Wednesday, January 12, 2022

Resetting The Domain Admin Password in Windows Server

The below steps are confirmed work on Windows Server 2016. Please comment below if you are able to get this to work on different versions.

Download server 2016 ISO > attach to VM > reboot into ISO > Repair your Computer > Troubleshoot > Command prompt

> cd C:\Windows\System32

> ren osk.exe osk.old

> copy C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe osk.exe

Reboot the server, launch the on screen keyboard and Powershell will open

> Net user Administrator PASSWORD

Make sure you reverse the file changes after.


This is assuming you have the Bitlocker key, or you don’t use Bitlocker. If you're trying to get into a Windows user account and the drive is not encrypted:

From the login screen you can hit shift five times to launch Stickykeys - a system accessibility app to keep shift and control on when pressed instead of having to hold them down.

You can rename/overwrite that app (c:\windows\system32\sethc.exe) with cmd.exe and you have system root shell at the login screen instead of stickykeys. Of course havig access to an unencrypted drive, you can do just about anything, but this can be a quick hack in time sensitive situations.

Be sure to always encrypt your hard disks!