Re: Locked out if 3 servers

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

nope

"Merv Porter [SBS-MVP]" wrote:

Have you tried a <blank> password for DSRM "local administrator" password?

--
Merv Porter [SBS-MVP]
============================

"mathialoc" <mathialoc@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:1CB62929-8F8F-4264-8A78-62DE5F3624A3@xxxxxxxxxxxxxxxx
no

"Merv Porter [SBS-MVP]" wrote:

Can you log into the server remotely with the Administrator account?
(maybe
an RDP session from a workstation or using RWW or RDP to externally
access
the server)?

--
Merv Porter [SBS-MVP]
============================
"mathialoc" <mathialoc@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:A71151AA-1F91-4B12-8F9C-3EBEC9ED8C95@xxxxxxxxxxxxxxxx
Well...

I have tried the DSRM and my known password from server installation
doesn't
work.

So I tried the Knoppix S-T-D CD. Unable to handle 64-bit address
space...

Which means it doesn't recognize the Hard Drives...

This is SBS2003 R2...

What Now..... I am in true need of a solution here....


I can't believe Microsoft hasn't allowed for such. With physical
access
to
the machine it should be acceptable practice to permit resetting of the
admnistrator password...







"Merv Porter [SBS-MVP]" wrote:

SBS a domain controller, so a login would require a domain
administrator
or
a user with enough privileges to log on locally to the server.

If you mean that you can't log into Directory Services Restore Mode
using
the local administrator password (the original domain administrator
password
when the SBS was installed - way back when), then you will have to
back
up a
couple of steps in the procedure and reset the Local Administrator
password
used for Directory Services Restore Mode access. Then you can use the
procedure to access the Active Directory of SBS and reset the current
domain
Administrator password.

--
Merv Porter [SBS-MVP]
============================


"mathialoc" <mathialoc@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:5873CB3C-27D6-43E0-A586-5F51CCC44291@xxxxxxxxxxxxxxxx
At the Server console I can not login - invalid username/password.
Doesn't
the actual Server Console login use the Local Administrator
password?

This is really scary...



"Merv Porter [SBS-MVP]" wrote:

The following procedure looks more complicated than it really is.
If
the
domain Administrator password was changed from the Server
Management
console, the local Administrator password should have remained
unchanged
(SBS 2003 initially syncs the Domain Administrator and (DSRM) Local
Administrator passwords when you install it).

Domain Administrator (and/or Local Administrator) Password Recovery
Process
http://groups.google.com/group/microsoft.public.windows.server.sbs/msg/b748ad0369503142

--
Merv Porter [SBS-MVP]
============================

"mathialoc" <mathialoc@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:1AC04BC4-4FE8-4EBD-9D5B-9B33D1FF262C@xxxxxxxxxxxxxxxx
I have three SBS2003 servers that I am responsible for at 3
different
locations. Somehow I have been locked out of them. The
administrator
password has obviously been changed. There are no disgruntled
employees
involved. No obvious brute force attacks revealed in the logs. I
am
concerned someone has found a way to change the passwords to
cause
an
obvious
DoS.

I'm wondering:

Has anyone else has seen anything like this?

On the first server to experience this we were unsuccessful at
recovering
the password and had to do a complete reinstall.

Can anyone provide a clear directive on how to reset or recover
the
local
administrator passsword. I have physical access to the machine...
This
shouldn't be so dificult...

I am very concerned over there being some kind of security
exploite
here....


















.

Relevant Pages

  • RE: AW: Security issue in Windows 2000?
    ... Change the local administrator name on the workstations i.e. local_admin ... If you want to prevent other local server ... > Evaluating SSL VPNs' Consider NEOTERIS, ...
    (Security-Basics)
  • RE: Cant set Local Security policies. They fail to save
    ... I followed your instructions on applying the predefined security templates. ... I still can’t set any of the local security policies on the server box. ... > using local Administrator account to test, ... >>> member of either the Remote Operators group or the Domain Power Users ...
    (microsoft.public.windows.server.sbs)
  • Re: Locked out if 3 servers
    ... I have tried the DSRM and my known password from server installation ... the local administrator password (the original domain administrator ... couple of steps in the procedure and reset the Local Administrator ... domain Administrator password was changed from the Server Management ...
    (microsoft.public.windows.server.sbs)
  • Re: Help - administrator locked out!
    ... Second - thanks for your extremely helpful response. ... with 1 Novell server. ... I don't pretend that I'm some sort of super administrator or anything. ... I agree it's my practices that have got me into trouble in the first ...
    (microsoft.public.windows.server.general)
  • Re: AW: Security issue in Windows 2000?
    ... If the user can guess the domain administrator ... > as all other servers's local administrator, ... > server in the doamin if you log on locally. ... > Evaluating SSL VPNs' Consider NEOTERIS, ...
    (Security-Basics)