Thursday 26 April 2012

Video: Crack the Cred: Get into a Windows System/DC when the Domain Admin Password is Unknown/Lost/Changed

Fellow MVP Dana Epp goes through the steps to change the domain admin’s password on a DC where that password is not known or lost in episode 105 of Crack the Cred.
If there is a newer episode on the site then hover over the Playlist to get to episode 105.
It is very easy to do.
This is five minutes of any IT administrator’s life that is well spent. Period.
As Dana notes, the only way to protect that DC is by having the system partitions encrypted by BitLocker. Physical security for that DC is a close second.
We explain this situation to all of our clients and potential clients as a part of our IT Solutions Vision. Securing their systems is always a part of the conversation especially since many folks have those servers running in closets that are shared with anything from copiers to stationary!
Awesome job Dana!
Philip Elder
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book
*Our original iMac was stolen (previous blog post). We now have a new MacBook Pro courtesy of Vlad Mazek, owner of OWN.
Windows Live Writer


Doug H. said...


1) He makes a great case for BitLocker on Domain Controllers, especially if physical security is in doubt.
2) This reinforces why Read Only Domain Controllers instead of full DCs are better for branch offices.

Gantry said...

So would this technique work on a standalone 2008 R2 system, such as a Hyper-V host?

Philip Elder Cluster MVP said...


Physical access is the end of everything full or read-only.


LockSmith would work just fine. See episode 4 on Dana's site.