Secure Offsite Backups
May 4, 2010How to copy files maintaining all file attributes
September 16, 2010Recently I had a client who one of their users changed the domain administrator password. Unfortunately for them they did not have a backup domain admin account. To recover the password you can follow these easy steps.
1. Before you see the Server 2008 splash screen push f8 repeatedly until you get the boot menu.
2. From here select directory services restore
3. This is going to allow you to login to the server using the password before you ran DCPromo originally.
4. Login to the server using the old password.(This password is the local password which can be reset using many tools out there)
5. Downoad these tools to c:temp – https://itsupportconsulting.com/wp-content/uploads/2010/09/srvany.zip
6. Extract the tools
7. Start the command prompt and type in this command instsrv PassRecovery “c:tempsrvany.exe” (this command adds a service called PassRecovery
8. Go to start run type in regedit and browse to HKEY_LOCAL_MACHINESystemCurrentControlSetServicesPassRecovery
9. Create a subkey named Parameters and then add these string values
name: Application
type: REG_SZ (string)
value: c:tempcmd.exe
name: AppParameters
type: REG_SZ (string)
value: /k net user administrator NewPassword4321 /domain
Make sure you use a password that is complex enough to meet the requirements or else this will fail.
10. Go into the services console. Go to the properties of the PassRecovery service. Make sure it is set to automatic. Then on the LogOn tab make sure there is a checkbox next to allow service to interact with desktop.
That is is reset the machine and everytime it reboots your password will be reset.
To remove the hack just type in the following commands
net stop PassRecovery
sc delete PassRecovery
Finally delete c:temp
