Announcement

Collapse
No announcement yet.

SBS 2003 Admin account denied access

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • SBS 2003 Admin account denied access

    Hi I have just taken over support for a company and have inherited a SBS 2003 Server.
    The server has had no backup for over a year (when the last admin left).
    VSS does not work, so the back does not work, unable to install any other backup as no admin rights.
    I want to repair it so I can do a backup to move to a new server.
    I did not know the administrator account password (the last admin didn't tell anyone)
    So I used a password reset boot cd and then restarted Windows 2003 in Directory Service Restore Mode.
    Copied SRVANY and INSTSRV to a temporary folder, mine is called D:\temp. Copied cmd.exe to this folder too. Next ran at a command prompt instsrv PassRecovery "d:\temp\srvany.exe"
    next
    Started Regedit, and navigated to
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\PassRecovery
    Created a new subkey called Parameters and added two new values:
    name: Application
    type: REG_SZ (string)
    value: d:\temp\cmd.exe
    name: AppParameters
    type: REG_SZ (string)
    value: /k net user administrator 123456 /domain
    "123456 is substituted for the password I used" Im not daft enough to publish it lol
    Next
    opened the Services applet (Control Panel\Administrative Tools\Services) and opened the PassRecovery property tab. Checked the starting mode is set to Automatic.
    to the Log On tab and enable the option Allow service to interact with the desktop.
    Restart Windows normally, SRVANY run the NET USER command and reset the domain admin password.
    OK so now I am logged in as administrator but guess what I still don't have admin rights???
    I can add new user with admin rights and log in as them but they still don't have admin rights Im totally lost??????????? Help please

  • #2
    Re: SBS 2003 Admin account denied access

    That's one convoluted way of resetting the domain admin password. What happened to running cmd.exe as a screensaver?

    Have you considered the possibility that the domain admin account may have been renamed, and that the account with the name "Administrator" could be just a decoy?

    Comment


    • #3
      Re: SBS 2003 Admin account denied access

      He says the same applies to new users with admin rights, so I suspect deeper than that...

      How many users/computers?
      (may be worth blowing away and starting from a known good state)
      Last edited by Ossian; 28th January 2014, 09:30.
      Tom Jones
      MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
      PhD, MSc, FIAP, MIITT
      IT Trainer / Consultant
      Ossian Ltd
      Scotland

      ** Remember to give credit where credit is due and leave reputation points where appropriate **

      Comment


      • #4
        Re: SBS 2003 Admin account denied access

        Originally posted by Ossian View Post
        He says the same applies to new users with admin rights, so I suspect deeper than that...
        Ah, I missed that one.

        @Scooby252: When you say you don't have "admin rights", exactly what do you mean? You're obviously able to create new AD users and make them members of the Domain Admins group, so what aren't you able to do?

        Comment


        • #5
          Re: SBS 2003 Admin account denied access

          @Ossian Only 10 Users/computers but that's not the issue in not scrapping. The issue is they have a bespoke piece of software which cost them 20,000 and they would rather be able to move the server to a virtual server and thus not have to for out another 26,000 for the new version.

          @Ser Olmy Its a strange one alright, when trying to open network connections it says "You do not have sufficient privileges for accessing connection properties"

          To fix this i went to Dcom but when i try to select the Enable Distributed COM on this computer check box it says "You do not have permission to view this directory or page using the credentials you supplied (access denied due to Access Control Lists)"

          Comment


          • #6
            Re: SBS 2003 Admin account denied access

            Originally posted by Scooby252 View Post
            @Ser Olmy Its a strange one alright, when trying to open network connections it says "You do not have sufficient privileges for accessing connection properties"
            You were trying to follow the instructions this KB article?

            Comment


            • #7
              Re: SBS 2003 Admin account denied access

              @Ser Olmy
              Yes thats right.
              I think i have got it or at least solved part of it
              I started a virtual version of SBS 2003 on a 2012 machine and referenced it against the User Account memberships for administrators, power users, and remote users. I found some discrepancies so i changed the memberships to match and logged on and of again. No Change (or was there?)
              The original Administrator Account had been renamed by the original admin. So I renamed it back to Administrator and re ran the SRVANY and INSTSRV to run on bootup. Success I now have admin rights again.

              Comment


              • #8
                Re: SBS 2003 Admin account denied access

                Renaming the Administrator account is a Windows Server best practice that doesn't apply to SBS 2003. It is necessarily implemented in later versions, but for 2003 the admin account - aka the 500 account is necessary for full implementation.
                TIA

                Steven Teiger [SBS-MVP(2003-2009)]
                http://www.wintra.co.il/
                sigpic
                Iím honoured to have been selected for the SMB 150 list for 2013. This is the third time in succession (no logo available for 2011) that I have been honoured with this award.

                We donít stop playing because we grow old, we grow old because we stop playing.

                Comment

                Working...
                X