Tuesday, January 6, 2015

What to do if you cannot logon to Remote Desktops, Or Manage them remotely and Your the Domain Admin

Problem:


- You forgot your password and you no longer can login


- You are the domain admin and you have rights; but you still can't login
- You get a message that states "you are not authorized to logon remotely"

Solution 1:


Download a copy of trinity rescue .  It is a password erase CD that allows you to make the administrator user account blank and enable disabled accounts.  Once you give yourself Admin rights you will be easily able to login remotely in no time.
If you are offsite, ask your customer/friend/relative to download it and burn it to a CD.

Download link is here: http://trinityhome.org
 


Solution 2: 


This could be a Group Policy Object (GPO) or a Local Security policy.  Check these settings in the following paths under the GPO.



There are 3 places of interest in regards to GPOs the 1st is at:
Computer Configuration/Windows Settings/User Rights Assignment/Allow logon locally

The 2nd is at
Computer Configuration/Windows Settings/User Rights Assignment/Deny logon locally

The 3rd is at:
Computer Configuration/Windows Settings/Security Settings/Restricted Groups

Just check the above three places and either add yourself or remove yourself depending on the permission your trying to obtain


For Local Security Policies check:
Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment


Solution 3:

 Hopefully you have a backup of your domain controller, if your don't then you need to call...
Microsoft at: 1-877-696-7786.

I honestly fee for you on this one as you will most likely pay like crazy or be on the phone with someone who has a heavy accent from a Country you do not live in.  Either way it has to be done and if your at work it is quicker to  call and save face than to have a network outage and lose your job.


Solution 4:

 I strictly advise against this as this is a reverse engineered hack of mine.

- unplug the network cable
- reboot yourPDC
- do not login
- power down all the remaining domain controllers
- keep them off
- login to the PDC
- check your arp cache
- find the oldest/longest powered on machine and power it off
-  reboot your PDC
- login delete your arp
- flush your dns
- remove the dns entry
- reboot
-login and look for GPO
- if you cannot login look at l0phtcrack.com all you need is a bogus AD to bump against with a rainbow table or brute force
- once your in you simply need to use the above solution 2.

- Cheers -


Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)