|
Posted by Eric Eickhoff on August 16, 2005, 12:34 pm
Please log in for more thread options
Thanks a bunch Steve -- that pointed me in the right direction and I got it
to where she is now able to log in the the DC as administrator -- thanks to
you and everyone else who offered sugestions.
-Eric
>I tested using the UPN logon for administrator and that did not work so I
>guess I was wrong about that. However I was able to reverse the change by
>editing the GptTmpl.inf file for that security option however instead of
>deleting the line for change administrator name edit instead to be
>administrator which should allow you/her to logon as administrator after a
>reboot. --- Steve
>
>
>> The problem is that @ is used for UPN logon which expects a domain name
>> after the @. I believe that the security option for change administrator
>> password may change only the old "pre Windows 2000" type logon name as
>> shown in a users account properties. It may be worth a try for her to try
>> and logon via UPN as in administrator@mydomain.com since the UPN logon
>> name for administrator may have not been changed. Another thing that may
>> work if that fails is to find the GptTmpl.inf file for the policy she
>> configured, delete the line for rename administrator account, and bump up
>> the version number in the GPT.ini file. The link below refers to some of
>> what I mentioned on editing such files including where they are and may
>> be helpful. You could place the hard drive from here domain controller
>> into another computer as a secondary/slave drive to edit those files if
>> you can not do it any other way such as via Recovery Console or a
>> bootable cdrom such as Barts PE. --- Steve
>>
>> http://support.microsoft.com/?kbid=226243
>> http://support.microsoft.com/?kbid=267553
>> http://www.nu2.nu/pebuilder/ --- Barts PE bootable CD/DVD
>>
>>> Greetings,
>>>
>>> I am stumped as to whether or not this can be resolved, but a client set
>>> the Rename Administrator Account setting in the Domain Controller
>>> Security Policy to a name containing the '@' character. Of course now,
>>> she can't log on to the domain with that account and as luck would have
>>> it -- she doesn't have any other accounts with domain admin privelages
>>> and this is the only domain controller. It is a W2K3 DC. Does anyone
>>> know if the DC Security Policy can be reset -- at least the Rename
>>> Admininstrator Account setting (I know -- this sounds fishy from a
>>> security standpoint and truly don't expect an answer on that one) or is
>>> there a way to log on to the system using the account name with '@'
>>> signs in it. I had her try entering DOMAIN\@ministrator in the username
>>> with no luck. I am assumming that it is looking at the information after
>>> the '@' sign as being the domain info and that is why it is failing.
>>> She does have the password for the Active Directory Restore Mode if it
>>> helps.
>>>
>>> Anyone have any insight?
>>>
>>
>>
>
>
| 
XML Sitemap