, 7 months ago
In reply to nt security
Hey, without utilities, it’s pretty tough to get back into an NT box without the password – have them try everything in upper and lower case, and try to get a password cracker from somewhere like L0phtcrack (BE SURE TO use a zero “0”- not the letter “o”. Anyway, this is probably too late – but good luck….
-
September 20, 2000 at 7:00 pm #3792077
nt security
by npressley · about 23 years, 6 months ago
In reply to nt security
The question was auto-closed by TechRepublic
-
-
August 18, 1999 at 4:41 am #3902580
nt security
by oleg.vysotsky · about 24 years, 7 months ago
In reply to nt security
Run User Domain Manager and reset a password in the person record.
-
September 20, 2000 at 7:00 pm #3792078
nt security
by npressley · about 23 years, 6 months ago
In reply to nt security
The question was auto-closed by TechRepublic
-
-
August 18, 1999 at 8:39 pm #3902573
nt security
by kai_klein · about 24 years, 7 months ago
In reply to nt security
I’ve run also in this problem by a customer, where a student install the machine and then go into holydays without leaving the password. What we do then is to repair the sam-database with the rescure disk from a different machine. Hope this will help you.
Kai
-
September 20, 2000 at 7:00 pm #3792079
nt security
by npressley · about 23 years, 6 months ago
In reply to nt security
The question was auto-closed by TechRepublic
-
-
August 24, 1999 at 12:45 am #3902523
nt security
by cyril · about 24 years, 7 months ago
In reply to nt security
One of the possible causes of this situation is an attempt to restrict logon to ordinary users by changing default system policy. In this case, you can try to remove policy files using utilities available on http://www.sysinternals.com (NTFSDOS, for example)…or rebuild your server.
-
September 20, 2000 at 7:00 pm #3792080
nt security
by npressley · about 23 years, 6 months ago
In reply to nt security
The question was auto-closed by TechRepublic
-
-
August 24, 1999 at 1:35 pm #3902513
nt security
by bryan henderson · about 24 years, 7 months ago
In reply to nt security
If there is an Administrator account on the machine and the user knows the credidentials for that account, or has access to somone that does, they can get in and reset it.
If the is a bootable dos partition, you may be able to boot from a floppy disk(dos) and run a program called l0phtcrack. What it will do is capture the part of your registry that contains account information. Once you have that, you can run the part of the l0phtcrack program that cracks accounts and passwords. Depending on the “difficulty” of their password, you should be able to retrieve it. It may take a few minutes to a few days for the l0phtcrack program to crack it. Hope this helps, it happened to me and I had everything so “secure” I had to rebuild the machine…Bryan
-
September 20, 2000 at 7:00 pm #3792081
nt security
by npressley · about 23 years, 6 months ago
In reply to nt security
The question was auto-closed by TechRepublic
-
-
September 1, 1999 at 3:30 am #3902796
nt security
by ron · about 24 years, 7 months ago
In reply to nt security
Even if you do not have the ERD, you can still run a restore off of the three setup diskettes, and choose the option to rebuild/replace the SAM and Security settings during the setup procedure. When you are done with the repair of NT, it should finish with a blank Administrator password. So after you do this, logon to the Server as Administrator with no password and then you will have the access that you need. Don’t forget to change the passwords on the services that logon using an account, usuallt the Administrator account.
-
September 20, 2000 at 7:00 pm #3792082
nt security
by npressley · about 23 years, 6 months ago
In reply to nt security
The question was auto-closed by TechRepublic
-
-
September 1, 1999 at 4:15 am #3902795
nt security
by willh · about 24 years, 7 months ago
In reply to nt security
These are all good answers, I personally use the Winternals ERD Commander.
Now, to prevent this from happening in the future: establish a policy to have one user login ON THE MACHINE’S User Manager (Not the domain’s). This “user” should be standard for ALL machines, and have a standard password. The “user” should be added to the Administrator’s group (and removed from the Users group). This use should match a user name on the domain, used for the same purpose.
After the user is created, LOG IN,using that user name, to establish a cached profile.
The user name and password should be locked up in the manager/SysAdmin’s custody and ONLY USED for opening up lost password situations.
Will Harper, MCSE
-
September 20, 2000 at 7:00 pm #3792083
nt security
by npressley · about 23 years, 6 months ago
In reply to nt security
The question was auto-closed by TechRepublic
-
-
September 6, 1999 at 1:25 am #3901428
nt security
by mark.thomson · about 24 years, 7 months ago
In reply to nt security
If he has an ERD or if he can log on to the server at all then he can use a password crack utility to see the password.
-
September 20, 2000 at 7:00 pm #3792084
nt security
by npressley · about 23 years, 6 months ago
In reply to nt security
The question was auto-closed by TechRepublic
-
-
September 8, 1999 at 9:47 am #3901382
-
September 20, 2000 at 7:00 pm #3792085
nt security
by npressley · about 23 years, 6 months ago
In reply to nt security
The question was auto-closed by TechRepublic
-
-
September 13, 1999 at 4:43 pm #3901315
nt security
by evan tallas · about 24 years, 6 months ago
In reply to nt security
There are the utilites, like l0phtcrack. But since the person can’t get into the server, they should use the repair utilities on the Installation CD. It’s by far one of the easiest ways of doing it. I’m assuming the person is a home user with almost no knowledge of NT as well.
1. Boot the machine with either the NT install floppies or the bootable NT CD.
2. Choose “Repair NT installation.”
3. Select all of the boxes, it won’t hurt anything.
4. The user probably doesn’t have a recent emergency repair disk, but if they do they will be prompted to insert it. Make sure it is very recent! If it is not, it could cause problems.
5. There will be a selection for repairing the Administrative Account. They should select this option.
6. Byfollowing this, a new Administrative account will be created. The old one will still be on the system, in x:\winnt\profiles\00Administator
Tell the user to copy the files from the matching directories in 00Administrator to the new Administrator.
-
September 20, 2000 at 7:00 pm #3792086
nt security
by npressley · about 23 years, 6 months ago
In reply to nt security
The question was auto-closed by TechRepublic
-
-
September 15, 1999 at 7:04 am #3901272
nt security
by james · about 24 years, 6 months ago
In reply to nt security
A number of options exist….
1. Use ERD Commander.
2. Slip install a new version of NT into a temp directory, Copy the sam from the \system32\config folder to a floppy and run L0phtcrack on another machine.
3. If the server is a member server with little local account config, you can carry out the following. Slip install as per point 2, then delete of rename the sam. reboot into the original installation. You will have to recreate any accounts including IIS service accounts ect. You will also have toadd the machine back to the domain. If the server is just a file or print server, this would bbe pretty painless. If the server is running Sql, IIS ect, Then this would not be such a great approach.
Hope this helps.
PS
I own a copy of ERD commander Pro and totally recommend this to any support professional…James
MCSE+I ect…-
September 20, 2000 at 7:00 pm #3792087
nt security
by npressley · about 23 years, 6 months ago
In reply to nt security
The question was auto-closed by TechRepublic
-
-
September 20, 2000 at 7:00 pm #3792033
nt security
by npressley · about 23 years, 6 months ago
In reply to nt security
This question was auto closed due to inactivity
-
-
AuthorReplies