Announcement

Collapse
No announcement yet.

Have domain admin, but need to VIEW local password

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Have domain admin, but need to VIEW local password

    Hello gents,

    I searched and read all the articles in the stickies and I don't really see anything that pertains to my situation. I was hoping everyone here could point me in the right direction.

    Our server admin up and left on a whim and he is not coming back. Sadly, he controlled all the local admin accounts for our 40+ server farm. I have physical access to 20% of these servers. I have domain admin access for each of the servers. I can login just fine with that, so resetting would be easy, but I need to VIEW the local admin password so I know what it is. The same password for local admin was used in my entire region and for the ease of an impending project that requires I do not reset them right now, I humbly ask your assistance. Is there a tool or a way to simply view what the local admin password is if I'm logged on with domain admin, or anything of the sort?

  • #2
    Re: Have domain admin, but need to VIEW local password

    It's true the sticky's need work and as a mod on this forum that falls on me.

    So we already know we can do a "Manage" "My Computer" and go to System Tools\Local Users and Groups\Users\Administrator\right-click\Set Password.

    If you look at my posts today in this forum, you'll find references to previous posts where we discuss how to recover the password.

    I'm telling you now, even with 40+, I'd add the above mentioned steps to my next scheduled patch outage and be done with it.
    Cheers,

    Rick

    ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

    2006-2099 R Valstar. This post is offered "as is" for discussion purposes only with no express or implied warranty of any kind including, but not limited to, correctness or fitness for use. Nothing herein shall be construed as advice. Attempting any activity based on information in this post is done at your own risk.

    Comment


    • #3
      Re: Have domain admin, but need to VIEW local password

      You are correct sir. I can do that and thats what I will be doing in the coming weeks, but there is an SMS push coming from our corporate headquarters very soon and my boss 2 levels up has asked me to get that password. It would require too much time right now to change the password on each of the machines before the push, so I merely want to view the password, not reset it at this time. I know I can and how to reset it and thats not the issue.

      Comment


      • #4
        Re: Have domain admin, but need to VIEW local password

        There is a third party utility call "Reset Local Password Pro" that can reset them all at the same time. I know this doesn't answer your question, but it does give you a solution for resetting them en masse.

        Comment


        • #5
          Re: Have domain admin, but need to VIEW local password

          Originally posted by joeqwerty View Post
          There is a third party utility call "Reset Local Password Pro" that can reset them all at the same time. I know this doesn't answer your question, but it does give you a solution for resetting them en masse.
          That just might work. Thanks mate. I'll look into that one.

          Comment


          • #6
            Re: Have domain admin, but need to VIEW local password

            Originally posted by Davedough View Post
            That just might work. Thanks mate. I'll look into that one.
            Do report back. I'd be interested to know how it deploys itself.

            @joeqwerty: Have you used this SW? Please share.
            Cheers,

            Rick

            ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

            2006-2099 R Valstar. This post is offered "as is" for discussion purposes only with no express or implied warranty of any kind including, but not limited to, correctness or fitness for use. Nothing herein shall be construed as advice. Attempting any activity based on information in this post is done at your own risk.

            Comment


            • #7
              Re: Have domain admin, but need to VIEW local password

              Yep, I've used it. It works great and is fairly intuitive although you might be confused by some of the fields. When resetting the password for multiple machines you have to select the enumeration method, enumerate the machines, and then select them. Once you select them, there's a section for resetting the password on the checked machines with a field for the old password... this is the confusing part... the old password is not required to set a new password so you leave this field blank and only fill in the new password and verify password fields. Of course you have to run this program as a user that has domain and local admin permissions (typically the domain admin).

              Comment


              • #8
                Re: Have domain admin, but need to VIEW local password

                Fantastic. I've purchased that for later use. Nice use of the company credit card. =)

                Exactly as described. The order in which you change local passwords is a bit confusing and like he said, you have to enumerate, but its really quite simple once you get the hang of it. And obviously you must be a domain admin over those machines (we run AD and all the machines are in my region, so group policy trumps the rights there).

                At any rate. Ran the program, tested and everything went swimmingly. Thank you SO much for that. You've likely saved my hide.

                Comment


                • #9
                  Re: Have domain admin, but need to VIEW local password

                  Glad to help.

                  Comment


                  • #10
                    Re: Have domain admin, but need to VIEW local password

                    p.s. in answer to your question, no there is NO SIMPLE WAY to "View" a Windows password - if there were it would be a useless thing to have. It is very, very difficult to find out a Windows password and you may well have spent longer trying to make it work than you would have done rolling out a manual password change across your servers.


                    Tom
                    For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

                    Anything you say will be misquoted and used against you

                    Comment


                    • #11
                      Re: Have domain admin, but need to VIEW local password

                      There may be a simple way to get the password...

                      Call up the old admin and ask for it


                      As for it being very, very difficult to get the password, well that depends on the circumstances. Weak passwords can be cracked very quickly (hence the recommendation for 9+ character passwords, 1+ cap, 1+ special char, 1+ numeral, changed every 30 days + an RSA key for good measure).
                      ** Remember to give credit where credit is due and leave reputation points where appropriate **

                      Comment


                      • #12
                        Re: Have domain admin, but need to VIEW local password

                        Originally posted by Wired View Post
                        There may be a simple way to get the password...

                        Call up the old admin and ask for it


                        As for it being very, very difficult to get the password, well that depends on the circumstances. Weak passwords can be cracked very quickly (hence the recommendation for 9+ character passwords, 1+ cap, 1+ special char, 1+ numeral, changed every 30 days + an RSA key for good measure).
                        I was making the assumption that the previous admin wasn't an utter dimwit... which you'd have to be to use weak passwords on Windows Admin accounts on corporate systems.


                        Tom
                        For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

                        Anything you say will be misquoted and used against you

                        Comment

                        Working...
                        X