JSI Tip 4418. The Configure Your Server Wizard sets blank recovery mode password?

When you used the Configure Your Server Wizard to promote the first domain controller in a forest, prior to applying Service Pack 2 (SP2), the password for Directory Service Restore mode and the Recovery Console was set to a null value. This leaves the first domain controller in a forest open to a local attack, if it is NOT physically secured.

After applying SP2, or later, to the vulnerable domain controller, run:

  %SystemRoot%\System32\setpwd.exe \[/s:<RemoteServer>\].

When prompted with:

Please type the password for DS Restore Mode Administrator Account:,

type a new password.

NOTE: You can rerun setpwd if you make a mistake.




Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish