A: Only as secure as the physical access to any one of your Domain Controllers. If I have physical access to any of your Domain Controllers I will have administrative access to your domain within 10 minutes.
After several weeks of being away from my Hosted Exchange project (it got extended again!) I was back to work on it this week. Whilst I was away I was asked if the Development team could move my Proof of Concept environment to a different ESX host. Of course I had no issue with this as it was not being used whilst I was away. When I attempted to log on today I found that the administrative password I had set was no longer working. I always set the same password for all my development passwords (there is no real requirement for them to be secure) so I know I had not just forgotten it. The team that moved my VMs had no knowledge of the change of password. With it being a POC environment, I had no reason to create other administrative users in the Domain either.
I now have a scenario where I have a dozen servers configured with HMC4.5 and Exchange 2007 that I cannot access. It would take a week or so to reproduce this environment again, so I set about trying to hack the Domain Administrator password. ERD Commander and LockSmith allows you to reset the password on most new Windows Operating Systems. I have in the past tried this on a Windows 2003 Domain Controller to see what would happen and it did allow me to change the Domain's Administrator Active Directory password! As my first port of call I tried this boot disk and tool to see if it would work with a Windows 2008, Server Core Domain Controller. And guess what? It does! This has saved me a lot of work.
I guess this is not really new news, but it is relevant that it also works with Windows 2008 Domain Controllers. So - better make sure that Server Room door is always locked - eh?
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment