RE: Reset Domain Admin Password in Windows Server 2003 AD

• From: "Michael B. Smith" <michael@xxxxxxxxxx>
• To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
• Date: Fri, 4 Nov 2005 14:37:30 -0500

You replied to the wrong list, Jose. :-) 

-----Original Message-----
From: Medeiros, Jose [mailto:jmedeiros@xxxxxxxxxxxxxxx] 
Sent: Friday, November 04, 2005 2:27 PM
To: [ExchangeList]
Subject: [exchangelist] Reset Domain Admin Password in Windows Server
2003 AD

http://www.MSExchange.org/


Hi Joe, 

That's one way to look at it that other way to look at it is that this
information is freely available on the internet. I am not posting
anything new. This is just more reason for some one to lock up the
Domain Controllers in a room rather then leave them out in the open.
Many companies that have remote offices and have there DC's out in the
open need to re-evaluate their security policies as well as make
frequent audits of there Domain Admins, Enterprise Admin's and local
admin groups.  I am also not trying to say that Microsoft is any less
secure then other products, one can get into Linux, Macintosh and
Solaris Operating Systems just as easily if they have physical access to
the system and can boot from a CD, USB device or Floppy.

One should not have a false sense of security just because one lacks the
knowledge of how to do such things.

Sincerely,
Jose Medeiros
ADP | National Account Services
ProBusiness Division | Information Services
925.737.7967 | 408-449-6621 CELL
MCP+I, MCSE, NT4 MCT
www.ntea.net
www.tvnug.org
www.sfntug.org
------------------------------------------------------------------------
-------------------------



-----Original Message-----
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx]On Behalf Of joe
Sent: Friday, November 04, 2005 10:26 AM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] Reset Domain Admin Password in Windows Server
2003 AD


It falls back to the idea of should people post information that can be
used to compromise someone else's machine. These mechanisms are all fine
an dandy if you are trying to break into your own system, but normally,
it is to break into someone else's system. It is hopefully a rare case
where an admin is so light between the ears that they forget their admin
passwords. Hell I get touchy with admins who lock themselves out even.
Admins are supposed to be accomplished and careful. 

Anyway, it is usually bad taste to post a mechanism to crack into a
system that can't be countered. If everyone simply posted what they knew
about cracking systems there would be a lot of people in a very bad ways
as that info got around to folks who like to take advantage of stuff.
Those people aren't usually the ones bright enough to find all of the
exploits in the first place, they use what is published. Imagine
viruses/worms that target domains and forests instead of workstations.
How many people truly have their environment secured in such a way that
they would be relatively safe. If not in that group how many people have
their environment monitored in such a way that they would catch bad
things very quickly (though quick is relative, I have written POC tools
that can take out your forest in less than a couple of seconds barring
too much network latency). If not in those groups, how many people have
their environment so they could quickly put it back together. Say a
massive forest attacking worm/virus breaks out, it takes down say a
State of Michigan or Department of Homeland Security... How much impact
does that have? What if it reaches Code Red proportions?

   joe




From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Medeiros, Jose
Sent: Friday, November 04, 2005 1:04 PM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] Reset Domain Admin Password in Windows Server
2003 AD


Why not?
Sincerely,
Jose Medeiros
ADP | National Account Services
ProBusiness Division | Information Services
925.737.7967 | 408-449-6621 CELL



-----Original Message-----
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx]On Behalf Of Brian Desmond
Sent: Friday, November 04, 2005 9:48 AM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] Reset Domain Admin Password in Windows Server
2003 AD


He shouldn't have posted that.
 
Thanks,
Brian Desmond
brian@xxxxxxxxxxxxxxxx
 
c - 312.731.3132
 
 



From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Medeiros, Jose
Sent: Friday, November 04, 2005 12:28 PM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Cc: exchangelist@xxxxxxxxxxxxx
Subject: [ActiveDir] Reset Domain Admin Password in Windows Server 2003
AD
 
Has any one ever tried this?
Sincerely,
Jose Medeiros
ADP | National Account Services
ProBusiness Division | Information Services
925.737.7967 | 408-449-6621 CELL
 
Forgot the Administrator's Password? - Reset Domain Admin Password in
Windows Server 2003 AD. 
Featured Product: 
Windows XP/2000/NT Key - Easy to use utility to reset Windows
2003/XP/2K/NT local and domain controller administrator passwords.
Download FREE version now!
Note: In order to successfully use this trick you must first use one of
the password resetting tools available on the Forgot the Administrator's
Password? page.
The reason for that is that you need to have the local administrator's
password in order to perform the following tip, and if you don't have
it, then the only method of resetting it is by using the above tool.
Read more about that on the Forgot the Administrator's Password? page.
Update: You can also discuss these topics on the dedicated Forgot Admin
Password - Related Discussions forum.
Lamer note: This procedure is NOT designed for Windows XP since Windows
XP is NOT a domain controller. Also, for a Windows 2000 version of this
article you should read the Forgot the Administrator's Password? -
Change Domain Admin Password in Windows 2000 AD page.
Reader Sebastien Francois added his own personal note regarding the
changing of Domain Admin passwords on Windows Server 2003 Active
Directory domains (HERE). I will quote parts of it (thanks Seb!):
Requirements 
1.      Local access to the Domain Controller (DC).
2.      The Local Administrator password. 
3.      Two tools provided by Microsoft in their Resource Kit: SRVANY
and INSTSRV. Download them from HERE (24kb).
Step 1
Restart Windows 2003 in Directory Service Restore Mode.
Note: At startup, press F8 and choose Directory Service Restore Mode. It
disables Active Directory.

When the login screen appears, log on as Local Administrator. You now
have full access to the computer resources, but you cannot make any
changes to Active Directory.

Step 2
You are now going to install SRVANY. This utility can virtually run any
programs as a service. The interesting point is that the program will
have SYSTEM privileges (LSA) (as it inherits the SRVANY security
descriptor), i.e. it will have full access on the system. That is more
than enough to reset a Domain Admin password. You will configure SRVANY
to start the command prompt (which will run the 'net user' command).
Copy SRVANY and INSTSRV to a temporary folder, mine is called D:\temp.
Copy cmd.exe to this folder too (cmd.exe is the command prompt, usually
located at %WINDIR%\System32).
Start a command prompt, point to d:\temp (or whatever you call it), and
type:
<span style='font-size:10.0pt;font-family:Verdana'>instsrv
  PassRecovery "d:\temp\srvany.exe"</span> (change the path to suit your
own).
It is now time to configure SRVANY.
Start Regedit, and navigate to
<span style='font-size:10.0pt;font-family:
 
Verdana'>HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\PassRecove
ry</span>
Create a new subkey called Parameters and add two new values:
<span style='font-size:10.0pt;font-family:
  Verdana'>name: Application type: REG_SZ (string) value:
d:\temp\cmd.exe name:
  AppParameters type: REG_SZ (string) value: /k net user administrator
123456
  /domain<br>
   
Replace 123456 with the password you want. Keep in my mind that the
default domain policy require complex passwords (including digits,
respecting a minimal length etc) so unless you've changed the default
domain policy use a complex password such as P@ssw0rd Now open the
Services applet (Control Panel\Administrative Tools\Services) and open
the PassRecovery property tab. Check the starting mode is set to
Automatic.

Go to the Log On tab and enable the option Allow service to interact
with the desktop.
Restart Windows normally, SRVANY will run the NET USER command and reset
the domain admin password.
Step 3
Log on with the Administrator's account and the password you've set in
step #2.
Use this command prompt to uninstall SRVANY (do not forget to do it!) by
typing:
<span style='font-size:10.0pt;font-family:
  Verdana'>net stop PassRecovery sc delete PassRecovery</span> Now
delete d:\temp and change the admin password if you fancy.
Done!
Supplement
Robert Strom has written a cool script that will completely automate
this process. He wrote:
"My script is really just an automation of his process which performs
all the post cleanup of itself. Launch one script and it's all done. No
manual registry entries, the service is created, the service settings
are all imported into the registry, etc."
Download it from HERE (186kb).
Note that you still need physical access to the DC and the ability to
log on locally as the local administrator. If you do not have the local
administrator's password use the following tip: Forgot the
Administrator's Password?.
Thanks Robert!
Acknowledgments
This tip was compiled and written with the help of Antid0t, Robert Strom
and Sebastien Francois. Thank you all!
Links
How to reset the Domain Admin Password under Windows 2003 Server
Original post by Antid0t and Robert Strom on the MCSEworld forums
Related articles You may find these related articles of interest to you:

*         Change Recovery Console Password 
*         Change User Password from a Remote Computer 
*         Change User Password from the Command Prompt 
*         Forgot the Administrator's Password? 
*         Forgot the Administrator's Password? - Alternate Logon Trick 
*         Forgot the Administrator's Password? - Reset Domain Admin
Password in Windows 2000 AD 
*         Recover Protected Office Documents 
*         What's the Password Reset Disk in Windows XP? 
New:
*         You can also discuss these topics on the dedicated Forgot
Admin Password - Related Discussions forum. 
  
up
back 

 


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this MSExchange.org Discussion List as:
michael@xxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Report abuse to listadmin@xxxxxxxxxxxxxx

Other related posts:

• » Reset Domain Admin Password in Windows Server 2003 AD
• » Reset Domain Admin Password in Windows Server 2003 AD
• » RE: Reset Domain Admin Password in Windows Server 2003 AD
• » RE: Reset Domain Admin Password in Windows Server 2003 AD

1. Home
2. exchangelist
3. Archive
4. 11-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---