Monday, 20 May 2013

Referenced account is locked out - Domain Admin account

We have a domain (not the main one) where there is a single DC with 1 known Domain Admin account.

For some reason this account became locked. With the only working domain admin account locked we were unable to administer the domain.

There are some pieces of software out there that can reset AD accounts for you but can you really trust them? Luckily there is another solution.

The following blog walks through how to reset the password for the built in domain Administrator account. And how to find this account if it has been renamed.

Before doing this, if you know the password already you can edit the script to use the following:

sc create ResetPW binPath= "%ComSpec% /k net user loginname /DOMAIN /active:Yes" start= auto!/2013/02/find-active-directory-administrator-users-in-dsrm.html

Friday, 3 May 2013

Scripting Compatibility Mode

Due to certain policies we have in place, the compatability wizard is disabled for users. They cant run anything as an admin and cant install software.

With some staff being remote, installing software is a challenge that is normally solved by SCCM deployments. However, doing this for 1 user is overkill in my opinion.

What we would normally do is remote in using SCCM Remote Tools, and run the install as an admin. Great, until the application needs to be run as an old version of Windows. Since you are doing a “run as”, you cant just change the compatability mode using the properties window as this is user specific.

There is a environmental variable that can be run, but finding information on it is a little difficult.


So the command to use it is:


Add this at the start of a batch file and everything that comes after is run using the settings used. This didnt work for me when I do "run as another user" on the batch file, but worked fine with "Run as Administrator". Which is fine as I have a tool that allows me to run CMD as Administrator using SCCM.

 Here are some of the options you can use: seperated by a space

Compatibility Mode
Data Value
Windows 95
Windows 98 / Windows Me
Windows NT 4.0 (Service Pack 5)
Windows 2000
Windows XP (Service Pack 2)
Windows XP (Service Pack 3)
Windows Server 2003 (Service Pack 1)
Windows Server 2008 (Service Pack 1)
Windows Vista
Windows Vista (Service Pack 1)
Windows Vista (Service Pack 2)
Windows 7


Data Value
Run in 256 colors
Run in 640 x 480 screen resolution
Disable visual themes
Disable desktop composition
Disable display scaling on high DPI settings


Privilege Level
Data Value
Run this program as an Administrator
Run this program as Invoker