Vista Local/Domain Security Issue

Discussion in 'Software' started by madman045, May 8, 2008.

  1. madman045

    madman045 Kilobyte Poster

    272
    3
    49
    Here's one issue id like help with

    A friend of mine has a laptop that comes with Vista Business 32bit, it's all up to date including SP1, it has just one user on it, example for this is bob who is also a local administrator

    Now they have added the laptop to the 2003 domain and bob also has an account on the domain, same username and password. on joining the domain the local administrator account is disabled.

    Now for whatever reason, they needed to take this laptop off the domain, which was fine, until the laptop restarted and they logged on as bob (local account)

    Bobs local account is now only a guest user, so he cannot do anything on the laptop, cannot open control panel items, the manage computer section, add it to the domain and so on.

    Also when trying to access these things, UAC kicks in saying you need to enter an administrator password before the ok box will no longer be grey, however the UAC message does not have a box to enter said password.

    So apart from formatting the laptop and starting again, is there anyway to get into this laptop as the local administrator account is still disabled even though its no longer on the domain?

    Thanks

    Andy
     
    Certifications: 70-270, 70-290, PRINCE2 Foundation, VCA-DCV & VCA-DT
    WIP: MCSA 2008, VCP5-DCV, ITIL V3
  2. Stoney

    Stoney Megabyte Poster

    731
    23
    69
    Do you have the password for the built-in administrators account?
     
    Certifications: 25 + 50 metre front crawl
    WIP: MCSA - Exam 70-270
  3. Johnd76

    Johnd76 Megabyte Poster

    707
    16
    64
    If you have forgotten the password, then there are a few software programs out there, or it maybe that you need to re-install the OS
     
    Certifications: MCP, MCDST
    WIP: Not a thing
  4. madman045

    madman045 Kilobyte Poster

    272
    3
    49
    The built in administrators account is disabled and I believe this is done automatically when you join Vista to a domain, however when you remove it from the domain, it does not enable the local administrator account.

    So at the moment the only account active is Bob with his guest rights...

    And we have no means to be able to re enable the local administrator account.

    Looks like a rebuild then.

    Edit seems to be a bug and local administrator account is disabled by default in vista

    http://forums.microsoft.com/TechNet/ShowPost.aspx?PostID=2915241&SiteID=17
     
    Certifications: 70-270, 70-290, PRINCE2 Foundation, VCA-DCV & VCA-DT
    WIP: MCSA 2008, VCP5-DCV, ITIL V3
  5. NightWalker

    NightWalker Gigabyte Poster

    1,172
    25
    92
    Try this first.
    1. Boot into Safe Mode
    2. Go to Start > Run. Type ‘control userpasswords2’
    3. Go to the Advanced tab
    4. Click the Advanced button in Advanced user management
    5. Go in to the Users container
    6. Right click the Administrator account, select Properties
    7. Uncheck the Account is Disabled box.
    8. Save your changes.
    9. Reboot the PC.
    10. Type Administrator as the username and log in with your password.
    11. Send me £20.
     
    Certifications: A+, Network+, MCP, MCSA:M 2003, ITIL v3 Foundation
  6. Sparky
    Highly Decorated Member Award 500 Likes Award

    Sparky Zettabyte Poster Moderator

    10,718
    543
    364
    Do you have group policy configured on the domain for the PCs\Laptops? It sounds like you may have a policy in place that disables the local admin account and also changes the membership of the local administrators group.

    Are you able to run system restore with just user rights? If you restore to a point before you took it off the domain it *should* put it back on and you might be able to logon with a cached domain admin account. Long shot though! 8)
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) MS-900 AZ-900 Security+ Network+ A+
    WIP: Microsoft Certs
  7. Crito

    Crito Banned

    505
    14
    0
    Certifications: A few
    WIP: none
  8. madman045

    madman045 Kilobyte Poster

    272
    3
    49
    no policy's in place and as per that last article, it states that on a new install (which was done by the manufacturer) that the administrator account is disabled by default so we cannot log on in safe mode other than the existing user who has no rights.

    Unable to run the userpasswords2 as it requires elevated privileges of which the current user does not have being a guest.

    Good suggestions though

    Thanks

    Andy
     
    Certifications: 70-270, 70-290, PRINCE2 Foundation, VCA-DCV & VCA-DT
    WIP: MCSA 2008, VCP5-DCV, ITIL V3
  9. Crito

    Crito Banned

    505
    14
    0
    I'm surprised bob's local account got messed up by the domain account. But in all fairness, I think Vista's default of disabling the local admin account is better than XP's default of leaving it enabled with a blank password. :ohmy
     
    Certifications: A few
    WIP: none

Share This Page

Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.