Windows Server – Change Your Password in an RDP Session (Send Ctrl+Alt+Del)

KB ID 0001183 

Problem

Colleague: Windows Server, Where’s Windows Security gone?

Me: Eh?

Colleague: Windows Security!

Me: What are you trying to do?

Colleague: I want to change my password and I can’t send a Ctrl+Alt+Delete to the remote server.

Well I know that pressing Crtl+Alt+Delete would let you change your password like so;

I wasn’t aware that in Server 2008 and earlier if you were connected via RDP you got a ‘Windows Security’ option that lets you do the same, like so;

This is because if you press Ctrl+Alt+Delete it will execute on YOUR machine not the remote one. But this option is not included in Windows 2012 any more.

Solution

Well you can just normally use Ctrl+Alt+END while in an RDP session. But like me, my colleague was using a Mac and we don’t have an END key!

Mac OSX Sent a Ctrl+Alt+END Sequence

If your RDP connected from OSX then use Ctrl+Alt+Fn+Backspace

If your RDP connected using a Mac Keyboard, or from a VM session on your Mac (i.e. from a VMware Fusion Windows Machine), then use Ctrl+Alt+Fn+Right-Arrow.

Other Solution

From within the RDP session, launch the on-screen keyboard, (Start > Run > osk). Then Press Ctrl+Alt on your physical keyboard, and click the delete key on the on-screen keyboard with your mouse cursor like so;

 

 

BETTER Solution

Within the RDP session open powershell and run the following command;

[box]

(New-Object -COM Shell.Application).WindowsSecurity()

[/box]

 

Or use the following VB shortcut.

[box]

Set objShell = CreateObject("Shell.Application")
objShell.WindowsSecurity

[/box]

Scalable Solution (Create Password Reset Shortcut)

Create a shortcut for;

[box]

explorer.exe shell:::{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}

[/box]

 

Note: If you have a bunch of  RDP servers you wanted to roll this out to, you can set it up on your administrative account, capture your start menu to an XML file, and then distribute that start menu to all your users via group policy, (not available with server 2012 or earlier).

Related Articles, References, Credits, or External Links

NA

Windows – Lost / Forgotten Password?

KB ID 0000755

Problem

There are many reasons why you might want to do this, someone has managed to change a user password and that person is not available, you might simply have forgotten it. Or you might have been given a machine, or bought one from ebay that has come without a password. Also there have been a few times when a user has looked me in the eye and said “I’m typing my password in, but it’s not working”, I have never seen a password change on it’s own, so I will just put that down to the evil password gremlins.

The procedure will also work on the Windows local administrators password, just bear in mind that his account is disabled by default, (after Windows 8). This procedure will not work if the machine in question has had its hard drive encrypted using BitLocker.

You can use this procedure to blank, (or reset) a Domain Controllers DSRM (Directory Services Restore Mode) password.

You can avoid this procedure if you have access to another account on this machine that has administrative access. If you can log on as an administrator, then you can change the password of other local accounts on the affected machine without the need to do this.

Solution

How to Burn the ISO Disc Image

1. Download the Password Reset CD Image.

2. Download ImgBurn and install, Launch the program, if it does not look like this you need to select View >EX-Mode-Picker. Select the ‘Write image file to disc’ option.

2. The file you downloaded is a zip file that contains the disk image, you will need to extract the image from the zip file (i.e. drag it to your desktop). From within ImgBurn launch the browse option and navigate to the disk image you have just extracted > Open.

3. Select the burn to disc icon (Note: This will be greyed out, until there is a blank CD in the drive). The image is very small, it will not take long to burn.

Carry Out a Windows 8 Password Reset.

This procedure uses the boot CD you have just created, for it to work you need to make sure the machine will attempt to boot to its CD/DVD Drive before it boots to its hard drive. (Or it will simply boot into Windows again). This change in ‘Boot Order’ is carried out in the machines BIOS, how you enter this varies depending on machine vendor, when you first turn on the machine watch for a message that looks like Press {key} to enter Setup. Typically Esc, Del, F1, F2, or F9. When in the BIOS locate the boot order and move the CD/DVD Drive to the top of the list.

1. Boot your machine from your freshly burned CD, when you see this screen simply press {Enter} to boot.

2. Depending on how many disks/partitions you have it will discover them and assign a number to each one, here I only have 1 so I will type ‘1 {Enter}’.

Note: You may see a small 300Mb partition, ignore that. You may also see your machines recovery partition if it has one, if that’s the case you may have to carry out some trial and error to get the right one.

3. The system is set to look for the default registry location C:WindowsSystem32Config so simply press {Enter}. If it fails at this point you selected the wrong drive/partition.

4. We want password reset so select option 1.

5. We will be editing user data and passwords, so again select option 1.

6. You will be presented with a list of the user objects that it can locate, here I want to reset the password for the ‘PeteLong’ user object so simply type in the username you want to edit.

Note: As mentioned you can see here the administrator account is disabled, if you want to work with that account, you will need to unlock and enable it on the next screen before you blank or change the password.

7. You can choose option 2 and type in a new password, but I’m going the blank the password, then change it when I get back into the machine by selecting option 1.

8. To step back you need to enter an exclamation mark.

9. Enter a ‘q’ to quit.

10. To write the changes you have made enter a ‘y’.

11. As long as you are happy, and have no other accounts that need changing, enter ‘n’.

12. Now remove the boot CD, and press Ctrl+Alt+Delete to reboot the machine.

13. As the user object we are dealing with was the last one that has logged on, it will select that account as soon as the computer boots, and now it has a blank password it will automatically log on.

14. To change the password, press Ctrl+I > Change PC settings.

15. Users > Create a password.

16. Type and confirm your new password, and enter a password hint > Next.

17. Log off the account and test the new password.

 

Related Articles, References, Credits, or External Links

NA

vSphere ESX – Configure Buffalo Terastation 5000 as an iSCSI Target

KB ID 0000899 

Problem

This little NAS box is a cheap way of adding a large amount of storage. Below I’m going to configure it as an iSCSI target, then connect my ESX5 host to it.

I’m not setting up any CHAP authentication, but I’ll show you where it’s configured, if you want to deploy yours a little more securely.

Also it’s considered good practice to separate your storage network traffic, from your actual network traffic (either physically or via VLANs). Here I’m also NOT doing that.

Solution

Initial Configuration of the TS5000

If you connect either of the NAS box’s NICs to your network they will pick up an IP address via DHCP (You will see it in your DHCP leases).

1. Connect to the NAS with a web browser, the default password is ‘password’.

2. To change the default password: Enter Easy Admin mode > Reset Password > Follow the instructions.

3. Team / Trunk The NICs: You can have each NIC with its own IP address, but I prefer to aggregate them > Network > Port Trunking > Configure port trunking.

4. Select ‘Link 1’.

5. Select All > Assign.

6. It may take a few seconds.

Configure iSCSI

7. First enable iSCSI > Drives > iSCSI > Click the switch to enable.

8. Configure iSCSI

9. Create Volume.

10. Give the volume a name, description, and specify the volume size > OK.

Note: If you wanted to configure authentication select enabled, and set accordingly.

11. Enter the numbers as requested > OK.

12. This can take a couple of minutes also.

Configure ESX For iSCSI

13. Connect to either your ESX host or vCenter > Select a host > Configuration > Networking > Add Networking > Create a new vSwitch > Add a VMkernel port group (called iSCSI or something sensible) > Assign a free NIC, and give it an IP address on the same range as the NAS box.

14. Storage Adaptors > If you do not see any, select ‘Add’ and add in a software iSCSI Adapter.

15. Right click your iSCSI Adapter > Network configuration > Bind it to the port group you created in step 13.

16. Then on either the Dynamic or the Static discovery tab, enter the IP address of the NAS box.

17. Storage > Add Storage > Disk/LUN > Select the iSCSI storage > Follow the instructions.

18. Repeat the process on your remaining ESX hosts. (Note: You will only need to create the VMFS volume(s) for the first one).

Related Articles, References, Credits, or External Links

Cisco Small Business (SG500) Link Aggregation (LAG) With LACP

Enable the Local Administrator & Set the Local Administrators Password via Group Policy

KB ID 0000641 

Problem

Microsoft disabled the local administrators account for a good reason, (its GUID it always the same, and its a well known attack vector into Windows). That said, if you have a problem on the domain, and you want to get into a client machine directly, not having the local admin enabled can be a pain.

Note: If you deploy your machines via WDS you can add a local admin account (with a different name) to your deployed machines see,

Windows Deployment Services (On Server 2008 R2)

Solution

1. On a domain controller Start > Administrative Tools > Group Policy Management Console.

2. Navigate to where you want to create your policy, or edit an existing one.

Note: You CAN apply this policy to domain controllers and the domain admin account will be unaffected. So you CAN set in the default domain policy if you wish. I prefer to create separate policies for things though, as it makes settings easier to find.

Enabling the Local Administrator via Group Policy

3. Navigate to;

[box] Computer Configuration > Policies > Windows Settings > Security Settings > Local Polices > Security Options[/box]

Locate the “Account: Administrator account status Properties”, define and enable the policy.

Set the local Administrators Password via Group Policy

4. You need to do this with a group policy preference, but you can do this in the same policy, navigate to;

[box]Computer Configuration > Preferences > Control Panel Settings > Local Users and Groups[/box]

Right click > New > Local User > In the ‘User name’ section change the drop down to Administrator (built-in) > Set the password > Un-tick ‘User must change password at next logon’ > Tick ‘Password never expires’ > Apply > OK > Exit the policy editor.

5. Then either reboot the clients, wait a couple of hours, or manually run “gpupdate /force” on them.

Related Articles, References, Credits, or External Links

NA

HP / 3COM – Setup the V1910-24G Switch

KB ID 0000495 Dtd 20/08/11

Problem

I was surprised this week when I went to fit one of these switches, I know HP bought 3Com some time ago but when I popped open the HP box I did not expect to see a 3Com switch.

Anyway, heres a very quick run down on initial setup (assign IP and secure the system passwords).

Solution

1. On the chassis locate the sticker with the serial number on it, on here it will show you the IP address that its set to by default, this is an IP in the 169.254.x.x range so providing you have a laptop/PC set up for DHCP simply connect it to the Switch (any port) and you can open a web browser session to it.

2. Default access is user name admin with a blank password.

3. To change the password, select Users >Modify.

4. Select the admin user and change the password below. Note: You can add additional users here as well.

5. To change the management IP address, select Network > VLAN Interface > Modify.

6. Out of the box you will only have one VLAN, change the setting to manual.

7. Set the required IP and Subnet mask > Apply (At this point you will be kicked out of the management console, connect the switch to your live network and you will be able to connect to its new address).

 

Related Articles, References, Credits, or External Links

NA