Windows Server How ToYour Windows Server Knowledge Base

Hello there!

To change domain admin password under windows server 2003 AD You will need:

* physical access to domain controller

* directory restore administrator password

* SRVANY and INSTSRV resource kit tools provided by Microsoft

1.

Restar Your Windows server 2003 domain controller into Directory Restore service mode (mode available in list after hitting F8 when booting PC)

Login as Administrator (using directory restore administrators password)

2.

Copy SRVANY and INSTSRV tools into temp folder located for example in c:\TMP

Also copy cmd.exe that is located in “%WINDIR%\System32″ to c:\TMP folder

3.

Start command line.

Type: cd c:\TMP and hit Enter

Type: instsrv PassRecovery “c:\TMP\srvany.exe” and hit Enter

4.

Start registry editor and navigate to:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\PassRecovery

Create new subkey named Parameters and add following values:

name: Application
type: REG_SZ (string)
value: C:\TMP\cmd.exe

name: AppParameters
type: REG_SZ (string)
value: /k net user administrator [New Password]

Replace [New Password] with complex password You will set for Administrator user.

5.

Open Services (Start>Run>services.msc>OK)

Click on PassRecovery service and change starting type to Automatic

Then go to “Log on” tab and check “Allow service to interact with desktop” option

6.

Restart server in normal mode and wait for command prompt to show up.

Log on as Administrator with new password [New Password]

7.

To uninstall service You created open command line and type:

net stop PassRecovery and hit Enter

sc delete PassRecovery and hit Enter

Some time ago i got non delivery record (NDR) mail message stating that my mail  could not be delivered to recipient X which resides in domain Y. You`ll say it is daily stuff… but the main problem is that i have never send this message by myself. Someone used my mail address to spam others. This is big threat to me and my company because it affects people`s confidence in me and my company`s reliability. What can we do about it you`ll ask ?

We can use help of Sender Policy Framework (SPF) which stands for open standart specifying a technical method to prevent sender address forgery. SPF allows the owner of a domain to specify their mail sending policy, for example which mail servers they use to send mail from their domain. To make it work we need that both sides were configured in right way. Domain owner must publish mail sending servers in SPF record and place this record in DNS server within his DNS zone.  Mail receiving server must enforce these policies vis SPF record check function.

Lets leave theory alone and try to generate SPF record for your domain.

For that first of all follow this wizard which will guide you through SPF record creation.

After you have SPF record generated and if your Windows server 2003 hosts yourdomain.com zone open DNS management snap in, navigate to yourdomain.com zone and choose to add “Other new Records…”. Select Text (TXT) record type and press “Create Record…” button. Copy data you generated earlier using wizard and paste it to “Text” textbox.  Click OK button and you are done.

Note, if you dont control your domain zone then contact your ISP and ask him to add SPF record for you.