As an IT Professional, you might find yourself blessed with the unfortunate scenario of working on a Hyper-V server that is not able to authenticate to the domain and the cached domain credentials are no longer working. In addition to this predicament, you learn that there is no documentation for the local administrator password. Either the client who you’re working for doesn’t know the local administrator password or the previous engineer who built the server is no longer working for your company and the standard passwords aren’t working.
A 3rd party password cracker application will allow you to reset the local administrator password. The drawback is you have to pay for it and in my experience they don’t always work. Follow the steps below and use the Ease of Access Exploit to change the local administrator password.
The Ease of Access Exploit modifies the windows system files to enable you to open a command prompt at the windows login screen. This command prompt also runs as the system account, allowing you to add, create, or edit local accounts. The only tool needed for this exploit is a Windows CD.
It can be a Windows Vista, Windows 7, Windows 8, Server 2008 R2, Server 2008, Server 2012 or a Server 2012 R2 CD. Even though a Windows Server 2008 CD is used in this example, Linux distributions and Ultimate Boot CD will also work as well. The commands would be the same; the only difference would be the way you get to the command prompt.
How to reset your admin password
To get started, boot the server to a Windows CD. Browse to the repair section and open up the command line tool.
Inside the command line, change directories to the windows
installation directory. It will usually be the C, D, or E drive. In this
example the D drive contains the Windows system files. Type the
following commands:
D:
CD Windows/system32
Ren utilman.exe utilman.exe.old
Copy cmd.exe utilman.exe
This will change directories to the system32 directory and rename the
Utilman.exe file, which is the executable file that allows users to
open up the Ease of Access menu. This menu allows users to modify the
contrast of the screen and access features such as the Magnifier and
Narrator. After renaming the utilman.exe file, cmd.exe is copied and
renamed as “utilman.exe”. Now when users click on the ease of access
tool at the windows login, the command prompt will appear instead of the
normal menu.
Reboot the host and start up normally. At the login screen click on
the ease of access button in the lower left corner. A command prompt
running as the system account will appear.
Now you can either enable and reset the local administrator password
or create an additional account and add it to the local administrators
group.
Change the Local Administrator Password
Type the following commands to change the local administrator password and enable the account if it’s disabled:
Net user administrator newpassword
Net user Administrator /active:yes
Create an Additional Local Administrator Account
Type the following commands add another local administrator accountNet user newadmin P@ssw0rd /add
Net localgroup administrators newadmin /add
No comments: