An
alternative (free!) to ERD is to install a second copy of Windows 2000 on the
machine with the lost password; make sure it doesn't go in the same folder (eg
put it in c:\recover). Boot to this install - you'll now be able to log on. If
all you need to do is recover files then you're away. If you actually need to be
able to use the install with the lost password then you need to be more devious.
What I've done in the past is to use my working install of Windows to open the
registry hive C:\winnt\system32\config\system in regedt32 - this corresponds to
hklm\system on the "other" install. Under here you'll find a list of services
which start when the machine starts and the matching exe file. An easy change to
make is to change imagepath for the spooler service so that instead of pointing
to spoolsv.exe it points to a program which does a "net user administrator
password" When the machine starts it will try to start the spooler service but
will actually change the admin password to "password" so you can now log
on.
I know
that this may seem like a serious security breach but remember in order to be
able to do this I've had to get to your machine, boot it from floppy or CD
and install a copy of Windows. If I've got physical access to do that then
I can probably do anything I want!
Steve
-----Original Message-----
From: Rick Kingslan [mailto:[EMAIL PROTECTED]]
Sent: 31 December 2002 03:42
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] recovering a computerDon,Restoring the computer object in AD will have no effect on the administrator password on the computer itself. You will have to revert to a password recovery tool like ERD Commander from Winternals.Thanks for helping me to understand the complete picture. I was sure I wasn't seeing it all, and you explained it perfectly.Sorry for the less than optimal solution, however. All is not lost - just a tad bit more expensive from the standpoint of the solution. But, ERD is a great tool to have, nonetheless.Regards,Rick Kingslan MCSE, MCSA, MCT
Microsoft MVP - Active Directory
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/expertzone-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Don Murawski (Lenox)
Sent: Monday, December 30, 2002 9:31 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] recovering a computerThe computer was deleted from the an OU.Now the local administrator password was and is lost.My question is? Can I do a restore of that OU to recover the computer account.The server is a remote location.So, restoring the administrator password will be tough.-----Original Message-----
From: Rick Kingslan [mailto:[EMAIL PROTECTED]]
Sent: Monday, December 30, 2002 10:24 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] recovering a computerAhhh..OK - different issue. If the administrator password was lost on a system, recovering the computer object is not going to help. Using a tool like ERD from Winternals at www.winternals.com would be a reasonable solution.Or, are we talking about the administrator password in AD? If so, pwdump and L0phtCrack has been used successfully in this case - given the right conditions.Rick Kingslan MCSE, MCSA, MCT
Microsoft MVP - Active Directory
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/expertzone-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Don Murawski (Lenox)
Sent: Monday, December 30, 2002 8:50 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] recovering a computerthe administrator password was lost-----Original Message-----
From: Rick Kingslan [mailto:[EMAIL PROTECTED]]
Sent: Monday, December 30, 2002 9:46 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] recovering a computerHmmmm. I've usually found it much easier to join the computer to a workgroup (pick the name... doesn't matter) then, reboot as directed. Join the computer back to the domain, reboot again, as directed. Move the computer object from the Computer Container to the appropriate OU.It's not worth the time, IMHO, to recover a single computer object. Now, if this was computer of great importance that it is no longer in AD and cannot be simply recreated and password synched via the method outlined above - give us the scenario. The collective knowledge should be able to help.Rick Kingslan MCSE, MCSA, MCT
Microsoft MVP - Active Directory
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/expertzone-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Don Murawski (Lenox)
Sent: Monday, December 30, 2002 7:43 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] recovering a computerDoes anyone know how to recover a deleted computer account in AD?Don L MurawskiSr. Network Administrator - MCSE 4.0, 2000WorldTravel BTI1055 Lenox Park BlvdSuite 420Atlanta, GA 30319Phone: (404) 923-9468Fax: (404) 949-6710Cell: (678) 549-1264