Interesting Tech / Security Dilema

Interesting Tech Dilema:
I have a customer who has a win2k3 server there were getting ready to retire. They copied all the data off (it was previously hosting a web-based database app), and then removed it from the domain. Come to find out that they did not have the original install software (and can't get a copy) - and the server had ALL accounts locked out of 'Interactive Logon' - meaning basically that no one could logon locally.

Now they need it back up, but can't login.

Tried various barts tools and manually launching secedit through a barts session to load the default database however I get an access denied everytime.

Anyone have any suggestions in reference to a live cd tool that will allow you to "Create" admin users? Or a way to get around the secedit issue? Or possibly a register hack to remove a user account from the 'deny interactive logon' list?

Again - it's not a password issue (that would be simple), it's the fact that ALL local accounts are locked out via local security policy.

Any help or suggestions would be much appreciated.

11 answers Last reply
More about interesting tech security dilema
  1. how did you or your client end up in this situation? maybe we can back track of how this happened
  2. lookerup said:
    how did you or your client end up in this situation? maybe we can back track of how this happened

    Let me clarify - they are a NEW client.. we just got the call today.
    Apparently their old IT admin (who was apparently paranoid a bit), had everything locked down and only had access to the server restricted to a few accounts with terminal services rights. He left, and someone who was less qualified took over, and the rest is history.
  3. When a computer is removed from a domain the machine Administrator account becomes active again. This account has a different password than the domain Administrator and is not accessible while the machine is tied to the domain. If they know what that password was, if one was even set, then they should be able to log in
  4. Please READ the entire post. It's NOT a password issue - their local IT admin (who no longer works there), had previously locked down ALL accounts (including administrator) through LOCAL SECURITY POLICY restricting ALL OF THEM to NO INTERACTIVE LOGON (basically means no logon locally). If it was a simple password issue that would be easy.

    I need a tool that will allow me to CREATE a new admin account. I've tried using PSExec after resetting the password through a barts session and I still get logon errors. Tried other password change tools as well.
  5. Use Microsoft DaRT, BartPE, or another Windows password recovery tool to unlock the account. The password can also be reset at that point.
  6. couldnt you just call up the guy and ask him?
  7. couldn't you just call up the guy and ask him?
  8. lookerup said:
    couldnt you just call up the guy and ask him?

    Ask him what? :)
  9. lol how to "unlock" the admins
Ask a new question

Read More

Security Servers Business Computing