We've encountered an issue with our fully updated Windows Server 2022 that's lost its trust in the domain. When trying to log in using a domain account, we get a 'bad username/password' error, and nobody remembers a valid local username or password. Additionally, this server is running as a VMware virtual machine. We've had a similar situation with another server where we replaced utilman.exe with cmd.exe, but Windows Defender kept shutting it down. What are some effective methods to recover access?
7 Answers
If you've replaced utilman with cmd.exe, can you boot into Safe Mode? Defender shouldn't interfere in that mode! I've had similar issues where cmd would also shut down due to memory overload, and disabling the network helped launch it.
Since it's a VM, consider taking a snapshot, booting it with a Kali Linux Live ISO, and using 'chntpw' to reset any local account password. It's a solid method! There's a how-to guide for it online, albeit in German.
I had success with a similar situation on a 2019 server by booting from an ISO image and changing the admin password. It’s surprising how often these methods work!
Alternatively, booting with a USB drive lets you create a new local account. It's an effective way to regain control!
One way to tackle this is to disconnect the virtual NIC from the network. That would allow you to use cached credentials if there are any available. Once you're logged in, you can reconnect the NIC. This trick has saved me multiple times!
Good point! Just keep an eye on your Group Policy settings—if they limit cached logins to too low a number, you might still run into trouble.
Disconnect the network card, that way someone can log in with cached credentials. It's a classic move!
You should try this: disconnect the network, log in using cached credentials (ask the last admin who logged in), then reconnect the network. If you can access PowerShell as admin, run 'Test-ComputerSecureChannel -repair' to help reform connections afterwards.
I've tried that before, and it usually works great! Also, considering implementing Windows LAPS could help prevent such situations in the future.