smart remote held by girl In Control Technology

Resetting Windows Server 2003 password

TEST
Recently I had a customer call me about a Windows 2003 Small Business Server that they did not have any administrator account passwords for.  When I got a chance to look at the machine, I discovered not only is the bios password protected, but the password for the local computer account and the domain account will not work.  I tried one of  my boot CDs to see if I could boot from the CD Rom and at least that option was available.  The software wouldn’t run properly, however, so I took the Server back to my office for the weekend, with customer’s approval.

If  you do a web search of available software to reset a windows password the search will return a number of sites, but most do not have a phone # to actually call to order or talk with tech support.  It is just an email address.  To minimize problems, I recommend if you can not find the address of company and an actual phone number to contact them, leave the site immediately and find another.  There are plenty of sites that have very fancy designs, but no phone # and/or physical address.  After hours of searching , these were the only legitimate sites I could find.

This site has been recently updated with a new version, which is a good sign.  The author does not accept money or donations.  My initial reservation was that there would be no real support offered, but then again he is a tech like me and does this all for free.

http://www.petri.co.il/reset_domain_admin_password_in_windows_server_2003_ad.htm The author explains how to change the password for a domain admin account.  Several blogs reference this site so I had confidence that the steps were legitimate.    Again, the author does not charge anything.  He does reference a site that you can pay for software that is supposed to reset the password – Spotmau’s PowerSuite 2010.  I bypassed their pay link and went directly to the manufacturer website.  I sent an email to their support asking if the software could reset the admin password and the response did not make any sense.  Basically it said ‘we’re sorry the software didn’t work’, when I was asking if it would work.  Probably answered by a person from another country that was using some kind of translation software.  I said no to that option.

http://www.lsoft.net/pwch.aspx Active Password Changer.  This software used to be free in the older version of Hiren’s Boot CD 10.0  Now you can not find it in his package because he only puts free software in there.  At least this gives me confidence that the software must work if a tech used it back in the day.  They have a phone # and email to contact plus an actually physical address.  They wanted $50 for the software but I was able to find a coupon so I only paid $30.  This was the only software I purchased.  I did first try the older free dos version, but it didn’t work for me.  Said it reset password, but upon reboot it still didn’t work.  It was 2.0 version I believe and now company is upto 4.0

Finding the software is step 1 – then comes actually going through the process of resetting the passwords.

First I opened up the computer and reset the bios password.  I was hesitant at first to do this since the server was setup as a mirrored raid and there was no controller card so it could be setup in the bios.  I consulted two other friends that also run computer companies and they both agreed that this should be safe to do.  I used the motherboard’s jumper and voila reset the password.  I was now able to get into it.  I checked its settings and nothing looked out of order.  I was hoping for USB boot support, but unfortunately that was not the case.  I then saved and rebooted to make sure the Server would still boot properly.  It did and I could move on. (You can not reboot a server properly without knowing the admin password.  So I had no no choice but to press the reset button or turn off/on).

I put Active Password Changer 4.0 into the CD Drive and rebooted the server.  The computer seemed to see the disc but then would go to the boot screen to actually run the server.  Did I burn the disc wrong?  I put it into my own computer and rebooted and it could see if fine.  It is very unusual to have a bad DVD/CD drive in a computer, but having spent hours on this issue before, I knew to check for it.  I replaced the DVD/CD IDE drive with another known good and this time the server booted from the disk.   I used the software per the manufacturers documentation which was well written.  It said the password was reset to blank and so I rebooted and tried logging into the local Admin account.  Guess what?  It didn’t work.  I did look at the manufacturers website for any FAQs or support about this issue, but I couldn’t find it.

I then used Offine Windows Password & Registry Editor. Again the document was written well and software said it reset the administrator password.  http://pogostick.net/~pnh/ntpasswd/It also mentioned that account was already blanked out.  Maybe Active Password Changer did work?  I rebooted the computer and again I couldn’t gain access to the local domain account.  (I forgot to mention that when the server boots up, if you hit CTRL ALT DEL twice, it is suppose to use the local user account vs domain user account.)  There was some debate if this was working properly so I used a suggestion mentioned in my research and used the F8 key at computer startup to access  Directory Service Restore Mode.  Again it did not work with blank password.  I re-read the docs for Offline Windows Password and noticed it mentioned option 4 – Unlock and enable user account.  I ran the utilitiy again and it mentioned on the screen that the account was locked.  So I unlocked it with option 4 and reset the password again for good measure.  Booted up using Directory Service Restore Mode again and I was finally able to get into the local administrator account.

Now I was in the Server Local Admin account but I still needed access to the Domain Admin Account.  I then followed the directions step by step laid out on the  www.petri.co.il website.  The exact web link is http://www.petri.co.il/reset_domain_admin_password_in_windows_server_2003_ad.htm When it asked for the password, I did use the P@ssw0rd as suggested.  No reason not to assume the domain is set to complex password.  Once I completed the instructions I was in the domain admin account.  I then reset the password to something else and will give that information to the customer.

I spent 10+ hours on researching this issue and coming up with a solution.  I actually finished the project at 3:30am on Saturday.  Yes I’m that dedicated.  Hopefully this will help future techs if they have this issue.  If you are not a computer professional, please hire one as you could seriously damage your server if you mess up.  I would like to thank all the resources I mentioned above because without them, I would not have a solution for the customer.

Scott Bakeeff
In Control Tek Owner/ Tech Wiz

Email circulating suggests action illegal in Florida!

I received an email from a colleague today that once again brought the potential danger of email communication and the widespread availability of information front-and-center. I consider this person to be reasonably intelligent, like most of the people I receive these sorts of emails from. I am never sure what the immediate thought is – impatience, urgency dictated by design (of the email), or simple ignorance – but the result is usually the same. Information gets passed-along that shouldn’t see the light of day.

The specific email I received this morning informs us that a police officer advised folks in his jurisdiction to use wasp spray in place of pepper spray because it was not only cheaper, but sprayed farther and would be useful to stop an attacker without them getting within physical range.

Now, the worst part about this email is that it is totally true. A police officer really did suggest this, and because of that many people will take it at face-value as information they can directly use.

That’s where you get into trouble. Here in Florida, to use a can of wasp spray in place of pepper spray is ILLEGAL. See Florida Statutes – specifically section 3, part b -”Tear gas gun” or “chemical weapon or device” means any weapon of such nature, except a device known as a “self-defense chemical spray.” “Self-defense chemical spray” means a device carried solely for purposes of lawful self-defense that is compact in size, designed to be carried on or about the person, and contains not more than two ounces of chemical.

Not only is a can of wasp spray not compact in size or designed to be carried “on or about the person”, it contains potentially more than 2 ounces of active chemicals, depending on brand. There are several states throughout our country that have similar pepper-spray laws and some municipalities ban the use of it completely. If one were to take this email at face-value because they don’t realize laws are not uniform, they could be getting themselves into a huge amount of trouble.

The second troubling aspect of this suggestion, even if you live in an area that would legally support using something other than pepper spray, is that wasp spray contains Pyrethrin. That chemical is known to be hazardous to humans and wasp spray cans are labeled such. There is also the warning that comes first on the can – “It is a violation of federal law to use this product in a manner inconsistent with it’s labeling” – of which spraying a human for the purposes of self-defense certainly is.

Perhaps in our very busy lives, we have stopped questioning so much out of sheer desperation and time-management. If it sounds legit on a first-read and it came from a source you personally trust, you let it go. That might be easier and cut-down on the amount of time you spend at work surfing for information possibly not relevant to your job. However, checking facts like this saves much more than time. Would you want to pass this on to a relative and have them be sued? Would they then turn around and sue you because you told them it was ‘ok’? Whatever the time costs may be, I submit they are still worth it. If you get information like this, the best thing you can do is sit on it until you have a chance to verify the accuracy. I have come across a few emails that were legit, and I then sent them on. Many emails, however, contain false-truths, urban myths or downright dangerous information that to someone un-educated in that field, might sound reasonable. A little research goes a long way toward not only stopping the proliferation of false information, but perhaps keeping someone you care about from being hurt.
And while we’re on the subject, most emails that have a call to action involving emailing a certain number of friends or else you won’t win the lottery, or worse, you’ll be a terrible friend and it shows you don’t love them – aren’t going to change the world. They’ll just junk-up someone else’s inbox.

Time to change your batteries!

Fall back is a great time of year. It gets dark sooner, cooler weather has set in and everyone is looking forward to the holiday season. Since we have to go around the house changing clocks anyway, the International Association of Fire Chiefs promotes it’s “Change your clock, change your battery” campaign. You can find more information here.

Everyone wants to feel safe – we install security systems, cameras and other gadgets to try and protect our families and property. All the gadgets in the world, however, need maintenance! So if you haven’t done it already, go around and change the batteries in your smoke and carbon monoxide detectors. It really could be a matter of life or death.