Re: A problem regarding admin rights and passwords.
- From: "Rick F" <support.REMOVE@xxxxxxxxxxxxxxxx>
- Date: Wed, 30 Nov 2005 21:00:12 -0600
You can purchase programs that will allow you to boot, enable the password
and change it. The first one that comes to mind is www.winternals.com and
look for Locksmith. You can call them to confirm that it will re-enable an
account.
But what you are doing is NOT per best practices. You should never disable
the administrator account. What you should be doing is rename the
administrator account and then create a new account called Administrator but
only give it user rights if you want, then it would be ok to disable it or
not.
Here is the clip from the "To Do List" in the Server Management: Security
Best Practices
Renaming the Administrator account
As a security best practice, it is recommended that you rename the
Administrator account on all computers in the Windows Small Business Server
domain, or at least on the computer running Windows Small Business Server
2003. The built-in Administrator account is a well-known and powerful
account. Malicious attackers often attempt to log on to computers by
guessing the password of the Administrator account. Because the account is
necessary for many functions in the operating system, the account cannot be
locked. However, changing the name of this account prevents unauthorized
users who try to discover the password from gaining access to the network.
Important
a.. Rename the Administrator account only after completing all the tasks
in the To Do List.
b.. After changing the Administrator account name, you need to log off and
then use the new name to log back on as an administrator on the server.
Renaming the Administrator account on the server
You can either manually rename the Administrator account on the computer
running Windows Small Business Server 2003, or, using the Group Policy
Management Console, you can automatically rename all the Administrator
account names in the network (including the server).
Renaming the Administrator account on all client computers
You can either manually rename the Administrator account on each client
computer in the local network, or, using the Group Policy Management
Console, you can automatically rename all the Administrator account names.
If you choose to rename the Administrator account manually, keep in mind
that you must manually rename the Administrator account every time you add a
client computer to the network.
--
Rick Faria - MCSE / A+
RDF Technical Services - www.rdfts.com
Email: support at rdfts dot com
"Spamaway gmail.com>" <spam.of.pert---> wrote in message
news:op.s02v6gpshq7s4x@xxxxxxxxxxxxxxxxxxxxxxx
> I've been experimenting with a SBS 2003, and find myself now in a quandry.
> As per best practices, I created an user account and gave this user
> account admin (enterprise, local, domain. etc) rights. As per best
> practices, I disabled the Administrator account. No other user accounts
> have admin access. Non-admin users cannot login the sbs server
> interactively. As you might have guessed, I have forgotten the password to
> the account of the user with admin rights. Resetting the Administrators
> password would not help because the account is disabled.
>
> Is there a way of accessing the server with admin rights without having to
> reinstall the whole OS? Is there a way to reset the password to the user
> with admin rights?
>
> Any help would be greatly appreciated!
.
- References:
- A problem regarding admin rights and passwords.
- From: Spamaway
- A problem regarding admin rights and passwords.
- Prev by Date: Re: Partitions or Not?
- Next by Date: Re: Partitions or Not?
- Previous by thread: RE: A problem regarding admin rights and passwords.
- Next by thread: Re: Delegates page is not availible...
- Index(es):
Relevant Pages
|
Loading
