How to reset your Windows 2003 Server Domain Password
For a while now I've had a couple of win2k3 server boxes standing in the basement at school. Their main purpose was to test a setup where you have two servers working together sharing the same domain and active directory. Anyways.. The other day when I was trying to remote desktop one of the machines all I got was an error saying "this user is not permitted to log on interactively" or something like that. Bear in mind that this was the admin user so I knew something was wrong. Long story short, I came to the conclusion that someone had changed my domain admin and local admin password. I was locked out of my own box and the only solution I could think of out of the top of my head was to reinstall windows and use a stronger password this time. I didn't really want to do this because I had spent too much time trying to configure the boxes to synchronize.
A few googles later I found out that it was in fact possible to change the domain admin password as long as you had physical access to the server. So all I had to do was to crack or change the local administrator password. This can easily be done with most recover boot cds. I used a distribution of BartPE with "Password Recovery". So here's a step by step on how to recover your lost windows 2003 server domain admin password:
1. You're going to need two tools provided by Microsoft in their Resource Kit; SRVANY and INSTSRV.
2. Boot PartPE and run Password Recovery, change the local administrator password.
Remove the cd and reboot. Press F8 under boot and select Directory Restore Service Mode.
3. Log in as local administrator with the password you changed previously. Copy SRVANY and INSTSRV to a temp. folder. Copy cmd.exe from sytem32 to this folder.
4. Start a command prompt and cd to your temp folder then type:
instsrv PassRevocery "yourtempfolder\srvany.exe"
5. Configure SRVANY by opening regedit.
Find the key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\PassRecovery.
Create a new subkey called Parameters and add two new values:
name: Application
type: REG_SZ (string)
value: d:\temp\cmd.exe
name: AppParameters
type: REG_SZ (string)
value: /k net user administrator new_password
6. Run services.msc, open the PassRecovery property tab. Check the starting mode is
set to Automatic. Show the Log On tab and enable the option Allow service to interact with desktop.
7. From now on, anytime you restart Windows, SRVANY will run the netuser command and reset the domain admin password.
Use this command prompt to uninstall SRVANY after you have logged on as the domain admin by typing:
net stop PassRecovery then
sc delete PassRecovery
Now delete your temp folder and change the admin password.
A few googles later I found out that it was in fact possible to change the domain admin password as long as you had physical access to the server. So all I had to do was to crack or change the local administrator password. This can easily be done with most recover boot cds. I used a distribution of BartPE with "Password Recovery". So here's a step by step on how to recover your lost windows 2003 server domain admin password:
1. You're going to need two tools provided by Microsoft in their Resource Kit; SRVANY and INSTSRV.
2. Boot PartPE and run Password Recovery, change the local administrator password.
Remove the cd and reboot. Press F8 under boot and select Directory Restore Service Mode.
3. Log in as local administrator with the password you changed previously. Copy SRVANY and INSTSRV to a temp. folder. Copy cmd.exe from sytem32 to this folder.
4. Start a command prompt and cd to your temp folder then type:
instsrv PassRevocery "yourtempfolder\srvany.exe"
5. Configure SRVANY by opening regedit.
Find the key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\PassRecovery.
Create a new subkey called Parameters and add two new values:
name: Application
type: REG_SZ (string)
value: d:\temp\cmd.exe
name: AppParameters
type: REG_SZ (string)
value: /k net user administrator new_password
6. Run services.msc, open the PassRecovery property tab. Check the starting mode is
set to Automatic. Show the Log On tab and enable the option Allow service to interact with desktop.
7. From now on, anytime you restart Windows, SRVANY will run the netuser command and reset the domain admin password.
Use this command prompt to uninstall SRVANY after you have logged on as the domain admin by typing:
net stop PassRecovery then
sc delete PassRecovery
Now delete your temp folder and change the admin password.