S
Stein Waalen
Hehe...nice suggestions......
Try this instead...
PSS ID Number: 239803
Article Last Modified on 10/15/2002
-------------------------------------------------------------------------
-------
The information in this article applies to:
a.. Microsoft Windows 2000 Server
b.. Microsoft Windows 2000 Advanced Server
c.. Microsoft Windows 2000 Datacenter Server
-------------------------------------------------------------------------
-------
This article was previously published under Q239803
SUMMARY
When you promote a Windows 2000 Server-based computer to a domain
controller, you are prompted to type a Directory Service Restore Mode
Administrator password. This password is also used by Recovery Console,
and is separate from the Administrator password that is stored in Active
Directory after a completed promotion.
MORE INFORMATION
The Administrator password that you use when you start Recovery Console
or when you press F8 to start Directory Service Restore Mode is stored
in the registry-based Security Accounts Manager (SAM) on the local
computer. The SAM is located in the %SystemRoot%\System32\Config folder.
The SAM-based account and password are computer specific and they are
not replicated to other domain controllers in the domain.
For ease of administration of domain controllers or for additional
security measures, you can change the Administrator password for the
local SAM. To change the local Administrator password that you use when
you start Recovery Console or when you start Directory Service Restore
Mode, use one of the following methods.
Method 1
If Windows 2000 Service Pack 2 or later is installed on your computer,
you can use the Setpwd.exe utility to change the SAM-based Administrator
password. To do this:
1.. Log on to the computer as the administrator or a user who is a
member of the Administrators group.
2.. At a command prompt, change to the %SystemRoot%\System32 folder.
3.. To change the local SAM-based Administrator password, type setpwd,
and then press ENTER.
To change the SAM-based Administrator password on a remote domain
controller, type the following command at a command prompt, and then
press ENTER
setpwd /s:servername
where servername is the name of the remote domain controller.
4.. When you are prompted to type the password for the Directory
Service Restore Mode Administrator account, type the new password that
you want to use.
NOTE: If you make a mistake, repeat these steps to run setpwd again.
For additional information about the Setpwd.exe utility, click the
article number below to view the article in the Microsoft Knowledge
Base:
271641 The Configure Your Server Wizard Sets Blank Recovery Password
Method 2
1.. Log on to the computer as the administrator or a user who is a
member of the Administrators group.
2.. Shut down the domain controller on which you want to change the
password.
3.. Restart the computer. When the selection menu screen is displayed
during restar, press F8 to view advanced startup options.
4.. Click the Directory Service Restore Mode option.
5.. After you log on, use one of the following methods to change the
local Administrator password:
a.. At a command prompt, type the following command:
net user administrator *
b.. Use the Local User and Groups snap-in (Lusrmgr.msc) to change
the Administrator password.
6.. Shut down and restart the computer.
You can now use the Administrator account to log on to Recovery Console
or Directory Services Restore Mode using the new password.
For additional information about how to secure the local SAM, click the
article number below to view the article in the Microsoft Knowledge
Base:
223301 Protection of the Administrator Account in the Offline SAM
Keywords: kbhowto KB239803
Technology: kbwin2000AdvServ kbwin2000AdvServSearch kbwin2000DataServ
kbwin2000DataServSearch kbwin2000Search kbwin2000Serv
kbwin2000ServSearch kbWinAdvServSearch kbWinDataServSearch
Stein Waalen
MCSE, CCA
Computerland Norway
Try this instead...
PSS ID Number: 239803
Article Last Modified on 10/15/2002
-------------------------------------------------------------------------
-------
The information in this article applies to:
a.. Microsoft Windows 2000 Server
b.. Microsoft Windows 2000 Advanced Server
c.. Microsoft Windows 2000 Datacenter Server
-------------------------------------------------------------------------
-------
This article was previously published under Q239803
SUMMARY
When you promote a Windows 2000 Server-based computer to a domain
controller, you are prompted to type a Directory Service Restore Mode
Administrator password. This password is also used by Recovery Console,
and is separate from the Administrator password that is stored in Active
Directory after a completed promotion.
MORE INFORMATION
The Administrator password that you use when you start Recovery Console
or when you press F8 to start Directory Service Restore Mode is stored
in the registry-based Security Accounts Manager (SAM) on the local
computer. The SAM is located in the %SystemRoot%\System32\Config folder.
The SAM-based account and password are computer specific and they are
not replicated to other domain controllers in the domain.
For ease of administration of domain controllers or for additional
security measures, you can change the Administrator password for the
local SAM. To change the local Administrator password that you use when
you start Recovery Console or when you start Directory Service Restore
Mode, use one of the following methods.
Method 1
If Windows 2000 Service Pack 2 or later is installed on your computer,
you can use the Setpwd.exe utility to change the SAM-based Administrator
password. To do this:
1.. Log on to the computer as the administrator or a user who is a
member of the Administrators group.
2.. At a command prompt, change to the %SystemRoot%\System32 folder.
3.. To change the local SAM-based Administrator password, type setpwd,
and then press ENTER.
To change the SAM-based Administrator password on a remote domain
controller, type the following command at a command prompt, and then
press ENTER
setpwd /s:servername
where servername is the name of the remote domain controller.
4.. When you are prompted to type the password for the Directory
Service Restore Mode Administrator account, type the new password that
you want to use.
NOTE: If you make a mistake, repeat these steps to run setpwd again.
For additional information about the Setpwd.exe utility, click the
article number below to view the article in the Microsoft Knowledge
Base:
271641 The Configure Your Server Wizard Sets Blank Recovery Password
Method 2
1.. Log on to the computer as the administrator or a user who is a
member of the Administrators group.
2.. Shut down the domain controller on which you want to change the
password.
3.. Restart the computer. When the selection menu screen is displayed
during restar, press F8 to view advanced startup options.
4.. Click the Directory Service Restore Mode option.
5.. After you log on, use one of the following methods to change the
local Administrator password:
a.. At a command prompt, type the following command:
net user administrator *
b.. Use the Local User and Groups snap-in (Lusrmgr.msc) to change
the Administrator password.
6.. Shut down and restart the computer.
You can now use the Administrator account to log on to Recovery Console
or Directory Services Restore Mode using the new password.
For additional information about how to secure the local SAM, click the
article number below to view the article in the Microsoft Knowledge
Base:
223301 Protection of the Administrator Account in the Offline SAM
Keywords: kbhowto KB239803
Technology: kbwin2000AdvServ kbwin2000AdvServSearch kbwin2000DataServ
kbwin2000DataServSearch kbwin2000Search kbwin2000Serv
kbwin2000ServSearch kbWinAdvServSearch kbWinDataServSearch
Stein Waalen
MCSE, CCA
Computerland Norway