Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Server2003: locked out, PW reset tools not working


  • Please log in to reply
6 replies to this topic

#1 rfsdvm

rfsdvm

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:03 PM

Posted 16 March 2016 - 08:14 AM

I have a business system running about a dozen computers on a fileserver

running windows server 2003. Has a RAID 5 array. Also have a remote location that attaches via

terminal server.  Currently can't login to server (but our work application is

still functioning)  Tried linux live..chntpw, to blank administrator pw...didn't

work...tried to promote guest acct to admin and login thru that...didn't work.

Our software vendor "doesn't cover this type of thing".

Any help/ideas on restoring access to my server would be appreciated.

 



BC AdBot (Login to Remove)

 


#2 Wand3r3r

Wand3r3r

  • Members
  • 2,027 posts
  • OFFLINE
  •  
  • Local time:11:03 AM

Posted 16 March 2016 - 10:15 AM

"tried to promote guest acct to admin"

 

I take it you never made a backup admin account or your account a admin?

 

Sounds like you have been hacked.  Surprised you are not being held up by ransomware though you may discover this going forward.

 

You have tested as good backups?  Including system state?



#3 rfsdvm

rfsdvm
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:03 PM

Posted 16 March 2016 - 12:19 PM

yeah, our actual business data is backed up hourly (and appears to still be doing so, in spite of not being able to logon to server) and a full system

backup weekly...was just hoping to avoid the downtime and hassle of a reinstall...only had a single admin acct 'Administrator" but when attempted

reset/blanking pw, didn't work, so it was suggested to try making guest admin, but that didn't work either.

Any ideas other than reinstall?



#4 JohnnyJammer

JohnnyJammer

  • Members
  • 1,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:QLD Australia
  • Local time:04:03 AM

Posted 16 March 2016 - 04:44 PM

Not sure if is allowed to be recommended but reset password using Hirens boot CD.

If not then restore the SAM C:\Windows\System32\config from your backup!



#5 rfsdvm

rfsdvm
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:03 PM

Posted 16 March 2016 - 06:04 PM

tried Hirens...same as chntpw...acts like its changed but when reboot it isn't.

cant restore from backup without an OS.

still hoping for options

thanks



#6 JohnC_21

JohnC_21

  • Members
  • 24,291 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:02:03 PM

Posted 16 March 2016 - 07:01 PM

I have used this software but not on a server. It does say it works on server 2003.

 

http://pogostick.net/~pnh/ntpasswd/



#7 rfsdvm

rfsdvm
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:03 PM

Posted 16 March 2016 - 10:08 PM

yeah, that was one of the ones I tried...would say PW had been blanked, but when I tried to login, it would still not take blank.

I have since been able to login to safe mode/directory services restore, but when i try to change pw for local user, it says

this computer is domain controller and have to login as domain administrator....which safe mode doesn't seem to allow me

to do.  At his point, I at least have access to the files and can run teamviewer for our SW support company to login remotely

and see what they can figure out.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users