Re: Lost Administrator password

As it turned out, the above logs are related to user logons and the
associated logging being turned on. I spent the last few hours on the phone
with MS Support and they were similarly baffled. To reset the the account,
we used an alternate user ID with Administrator rights, re-entered
"Administrator" to the "User Logon Name" field, re-selected
username@xxxxxxxxxxxxxxxx and reset the password. In an effort to track
future accurrances, we enabled logging of "Administrators" found in the
Advanced settings of the Security Tab under Audit.

"Douglas" wrote:

Thank you for your imput; this does work for the reset of loca admin
passwords, but not DC admin passwords. I managed to get in via a forgotten
support account with admin rights. What I found was that the logon ID for
Administrator was blank and the password reset as well (not sure if the
password was blank.

The only thing I found of interest was in the Security log (I'm not sure if
I've been hacked or not--Any thoughts?:

Event Type: Success Audit
Event Source: Security
Event Category: Directory Service Access
Event ID: 565
Date: 9/3/2008
Time: 7:31:19 AM
User: BRCHS\303-01$
Computer: BEAR4
Description:
Object Open:
Object Server: Security Account Manager
Object Type: SAM_DOMAIN
Object Name: DC=BRCHS,DC=local
Handle ID: 80347664
Operation ID: {0,210821267}
Process ID: 528
Process Name: C:\WINDOWS\system32\lsass.exe
Primary User Name: BEAR4$
Primary Domain: BRCHS
Primary Logon ID: (0x0,0x3E7)
Client User Name: 303-01$
Client Domain: BRCHS
Client Logon ID: (0x0,0xC90E056)
Accesses: READ_CONTROL
ReadOtherParameters
CreateUser
GetLocalGroupMembership

Privileges: -

Properties:
---
domain
READ_CONTROL
ReadOtherParameters
CreateUser
GetLocalGroupMembership
Domain Password & Lockout Policies
lockOutObservationWindow
lockoutDuration
lockoutThreshold
maxPwdAge
minPwdAge
minPwdLength
pwdHistoryLength
pwdProperties
Other Domain Parameters (for use by SAM)
serverState
serverRole
modifiedCount
uASCompat
forceLogoff
domainReplica
oEMInformation
Domain Administer Server

Access Mask: 0


For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.



"yaro137@xxxxxxxxxxxxxx" wrote:

I remember getting some Unix based disk that allowed me to change the
local admin's password on an XP box which would probably work on SBS
as well. You need to start the system from that disk and follow
instructions from a readme.txt file. When I get home I'll check
whether I still have that disk and post you the name of the software.
Then you can just google it.
yaro

.

Relevant Pages

  • Admin Account locked out every hour.
    ... The lockout originates from the domain controller DC1. ... None seem to using the Administrator account. ... Client Address: 127.0.0.1 ...
    (microsoft.public.windows.server.active_directory)
  • Re: cannot set custom security level with XPsp2
    ... scumware with the aid of SpyBot S&D, ... we found out that by logging in as user ... Administrator, the button is accessible. ... logging into administrator account and trying to change script ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • Can not create a new file with File.Create -- throws exception: Access Denied
    ... logged in as an administrator. ... My app starts running. ... (I can't get directory creation to work either, ... It will be a general logging location. ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: Can not create a new file with File.Create -- throws exception: Access Denied
    ... logged in as an administrator. ... difficult to do this right now (and I'm really suspecting Vista). ... my app will need to produce some logging. ... It will be a general logging location. ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: Security - confused
    ... After logging in as Administrator I appear to have control. ... That is the user you'll want to login with when making any design changes, ... I think it likely unnecessary to have that many frontend mdb files. ...
    (microsoft.public.access.security)