Trust lost and local admin disabled
-
Saturday, February 12, 2011 4:58 PM
My development laptop has lost the trust relationship to the domain and the local administrator is disabled.
1. I can login with the domain admin account, but it doesn't think it's an admin so I can't apply the trust patch
2. I've tried following the instructions in http://social.technet.microsoft.com/Forums/en/w7itprosecurity/thread/a200d87f-2f1e-4cec-88dd-9414bc61463a, but the machine spontaneously reboots when it gets to the safe mode login prompt; is this because it still thinks it's a memeber of the domain?
All seems a bit chicken/egg - lost trust relationship means no admin, and I can't install the patch to fix it 'cos there's no admin, also "Run as administrator" grants no privileges as there are no active admin accounts.
Any suggestions?
Paul
Answers
-
Monday, February 14, 2011 8:29 AMModerator
Hi Paul,
If you have a Windows 7 installation DVD (not a recovery DVD) you can boot the system with it to enable the built-in Administrator account. Select the default language, then choose "Repair your computer". Then select "Command Prompt". At the command prompt type:
net user administrator /active:yes [enter]
Remove the DVD, reboot the computer, and log into the built-in Administrator account.After that, you may download the Remote Server Administration Tools for Windows 7:
1. Install RSAT;
2. Go to Control Panel -> Programs and Features -> Turn Windows features on or off;
3. In the treeview, go to Remote Server Administration Tools -> Role Administration Tools -> AD DS and AD LDS Tools and select AD DS Tools.
Please use NETDOM for joining computers to the domain.
More information:
Regards,
Sabrina
TechNet Subscriber Support in forum.
If you have any feedback on our support, please contact tngfb@microsoft.com
This posting is provided "AS IS" with no warranties or guarantees, and confers no rights. |Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.- Marked As Answer by Paul Hatcher Saturday, February 19, 2011 9:58 AM
All Replies
-
Saturday, February 12, 2011 8:27 PM
You will need to fix the account on the server
My MVP is for Windows XP, Vista and Windows 7 IT, and I am getting increasingly good with Visual Studio.
Developer | Windows IT | Chess | Economics | Hardcore Games | Vegan Advocate | PC Reviews
- Proposed As Answer by Vegan FanaticMVP Saturday, February 12, 2011 8:27 PM
-
Saturday, February 12, 2011 11:28 PM
What do you mean by "fix" - as far as I can tell I have two choices...
- Remove the Computer record from the domain, but the computer itself will think it's still in the domain
- Apply the patch mentioned by KB976494, but this requires admin access to the machine which is the problem I have
Paul -
Monday, February 14, 2011 8:29 AMModerator
Hi Paul,
If you have a Windows 7 installation DVD (not a recovery DVD) you can boot the system with it to enable the built-in Administrator account. Select the default language, then choose "Repair your computer". Then select "Command Prompt". At the command prompt type:
net user administrator /active:yes [enter]
Remove the DVD, reboot the computer, and log into the built-in Administrator account.After that, you may download the Remote Server Administration Tools for Windows 7:
1. Install RSAT;
2. Go to Control Panel -> Programs and Features -> Turn Windows features on or off;
3. In the treeview, go to Remote Server Administration Tools -> Role Administration Tools -> AD DS and AD LDS Tools and select AD DS Tools.
Please use NETDOM for joining computers to the domain.
More information:
Regards,
Sabrina
TechNet Subscriber Support in forum.
If you have any feedback on our support, please contact tngfb@microsoft.com
This posting is provided "AS IS" with no warranties or guarantees, and confers no rights. |Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.- Marked As Answer by Paul Hatcher Saturday, February 19, 2011 9:58 AM
-
Thursday, February 17, 2011 5:31 AMModerator
Hi Paul,
How are you? I would appreciate it if you could drop me a note to let me know the status of the issue. If you have any questions or concerns, please feel free to let me know. I am happy to be of further assistance. :)
Regards,
Sabrina
TechNet Subscriber Support in forum.
If you have any feedback on our support, please contact tngfb@microsoft.com
This posting is provided "AS IS" with no warranties or guarantees, and confers no rights. |Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. -
Saturday, February 19, 2011 9:59 AMThanks that solved it - another trick I picked up a long the way was that if the machine was entirely disconnected from the network (physical and wireless), then my cached credentials still worked, so I could activate the administrator account that way as well.
Paul -
Tuesday, February 22, 2011 2:40 AMModerator
Hi Paul,
I am glad to hear that our issue was resolved.
After sharing your experience you can help other community members facing similar problems.
Thanks, and have a great day! : )
Best Regards,
Sabrina
TechNet Subscriber Support in forum.
If you have any feedback on our support, please contact tngfb@microsoft.com
This posting is provided "AS IS" with no warranties or guarantees, and confers no rights. |Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. -
Thursday, April 07, 2011 8:00 AM
I'm facing the same problem as Paul, in that, the trust relation is lost, and the local administrator is disabled, plus that the only domain user that can login is not a local administrator.
I booted from the Windows 7 DVD, and into the command prompt, and ran the "net user administrator /active:yes", it says after that the command ran successfully, I reboot after, but when I try to login as the local administrator, it comes back with the same message that the account is disabled.
Is there any reason for the command not to run successfully even though it reports that it did? Does it relate to any services not running while booting from the Windows DVD?
Maybe I'm missing a step!
Any help would be appreciated.
Thank you in advance...
-
Friday, April 15, 2011 1:42 AMI had the same problem. Try unplugging the network cable and logging in with your (cached) administrator domain credentials. If you get in, use the net user administrator /active:yes command to activate the loacal admin account. Make sure you know the local administrator password! Plug in the network cord and then remove the computer from the domain. You should be able to log into the computer on rebooting and then rejoin the domain.
.png){kind=spacer}
