Sign in with
Sign up | Sign in
Your question

Interesting Tech / Security Dilema

Last response: in Business Computing
Share
April 27, 2012 9:58:08 PM

Interesting Tech Dilema:
I have a customer who has a win2k3 server there were getting ready to retire. They copied all the data off (it was previously hosting a web-based database app), and then removed it from the domain. Come to find out that they did not have the original install software (and can't get a copy) - and the server had ALL accounts locked out of 'Interactive Logon' - meaning basically that no one could logon locally.

Now they need it back up, but can't login.

Tried various barts tools and manually launching secedit through a barts session to load the default database however I get an access denied everytime.

Anyone have any suggestions in reference to a live cd tool that will allow you to "Create" admin users? Or a way to get around the secedit issue? Or possibly a register hack to remove a user account from the 'deny interactive logon' list?

Again - it's not a password issue (that would be simple), it's the fact that ALL local accounts are locked out via local security policy.

Any help or suggestions would be much appreciated.

Thanks,
Rob
April 27, 2012 10:07:48 PM

how did you or your client end up in this situation? maybe we can back track of how this happened
April 27, 2012 10:32:55 PM

lookerup said:
how did you or your client end up in this situation? maybe we can back track of how this happened



Let me clarify - they are a NEW client.. we just got the call today.
Apparently their old IT admin (who was apparently paranoid a bit), had everything locked down and only had access to the server restricted to a few accounts with terminal services rights. He left, and someone who was less qualified took over, and the rest is history.
Related resources
a b 8 Security
April 27, 2012 10:58:28 PM

When a computer is removed from a domain the machine Administrator account becomes active again. This account has a different password than the domain Administrator and is not accessible while the machine is tied to the domain. If they know what that password was, if one was even set, then they should be able to log in
April 28, 2012 12:28:49 PM

Please READ the entire post. It's NOT a password issue - their local IT admin (who no longer works there), had previously locked down ALL accounts (including administrator) through LOCAL SECURITY POLICY restricting ALL OF THEM to NO INTERACTIVE LOGON (basically means no logon locally). If it was a simple password issue that would be easy.

I need a tool that will allow me to CREATE a new admin account. I've tried using PSExec after resetting the password through a barts session and I still get logon errors. Tried other password change tools as well.
April 29, 2012 12:58:21 PM

Use Microsoft DaRT, BartPE, or another Windows password recovery tool to unlock the account. The password can also be reset at that point.
May 7, 2012 7:01:17 PM

couldnt you just call up the guy and ask him?
May 7, 2012 7:01:53 PM

couldn't you just call up the guy and ask him?
May 7, 2012 7:58:09 PM

lookerup said:
couldnt you just call up the guy and ask him?


Ask him what? :) 
May 7, 2012 8:56:33 PM

lol how to "unlock" the admins
!