When you used the Configure Your Server Wizard to promote the first domain controller in a forest, prior to applying Service Pack 2 (SP2), the password for Directory Service Restore mode and the Recovery Console was set to a null value. This leaves the first domain controller in a forest open to a local attack, if it is NOT physically secured.
After applying SP2, or later, to the vulnerable domain controller, run:
%SystemRoot%\System32\setpwd.exe \[/s:<RemoteServer>\].
When prompted with:
Please type the password for DS Restore Mode Administrator Account:,
type a new password.
NOTE: You can rerun setpwd if you make a mistake.
0 comments
Hide comments