Re: Administrator password unavailable - Small Business Server
- From: "Merv Porter [SBS-MVP]" <mwport@xxxxxxxxxxxxxxxxxxx>
- Date: Mon, 26 Mar 2007 09:32:03 -0400
You may have a version of Small Business Server that does not contain any of
the normal SBS 2003 componetns (Exchange, Sharepoint, ISA, etc.). This is
called: "Windows Server 2003 for Small Business Server". Basically, this
is a cheaper version of Windows 2003 with limitations of 15 CALs maximum,
must be the only domain controller, must purchase/use SBS2003 CALs, and a
few other restrictions.
The full SBS 2003 is called: Windows Small Business Server 2003.
For password recovery....
NTAccess
($70.00 US)
http://shop.sunbelt-software.com/product.cfm?name=NTAccess
OR,
----------------------------------------------
Domain Administrator (and/or Local Administrator) Password Recovery Process
(free, but more work)
-- Should work for "Windows Server 2003 for Small Business Server"
Operating Systems:
Windows 2000
Windows XP
Windows 2003
I. DSRM (Directory Services Restore Mode)
If the domain Administrator password was changed from the Server Management
console, the local Administrator password should have remained unchanged
(SBS 2003 initially syncs the Domain Administrator and (DSRM) Local
Administrator passwords). If so, the procedure below should let you change
the Domain Administrator password and get you access to your server (you can
skip the first steps if the [DSRM] Local Administrator password has not been
changed by anyone).
II. Change Domain Administrator Password Procedure
Reference...
http://forum.s-t-d.org/viewtopic.php?pid=13450
To recover a lost/forgotten AD Domain Admin password:
1. If Needed: Boot DC with Knoppix S-T-D (see Part III below)
2. If Needed: Reset Local Administrator Password (chntpwd) - used for DSRM
access
3. Boot using F8 - Directory Services Restore Mode
4. Logon with Local Administrator username/password
5. Launch Regedit & navigate to:
HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/Spooler
6. Change ImagePath value to:
c:\windows\system32\cmd.exe /k net user administrator pAssword /domain
7. Reboot and wait for the error from the print spooler failure
8. Logon with your newly set Administrator password (pAssword - case
sensitive)
9. Undo registry setting in step 6 or printing will not work.
10. Start Print Spooler Service
11. If desired, reset Domain Administrator password using Console
III. KNOPPIX Change Local Administrator Password Procedure
If you do not know the (DSRM) Local Administrator password for the server or
you suspect that it has been changed, go to:
http://mirror.cs.vt.edu/pub/Knoppix-STD/
download the .iso and create the CD. Then follow the instructions at:
http://www.astahost.com/how-reset-nt-password-using-knoppix-std-t8716.html
to reset the (DSRM) local Administrator account password
(using Knoppix, the username "Administrator" is case sensitive, so if you
see a cap letter on the "A", take note to type it that way when you specify
the account to reset the password).
The instructions at this web site are for Windows 2000, so when you get to
the part that says:
Type: cd /mnt/hda2/WINNT/system32/config (Win2000)
Instead use:
Type: cd /mnt/hda2/WINDOWS/system32/config) (WinXP, Win2003)
--------------------------------------------------------
KNOPPIX STEPS - CONDENSED
1. Boot on Knoppix CD
2. Right-click on the desktop and select XShells>Root Aterm
3. Type: cat /etc/fstab
4. Type: mount -o rw /dev/hda2 /mnt/hda2
("/dev/hda2 /mnt/hda2 ntfs" is the target hard drive; it may be "hda1" or
another designation)
5. Type: cd /mnt/hda2/WINNT/system32/config (Win2000)
or, Type: cd /mnt/hda2/WINDOWS/system32/config (WinXP, Win2003)
6. Type: ls -l (both instances are lower case "L")
7. Type: chntpw
8. Type: chntpw -l sam system security
9. Type: chntpw -u Administrator sam system security
(case sensitive, so use uppercase "A")
10. Do you really wish to disable SYSKEY? (y/n) [n] n
11. Please enter new password: *
(* = Blank Password; you can specify a secure one)
12. Do you really wish to change it? (y/n) [n] y
13. Write hive files? (y/n) [n] : y
14. From the desktop right-click > reboot
(or, if problematic, just pull the plug and reboot the machine)
IV. RESYNCING DSRM and Domain Administrator Passwords
SBS 2003 syncs the domain administrator password with the local
administrator (DSRM) password when you install it. If you want to resync
it, use the KB article below to reset the DSRM password to match the new
Domain Administrator password (not necessary, but for disaster recovery you
should record the DSRM password somewhere if it's different from the Domain
Administrator password)
How To Reset the Directory Services Restore Mode Administrator Account
Password in Windows Server 2003
http://support.microsoft.com/kb/322672
----------------------------------------------
--
Merv Porter [SBS-MVP]
============================
"Philip Herlihy" <thiswillbounceback@xxxxxxx> wrote in message
news:eu8as5$pqm$1$830fa17d@xxxxxxxxxxxxxxxxxxx
I've just acquired a new client who have (clearly) had very poor service
from my competitors. Among other problems, we have a Small Business
Server which is in the "locked" state, and we have no Administrator
password available. Apparently my immediate predecessor is dealing with
a grave family illness and has not responded to phonecalls or emails
over several weeks.
I'll declare now (as I've declared to my client) that I'm not very
familiar with SBS - I'll have to set one up on a test machine and study
it as soon as get the chance. The login screen announces itself as
"Windows Server 2003 for Small Business Server" so I can't even be sure
which version we have.
The office has seven PCs in the domain. In the very limited time I have
to look at this problem I've tried logging on as one of the "normal"
domain users - this account does not have Administrator status, and it's
unlikely that any of the other accounts would have greater privileges.
I've tried connecting via Remote Desktop (which has clearly been used in
the past) but it appears that only the Administrator account has the
necessary privileges. I've also tried logging on remotely via
Sysinternals' psexec utility, but this is blocked.
At the moment the server is continuing to provide SQL Server services to
a line-of-business application and I've managed to provide them with
access from Outlook to a POP3 server but it's clear that this is a
disaster looming. I'm assuming that SBS isn't readily "hacked". I do
have physical access to the server and could, for example, dismantle it
if that would help! The only alternative seems to be to put pressure on
my predecessor which everyone is loath to consider.
Suggestions already received:
Install a new copy of SBS over the top. However, I very much doubt my
client will be able to produce the original CDs and keys, and the only
copy I have is an Action Pack version, which I guess will produce
licensing and activation problems.
Reset the password using this utility:
http://home.eunet.no/pnordahl/ntpasswd/bootdisk.html
I very much doubt that encryption has been used by this client, and I
recognise that data loss will be irrecoverable if I turn out to be wrong!
I'll be grateful for any advice.
--
PH, London
===========
.
- Follow-Ups:
- References:
- Administrator password unavailable - Small Business Server
- From: Philip Herlihy
- Administrator password unavailable - Small Business Server
- Prev by Date: Re: ConnectComputer Mystery
- Next by Date: RE: SBS 2003 FTP Access problem
- Previous by thread: Administrator password unavailable - Small Business Server
- Next by thread: Re: Administrator password unavailable - Small Business Server
- Index(es):
Relevant Pages
|
