User Panel
User Panel
User Panel
|
Posted: 7/21/2021 3:15:12 PM EDT
[#1]
Quote HistoryQuoted: E-Z mode: Take screenshot of VM Get Windows Server 2016 install disk/image Boot to Windows Server 2016 image Open CMD prompt once loaded (should be Shift+F10) Navigate in CMD to the C drive of the main OS Rename Ease of Access to CMD Reboot into OS and from the lock screen open up Ease of Access (CMD) Either force rejoin to domain or reset password from CMD Easy peasy, but will require some downtime. the more you know 
|
|
|
|
Posted: 7/21/2021 3:17:54 PM EDT
[#2]
Quoted: Any thoughts on this puzzler: Windows Server 2016. The domain trust relationship is broken. Normally, I'd log in as the local admin user and leave/rejoin the domain. The local admin account had its password changed. It isn't what it should be, and we don't know it. For added fun, we found that someone used the local admin account to run some local services. If we reset the password, the server gets borked. Anyone know any Mission impossible way to either reset the trust relationship or add a second local admin user without being able to log in? If it isn't the primary DC or a DC, kill the virtual network adapter temporarily and try to sign in. Often disconnecting network will send it into cached credential mode then you can correct. |
|
|
|
Posted: 7/21/2021 3:19:34 PM EDT
[#3]
https://www.top-password.com/blog/reset-forgotten-windows-server-2016-password/
|
|
|
|
Posted: 7/21/2021 3:19:54 PM EDT
[#4]
Quote HistoryQuoted: the more you know Quote HistoryQuoted: Quoted: E-Z mode: Take screenshot of VM Get Windows Server 2016 install disk/image Boot to Windows Server 2016 image Open CMD prompt once loaded (should be Shift+F10) Navigate in CMD to the C drive of the main OS Rename Ease of Access to CMD Reboot into OS and from the lock screen open up Ease of Access (CMD) Either force rejoin to domain or reset password from CMD Easy peasy, but will require some downtime. the more you know Ya, it takes all of about 30 seconds not including loading screen time to do. Zero external tools/CD/thumbdrives needed. The fix is BitLocker drive encryption. The downside is if you need to recover the OS later you'll need the BDE key, otherwise your data is toast. |
|
|
|
Posted: 7/21/2021 4:30:44 PM EDT
[#5]
Quote HistoryQuoted: the more you know Quote HistoryQuoted: Quoted: E-Z mode: Take screenshot of VM Get Windows Server 2016 install disk/image Boot to Windows Server 2016 image Open CMD prompt once loaded (should be Shift+F10) Navigate in CMD to the C drive of the main OS Rename Ease of Access to CMD Reboot into OS and from the lock screen open up Ease of Access (CMD) Either force rejoin to domain or reset password from CMD Easy peasy, but will require some downtime. the more you know It's quite handy, I've had to use this method more than once to get back into a system lol.
|
|
|
|
Posted: 7/21/2021 4:31:43 PM EDT
[#6]
Quote HistoryQuoted: Well that's an interesting idea. Might have to try that. Quote HistoryQuoted: Quoted: Clone to template and use vm customization to rejoin the domain. Then migrate to the new one during maintenance. Just an idea, never tried it. Well that's an interesting idea. Might have to try that. If you do please let me know if it works ETA if you restored to snapshot your time is probably way off. In that case the clone won’t be able to pull a kerberos ticket. Might have to try and hack it. |
|
|
|
Posted: 7/21/2021 4:31:53 PM EDT
[#7]
Quoted: Any thoughts on this puzzler: Windows Server 2016. The domain trust relationship is broken. Normally, I'd log in as the local admin user and leave/rejoin the domain. The local admin account had its password changed. It isn't what it should be, and we don't know it. For added fun, we found that someone used the local admin account to run some local services. If we reset the password, the server gets borked. Anyone know any Mission impossible way to either reset the trust relationship or add a second local admin user without being able to log in? |
|
|
|
Posted: 7/22/2021 9:22:20 AM EDT
[#8]
I'm in!
 I was able to use the "UtilMan trick" as suggested. I'd used it on a Windows 7 machine years ago. I didn't expect it to still work on 2016R2, but it does. Once I had a command prompt, I was able to use that to add a new local user and make them an administrator. Then I logged in as that new user and was able to rejoin the domain and reset the trust relationship. The original administrator account still has an unknown password, and the vendor's services are still using it, but the server is up and running, and I have full control again. We will get with the vendor and get them to change their shit to use a proper account for their services and not the local administrator. Then we can reset the local admin password. Thanks everyone for all the suggestions! I'll file them away for possible future use. |
|
|
Win a FREE Membership!
Sign up for the ARFCOM weekly newsletter and be entered to win a free ARFCOM membership. One new winner* is announced every week!
You will receive an email every Friday morning featuring the latest chatter from the hottest topics, breaking news surrounding legislation, as well as exclusive deals only available to ARFCOM email subscribers.
AR15.COM is the world's largest firearm community and is a gathering place for firearm enthusiasts of all types.
From hunters and military members, to competition shooters and general firearm enthusiasts, we welcome anyone who values and respects the way of the firearm.
Subscribe to our monthly Newsletter to receive firearm news, product discounts from your favorite Industry Partners, and more.
Copyright © 1996-2024 AR15.COM LLC. All Rights Reserved.
Any use of this content without express written consent is prohibited.
AR15.Com reserves the right to overwrite or replace any affiliate, commercial, or monetizable links, posted by users, with our own.
