This certainly doesn't require a format. Since you're not the administrator
yet, you have no idea what types of scheduled tasks and important
files/executables you might be deleting.
There are other ways. l0phtcrack is always an option. You might have to be
creative about how you'll get to the SAM. It can be done.
WInternal's ERD Commander is absolutely your solution.
http://winternals.com/products/repairandrecovery/erdcommander2002.asp?pid=er
d
It's worth every penny and is a "must have" for any administrator. Run ERD,
reset the administrative password, log into the box, dump the SAM, crack it
with l0phtcrack on another box while you're backing up data, scripts, etc.
and mapping how the server was configured to begin with. Take note of
specialty hardware and drivers you might need.
Then you can reload and set this company up correctly.
Good luck. We've all been locked out of our own servers at one time or
another. Those just starting will get there eventually. It's always nice to
be prepared when it does happen.
-----Original Message-----
From: DSardina [mailto:dsardina@si.rr.com]
Sent: Monday, August 16, 2004 8:53 AM
To: 'Robert Ritchey'; focus-ms@securityfocus.com
Subject: RE: Windows 2000 Administrator lockout
Hi Robert:
I know this is probably what you don't want to hear but, I would format the
box.
Other then that you can try to crack the SAM file for admin passwords, which
is time consuming.
There is nothing better then a nice clean format, especially that you just
inherited a foreign box,
and you know things are out of date on it. Might as well go for the format.
Just my 2cents.
Good Luck-
DS
-----Original Message-----
From: Robert Ritchey [mailto:rritchey@eods.com]
Sent: Friday, August 13, 2004 5:56 PM
To: focus-ms@securityfocus.com
Subject: Windows 2000 Administrator lockout
Hello All,
The network that I have is rather small. 1 server, and 4 workstations. I
inherited the systems. There has been no administrator working there for a
little over a year. What administrator that was there, was very much
non-technical.
When the network was built whoever built the server installed everything
they possibly could. This system now how few main functions:
1. File server
2. Internet Gateway
3. Symantec Virus manager
Nobody knows any of the passwords for anything on the system. Any of the
passwords that are in use are not allowed administrator access. I do mean
for anything! I can't even get Symantec to update virus signatures, as I do
not have a password to do the update with. The signature is like 2003 date.
It is just very frustrating!
I am looking for options, before I have to go and reformat and rebuild. This
would in some ways make life simpler, there are wrinkles in that all of
there operational data and other services are on the server. We are
currently moving foreword with a plan to rebuild. This will happen; I would
rather pick the time to do it. Rather than have it forced on me.
Does anyone know of any other way to take control of this machine and
network.
Thanks for your time and any ideas will be appreciated.
Robert Ritchey
---------------------------------------------------------------------------
---------------------------------------------------------------------------
---------------------------------------------------------------------------
---------------------------------------------------------------------------
---------------------------------------------------------------------------
---------------------------------------------------------------------------
