Reset Domain Admin Password in Windows Server 2003 AD
- From: "Medeiros, Jose" <jmedeiros@xxxxxxxxxxxxxxx>
- To: <exchangelist@xxxxxxxxxxxxx>
- Date: Fri, 4 Nov 2005 11:26:50 -0800
Hi Joe,
That's one way to look at it that other way to look at it is that this
information is freely available on the internet. I am not posting anything new.
This is just more reason for some one to lock up the Domain Controllers in a
room rather then leave them out in the open. Many companies that have remote
offices and have there DC's out in the open need to re-evaluate their security
policies as well as make frequent audits of there Domain Admins, Enterprise
Admin's and local admin groups. I am also not trying to say that Microsoft is
any less secure then other products, one can get into Linux, Macintosh and
Solaris Operating Systems just as easily if they have physical access to the
system and can boot from a CD, USB device or Floppy.
One should not have a false sense of security just because one lacks the
knowledge of how to do such things.
Sincerely,
Jose Medeiros
ADP | National Account Services
ProBusiness Division | Information Services
925.737.7967 | 408-449-6621 CELL
MCP+I, MCSE, NT4 MCT
www.ntea.net
www.tvnug.org
www.sfntug.org
-------------------------------------------------------------------------------------------------
-----Original Message-----
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx]On Behalf Of joe
Sent: Friday, November 04, 2005 10:26 AM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] Reset Domain Admin Password in Windows Server 2003 AD
It falls back to the idea of should people post information that can be used to
compromise someone else's machine. These mechanisms are all fine an dandy if
you are trying to break into your own system, but normally, it is to break into
someone else's system. It is hopefully a rare case where an admin is so light
between the ears that they forget their admin passwords. Hell I get touchy with
admins who lock themselves out even. Admins are supposed to be accomplished and
careful.
Anyway, it is usually bad taste to post a mechanism to crack into a system that
can't be countered. If everyone simply posted what they knew about cracking
systems there would be a lot of people in a very bad ways as that info got
around to folks who like to take advantage of stuff. Those people aren't
usually the ones bright enough to find all of the exploits in the first place,
they use what is published. Imagine viruses/worms that target domains and
forests instead of workstations. How many people truly have their environment
secured in such a way that they would be relatively safe. If not in that group
how many people have their environment monitored in such a way that they would
catch bad things very quickly (though quick is relative, I have written POC
tools that can take out your forest in less than a couple of seconds barring
too much network latency). If not in those groups, how many people have their
environment so they could quickly put it back together. Say a massive forest
attacking worm/virus breaks out, it takes down say a State of Michigan or
Department of Homeland Security... How much impact does that have? What if it
reaches Code Red proportions?
joe
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Medeiros, Jose
Sent: Friday, November 04, 2005 1:04 PM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] Reset Domain Admin Password in Windows Server 2003 AD
Why not?
Sincerely,
Jose Medeiros
ADP | National Account Services
ProBusiness Division | Information Services
925.737.7967 | 408-449-6621 CELL
-----Original Message-----
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx]On Behalf Of Brian Desmond
Sent: Friday, November 04, 2005 9:48 AM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] Reset Domain Admin Password in Windows Server 2003 AD
He shouldn't have posted that.
Thanks,
Brian Desmond
brian@xxxxxxxxxxxxxxxx
c - 312.731.3132
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Medeiros, Jose
Sent: Friday, November 04, 2005 12:28 PM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Cc: exchangelist@xxxxxxxxxxxxx
Subject: [ActiveDir] Reset Domain Admin Password in Windows Server 2003 AD
Has any one ever tried this?
Sincerely,
Jose Medeiros
ADP | National Account Services
ProBusiness Division | Information Services
925.737.7967 | 408-449-6621 CELL
Forgot the Administrator's Password? - Reset Domain Admin Password in Windows
Server 2003 AD.
Featured Product:
Windows XP/2000/NT Key - Easy to use utility to reset Windows 2003/XP/2K/NT
local and domain controller administrator passwords. Download FREE version now!
Note: In order to successfully use this trick you must first use one of the
password resetting tools available on the Forgot the Administrator's Password?
page.
The reason for that is that you need to have the local administrator's password
in order to perform the following tip, and if you don't have it, then the only
method of resetting it is by using the above tool.
Read more about that on the Forgot the Administrator's Password? page.
Update: You can also discuss these topics on the dedicated Forgot Admin
Password - Related Discussions forum.
Lamer note: This procedure is NOT designed for Windows XP since Windows XP is
NOT a domain controller. Also, for a Windows 2000 version of this article you
should read the Forgot the Administrator's Password? - Change Domain Admin
Password in Windows 2000 AD page.
Reader Sebastien Francois added his own personal note regarding the changing of
Domain Admin passwords on Windows Server 2003 Active Directory domains (HERE).
I will quote parts of it (thanks Seb!):
Requirements
1. Local access to the Domain Controller (DC).
2. The Local Administrator password.
3. Two tools provided by Microsoft in their Resource Kit: SRVANY and
INSTSRV. Download them from HERE (24kb).
Step 1
Restart Windows 2003 in Directory Service Restore Mode.
Note: At startup, press F8 and choose Directory Service Restore Mode. It
disables Active Directory.
When the login screen appears, log on as Local Administrator. You now have full
access to the computer resources, but you cannot make any changes to Active
Directory.
Step 2
You are now going to install SRVANY. This utility can virtually run any
programs as a service. The interesting point is that the program will have
SYSTEM privileges (LSA) (as it inherits the SRVANY security descriptor), i.e.
it will have full access on the system. That is more than enough to reset a
Domain Admin password. You will configure SRVANY to start the command prompt
(which will run the 'net user' command).
Copy SRVANY and INSTSRV to a temporary folder, mine is called D:\temp. Copy
cmd.exe to this folder too (cmd.exe is the command prompt, usually located at
%WINDIR%\System32).
Start a command prompt, point to d:\temp (or whatever you call it), and type:
<span style='font-size:10.0pt;font-family:Verdana'>instsrv
PassRecovery "d:\temp\srvany.exe"</span>
(change the path to suit your own).
It is now time to configure SRVANY.
Start Regedit, and navigate to
<span style='font-size:10.0pt;font-family:
Verdana'>HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\PassRecovery</span>
Create a new subkey called Parameters and add two new values:
<span style='font-size:10.0pt;font-family:
Verdana'>name: Application type: REG_SZ (string) value: d:\temp\cmd.exe name:
AppParameters type: REG_SZ (string) value: /k net user administrator 123456
/domain<br>
Replace 123456 with the password you want. Keep in my mind that the default
domain policy require complex passwords (including digits, respecting a minimal
length etc) so unless you've changed the default domain policy use a complex
password such as P@ssw0rd
Now open the Services applet (Control Panel\Administrative Tools\Services) and
open the PassRecovery property tab. Check the starting mode is set to Automatic.
Go to the Log On tab and enable the option Allow service to interact with the
desktop.
Restart Windows normally, SRVANY will run the NET USER command and reset the
domain admin password.
Step 3
Log on with the Administrator's account and the password you've set in step #2.
Use this command prompt to uninstall SRVANY (do not forget to do it!) by typing:
<span style='font-size:10.0pt;font-family:
Verdana'>net stop PassRecovery sc delete PassRecovery</span>
Now delete d:\temp and change the admin password if you fancy.
Done!
Supplement
Robert Strom has written a cool script that will completely automate this
process. He wrote:
"My script is really just an automation of his process which performs all the
post cleanup of itself. Launch one script and it's all done. No manual registry
entries, the service is created, the service settings are all imported into the
registry, etc."
Download it from HERE (186kb).
Note that you still need physical access to the DC and the ability to log on
locally as the local administrator. If you do not have the local
administrator's password use the following tip: Forgot the Administrator's
Password?.
Thanks Robert!
Acknowledgments
This tip was compiled and written with the help of Antid0t, Robert Strom and
Sebastien Francois. Thank you all!
Links
How to reset the Domain Admin Password under Windows 2003 Server
Original post by Antid0t and Robert Strom on the MCSEworld forums
Related articles
You may find these related articles of interest to you:
· Change Recovery Console Password
· Change User Password from a Remote Computer
· Change User Password from the Command Prompt
· Forgot the Administrator's Password?
· Forgot the Administrator's Password? - Alternate Logon Trick
· Forgot the Administrator's Password? - Reset Domain Admin Password in
Windows 2000 AD
· Recover Protected Office Documents
· What's the Password Reset Disk in Windows XP?
New:
· You can also discuss these topics on the dedicated Forgot Admin
Password - Related Discussions forum.
up
back
Other related posts:
