Tag Archives: active directory

Windows 7 or Domain Controller forgot password

So some how, and I won’t judge, you don’t have the user name and or password of an Active Directory domain administrator account and you need into that system. Your typical Windows password resetting utilities won’t work. This is because tbhe domain user accounts and passwords are not in the systems registry like they are in Windows 7, for example, but are in Active Directory.

Ok so if your like me you don’t need the talk; your server is down because you don’t have a password and you have users or management breathing down your neck asking every five minutes if you got the server back up.

Go grab your OS install disk and follow the steps below.

1. Boot to the install disk.
2. Select your language.
3. Click the link to take you to the repair tools/console, Repair you computer.
4. Select your installation you want to repair.
5. Launch the command prompt.
6. Change to the System32 directory in the Windows install directory, e.g., D:\Windows\System32.
7. Run this command: copy utilman.exe utilman.bak to make a backup of utilman.exe.
8. Run this command: copy cmd.exe utilman.exe to replace utilman.exe with cmd.exe.
9. Pop the install cd out of the system.
10. Run this command: shutdown -r -t 0 to reboot the system.
11. Once your system is done booting and your at the logon screen.
12. Click the icon in the bottom left that looks like a clock or press the Windows key + U to launch the Ease of Access wizard. But wait … what’s this. It’s not the Ease of Access wizard but a command prompt running as the SYSTEM account.
13. After you settle the evil scientist laugh that’s going on in your head run this command: net user to get a list of users, handy if you don’t know the user name of a domain admin account.
14. Run this command: net user <username> to reset the password of that account to something you know. Now you will still have to meet the password complexity requirements, if there are any, a good one to use night be $top4G3t!ngP@$$w0rd$.
15. Close the command window and logon with your reset account and password.
16. Be a good little boy / girl and undo the hack you just did. Delete the cmd version of utilman, set the password to something you will remember, only one person knows, and strong.
17. Write down the password and secure it in a safe or something.

Done.

You can use this same method when your Windows 7 users forgot the password as well. Bellow you will find a video I made of a practical demonstration of this technique.

 

Shadow Groups

Have you ever just wanted to assign permissions on a file or folder to an Active Directory (AD) Organizational Unit (OU)? Well that still isn’t possible but you can achieve the same effect with Shadow Groups (SG) and Restricted Groups (RG).

So here we go, FYI I am assuming you have an AD setup, an OU with users in it, and know how to get around in Active Directory Users and Computers (ADUC) and the Group Policy Management Console (GPMC).

Lets say you have an OU called StormTroopers and it has some user accounts in it. To make a shadow group for this OU is to open the OU and right click in some white space in the right hand pane of ADUC and create a new Security Group, Local/ Global/Universal, you pick one that is best for you.
I might have a post on the differences of each group type in the future so stay tuned.

Anyway back to my story. Name this new group the exact name of the OU, in our case StormTroopers, and now you have a Shadow Group … what a mysterious name for something that isn’t that hard.

Now all you need to do is adjust the Access Control List (ACL) of a file or folder to add the SG you just made.

Well that was fun and quite useful but what if you want to make sure the members of that SG stay the same even off someone adds to that SG on accident, ya we’ll say it was an accident.

In GPMC create a new GPO, name it what you will, and edit it. Drill down through Computer Configuration > Policies > Windows Settings > Security Settings to Restricted Groups. Right click in the white space in the right hand pane and select Add Group… Type in the SG or click Browse… to find it in AD. Under Members of this group: click Add… Type in the user names or click Browse… to find them in AD. Click OK or Apply all the way out of the group properties and close the GPO.

In GPMC right click on the OU that contains your Domain Controllers and click Link an Existing GPO…, find your newly created RG GPO and click OK. To implement this new GPO right away open cmd.exe and run gpupdate /force. Or you can just wait for GP to refresh on its own, default is 15 minutes. All you have to do now is assign your new SG some ACLs on a file or folder.