Re: URGENT - Invoke destructive batch files on login

If you know the admin password and have a workstation with the AD tools
already installed, you can use the following to get to the Active Directory
user and computer MMC without invoking the login script.

runas /noprofile /env /user:mydomain\admin "mmc %windir%\system32\dsa.msc"

I'd then create an alternate administrator account and start investigating
what little games your criminal contractor has used to compromise your
server. Consider locating an SBS or other reputable IT professional to
assist you.



--
/kj
"Lanwench [MVP - Exchange]"
<lanwench@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:OgqVtk02GHA.3428@xxxxxxxxxxxxxxxxxxxxxxx
In news:eCj1Kh02GHA.1256@xxxxxxxxxxxxxxxxxxxx,
Simon Gare <sg@xxxxxxxxxxxxx> typed:
Hi all,

an ex contractor has changed the login password for our SBS2003
server, not only that but he has added a batch file to invoke if we
try to reset the passwords and login as administrator, see note below.

Dude, I certainly hope you've already called a lawyer. What's the reason
this contractor is doing this? Is your company remiss on paying a bill?

Anyway, you couldn't simply reset the password unless you had an account
you could use that had sufficient privileges to do it in the first place.
Do you have a back door admin account? Do you have backup media with
accessible full backups of your server?




Is this possible and is there anyway around this?

Your urgent assistance is greatly appreciated.


Regards
Simon Gare


Nicholas Jaffe wrote

" you want your application back. Don't ask Pipex to recover the
passwords, logging in as Adminstrator will invoke the startup batch
files, which will put you in an even worse position than you are
already in.
Nick"






.

Relevant Pages

  • Re: Change Domain Administrator Password SBS 2K3
    ... Definitely need to record the old Administrator password. ... The server is utilizing Exchange, ... Check for any Services running that is using the administrator account. ... Record the old admin password. ...
    (microsoft.public.windows.server.sbs)
  • Re: Administrator password unavailable - Small Business Server [solved]
    ... > I've just acquired a new client who have had very poor service ... Among other problems, we have a Small Business Server which is in the "locked" state, and we have no Administrator password available. ... In the very limited time I have to look at this problem I've tried logging on as one of the "normal" domain users - this account does not have Administrator status, and it's unlikely that any of the other accounts would have greater privileges. ... I used Knoppix STD and the chntpw utility to blank the Local Admin password, then used the dodge using SRVANY and INSTSRV to set the Domain Admin password to a new value. ...
    (uk.comp.misc)
  • Re: URGENT - Invoke destructive batch files on login
    ... Unfortunately no other account only Administrator. ... an ex contractor has changed the login password for our SBS2003 ... server, not only that but he has added a batch file to invoke if we ...
    (microsoft.public.windows.server.sbs)
  • Re: Change Domain Administrator Password SBS 2K3
    ... The server is utilizing Exchange, ... There is also a 2003 member server acting as a ... Check for any Services running that is using the administrator account. ... Record the old admin password. ...
    (microsoft.public.windows.server.sbs)
  • Re: Admin password
    ... > Someone, possibly an ex-employee, has changed the admin password on ... > one of my XP Pro machines. ... I just installed a new 2003 server and need ... > to setup a new account for a new employee. ...
    (microsoft.public.windowsxp.general)