locked
local administrator account locked out. RRS feed

  • Question

  • Hi all,

    I have a XP machine that is a member of Win2008 domain and the local
    administrator account is locked out

    Is it possible for the local administrator account to be locked out ? I
    rebooted the PC and still the account is locked out. Also seem strange the
    Domain admins group is not a member of the local administrator group..

    BTW .. Never thought the local administrator account can be locked out
    indefinitely .. If I am correct I believe it should be automatically
    unlocked after a reboot , correct ? .. Also is there an account lockout
    policy GPO for the local administrator . Is this domain or local GPO?

    Monday, April 26, 2010 4:33 PM

Answers

  • Yes... You can lock out the local administrator account (and even disable it)... however as it is a special account you can still log on locally to the computer if you reboot into safe mode.
    Alan Burchill (MVP)
    http://www.grouppolicy.biz
    Tuesday, April 27, 2010 7:51 AM

All replies

  • Hi,

     I'm pretty sure it's not possible to lock out the local administrator account from the console. There used to be a resource kit tool that allowed you to configure lockout for remote connections only.

    GPO lockout policies do not apply to local accounts

     What are the specific errors and/or symptoms you're getting?

    Can you log in when booting to safe mode?

     

    Thanks,

    Guy

    Monday, April 26, 2010 4:56 PM
  • Hi,
     
    The machine is located in one of our remote office. No IT admin onsite so I really can't check booting into safe mode unless I have one of the users try.  I remotely MMC -computer management console  and I see the local administrator account is locked out no error other than access denied when I try to add domain admins to the local administrators group  or unlock the local administrator account. 

    Do you think if I boot into safe mode I will be able to unlock the local administrator account ? , if  this is my only option to unlock the local account I may have to work with the user.
     
    "Guy Yardeni" wrote in message news:0c79d958-d853-4110-95b8-624193e12820...

    Hi,

     I'm pretty sure it's not possible to lock out the local administrator account from the console. There used to be a resource kit tool that allowed you to configure lockout for remote connections only.

    GPO lockout policies do not apply to local accounts

     What are the specific errors and/or symptoms you're getting?

    Can you log in when booting to safe mode?

     

    Thanks,

    Guy

    Monday, April 26, 2010 5:50 PM
  • The lockout method I'm thinking of only applies to remote access connections. Someone sitting at the console should still be able to log in and unlock (even without safe mode). There is no way to lock out a local administrator account for console access.

     

    Thanks,

    Guy

    Monday, April 26, 2010 6:07 PM
  • Yes... You can lock out the local administrator account (and even disable it)... however as it is a special account you can still log on locally to the computer if you reboot into safe mode.
    Alan Burchill (MVP)
    http://www.grouppolicy.biz
    Tuesday, April 27, 2010 7:51 AM
  • If you wish to add administration rights to a single account. Your solution is contained in this KB

     

    http://support.microsoft.com/kb/949377

     

    Cheers Keith

    Sunday, December 26, 2010 6:43 AM
  • Forgot your windows XP password? Don't worry about that. i have troubled the same thing before. I searched from internet and solved the problem. Now i want to share with you and hope it will really help.
    Solution 1: If you have owned another available admin password, it can work. Just log on your PC->Click "Start"button->Control Panel->Add or remove user account->Select the account you want to reset->Change or Remove the password. Then the password will be reset.

    Solution 2: You can use one of the password recovery software tool to reset the forgotten password. Here, i would like to introduce you one of them, which i have applied. It is really a good hand. That is Windows Password Reset Tool . The process is following.
    Step 1: Download the Windows Password Reset Tool and burn a erasable CD,
    Step 2: Boot the CD into the ISO image which is provided by Windows Password Reset Tool
    Step 3:BIOS settings
    Step 4:Recover the Windows XP admin password.
    It is an easy-to-use way to recover the password. You can have a try.
    Reset Windows Administrator Account Password
    Monday, July 4, 2011 3:15 AM
  • Alan This Method Does not Work. The account is still referenced as locked out when booting into safe mode.

    Thanks

    Wednesday, September 4, 2013 7:55 PM
  • Came across this thread by chance.

    The posted solution is wrong. Domain joined computers behave differently than non-domain joined ones. On a domain, we cannot "just boot safe mode" and all is good. MVPs should know that, and there's even 2 involved. Instead, they select it for an answer here.


    Saturday, May 16, 2015 8:21 AM
  • Ronald if you reread the OP posted you'll see he is referring to the "Local Administrator" account which is on the machine not a "Domain Administrator"  Which are definitely 2 different types of accounts.

    So the 2 MVP's solutions are viable!

    Thursday, May 21, 2015 6:51 PM