Wednesday, July 25, 2012

How to recover MS Windows 2003 Server admin password

From time to time I have to deal with Windows servers, you know the usual stuff, updates, configurations, slowness ;), etc. This time I got the server but I did not get the credentials to use it. I talk to the administrator and he couldn't remember and the ones he gave me did not work and it did not help that he was sitting in other country with 10 hours difference ( it was 2 am for me ).

Anyways, I had to use another approach. Usually when I have this problem I use an Ubuntu CD I have with me all the time, boot the machine and install chntpw and change/reset the admin's account password to blank to some other password, easy right?

This time though, it did not work because the server has a RAID 0 configuration and it was a domain controller secondary server. I am not an expert on this area but since it was a domain controller its credentials were store in the active directory configuration not really in the local machine and chntpw could not save the changes. As usual, I had to do it the long way.

I did some research I found that I was not alone and also found some articles explaining how to recover/reset your password some good links are this and this ( this last one needed access to the local admin account which I did not have either, might help some one though).

Finally, I found this thread where the author explains pretty much every situation related to my specific situation which was Windows 2003 server with AD configured.

The solution was to download and burn this tool, which is basically the next chntpw evolution. Just boot the computer using the CD (you can also get the USB version if you want) and you get a command line tool which has chntpw tool already. You mount the drive where windows is installed  and locate the SAM file usually in windows is in windows/system32/config/ folder. Once you are there you execute chnptw -h which will show you the version and all the options you have.
chntpw in action :)

I tried resetting the admin password but that did not work :( so I had to enable the guest account and increase its rights to admin level.  Once that was done I boot the machine normally logged in using the guest account and change the admin account, reset the password and created my own account with admin rights :)

You can use the next commands to do the same:
This will ist all users
chnptw -l SAM

To launch the interactive mode which is really helpful
chnptw -i SAM

One more thing, once you do all the changes do not forget to save the SAM file otherwise nothing will happen and also to safely umount the drive. This is very important I made the mistake very times and I had to it all over again and again.

Happy hacking and remember to use it for good reasons :)

1 comment:

  1. chntpw is a nice tool, but with a ugly dos-style interface. I prefer to use the PCUnlocker program which has a graphical GUI interface.