Resetting/Discovering Password in W2K

Page may contain affiliate links. Please see terms for details.
Spinal

Spinal

MB Enthusiast
Joined
Sep 14, 2004
Messages
4,806
Location
between Uxbridge and the Alps
Car
x254, G350, Duster, S320, Mach1, 900ss and a few more
Interesting one this time...

I need to recover or reset the admin password on a large number of Windows 2000/2003 server machines. I can find people that can access the servers as non-admin users...

Oh - none have EFS enabled.

Simple enough, right?

The problem is... I cannot restart the machines. I have physical access to them, to a KVM, USB ports (which are enabled), etc.

My first thought was pwdump, then on another machine brute force it. That said, if I remember well, pwdump needs admin priviledges to run... right?

M.
 
I dont think you can force the passwords without rebooting to "dos". The link I posted only works on restart. I'm not sure there is a way to do this without having access to the user editor.
 
Last edited:
Thanks.

I know I can do it (several ways) with a reboot...

My latest thought is of checking the C:\Widows\Repair folder... assuming they haven't changed the password since installing the OS... I should be able to copy the backup of the sam file without issues..

M,
 
Easy with a reboot, not so easy otherwise - why can they not be rebooted?
 
timskemp said:
Easy with a reboot, not so easy otherwise - why can they not be rebooted?
Click to expand...

They can... but only between midnight and 4am...

I'm told that the security guard almost stabbed the last contractor who went to the datacentre at night :p

(being a little more serious... it's a rough area... and I really am not keen in staying up all night on unpaid overtime. )
 
I'm just wondering why you need physical access at night, Have you not got ILO on the servers?

Are these production machines you'll be mucking around in the SAM with?

Are these machines managed servers in an AD environment? If so why do you need a local admin login, why not use domain priveledges?
 
Spinal said:
They can... but only between midnight and 4am...

I'm told that the security guard almost stabbed the last contractor who went to the datacentre at night :p

(being a little more serious... it's a rough area... and I really am not keen in staying up all night on unpaid overtime. )
Click to expand...

If they're in a DC then it should be pretty secure. And take a couple of days off in lieu if they'll not pay overtime.

Only takes a couple of minutes with Hiren's boot cd or similar, and you're done.

If you need a contractor to do it for you I'm happy to spend a night on full rates in a datacentre, happens quite a bit for me!
 
Sp!ke said:
I'm just wondering why you need physical access at night, Have you not got ILO on the servers?

Are these production machines you'll be mucking around in the SAM with?

Are these machines managed servers in an AD environment? If so why do you need a local admin login, why not use domain priveledges?
Click to expand...

If they're in an AD environment then I dread to think what tinkering with the SAM will do to them.

If they have iLo advanced then it's an easy job though. All my DC based servers have iLo advanced (and all my newer production servers too). Until you need it, you'll never understand!
 
Thought of the domain... unfortunately, these are inherited boxes from 3 companies down the aquisition chain... and they can't find an accout (domain admin or otherwise) that has access to them. (personally I think they've locked out the domain admin account guessing passwords repeatedly)

As for messing around with the SAM file, that's why I want to copy it off to another machine and brute force it offline rather than edit it on the server. It'll take longer, but I'm hoping multiple machines have the same account credentials...

Thanks,
M.

Forgot to mention: ILO would be great... if they knew the password to that... tried the default on a few boxes, and that didn't work.
 
Last edited:
So these servers have no managements interfaces?

Are they connected to a domain or in a workgroup? If in a domain, do you have admin access to the domain? If so, have you considered using group policy to populate the local admin group on the member servers? You can then get in using a domain account.
 
They do... they're just not used :p (management interfaces that is)

Regarding being connected to the domain, I'm told they can't find an account on the domain that allows access - but I didn't look down that route myself. I will need to look into it on Monday, and do some reading up today/tomorrow,...

M.
 
You must log in or register to reply here.

Users who are viewing this thread

Total: 2 (members: 0, guests: 2)
Back
Top Bottom