Access Is Denied Message After Sysprep–How To Fix

Posted on 1 CommentPosted in 2003, 2007, 2008, 2008 R2, 2012, 64 bit, backup, bios, hyper-v, password, recovery, sysprep, windows, windows 2003, windows 2008, windows 7, windows server, workstation, x64, x86

If before you use Sysprep to prepare a Windows machine for imaging you set the administrators password “User cannot change password” then sysprep will not clear this setting, but will set the “User must change password at next logon” setting. Normally these two settings are mutually exclusive, but in the scenario for sysprep it seems they can both end up being set.

This means you get prompted to reset you password at first logon after sysprep completes and then find you have “Access Denied” as the response. There is seemingly no way around this Catch-22.

That is unless you use the Offline NT Password and Registry Editor. This tool allows password resets when booting the server from a CD or USB key (so physical access to the server is required). As the download for this is an iso file, it can also be used in virtual environments by configuring your virtual machine to boot from the iso you have downloaded.

To allow you to logon to your machine following the above issue, all you need to in the Offline NT Password tool is to blank out the administrators password and unlock the account. These are options 1 and 4 during the password reset stage. Full instructions with screenshots follow:

  1. Boot the server with the issue with the Offline NT Password and Registry Editor iso file:
    image
  2. Choose the correct boot option (or just press Enter for the defaults):
    image
  3. For Vista and earlier select the default of Option 1. For Windows 7 and Windows 2008 and later select Option 2 (to boot into the second partition on the disk). You might need to select a different option if you have more partitions. You need to select the partition that Windows is installed on.
  4. If the disk is marked as Read-Only ensure that the server went through a clean boot and was not shutdown incorrectly. Once the messages indicate a writable partition
    image
  5. Select the presented folder (by pressing Enter again). You can typically just press Enter through most of these stages. You will be asked what you want to do – we want to reset passwords:
    image
  6. Select Option 1 to Edit user data and passwords:
    image
  7. Press Enter to choose the Administrator account:
    image
  8. Type 1 to Clear (blank) user password. You should get back the message “Password cleared!”:
    image
  9. Press Enter again to reselect the Administrator account, and this time select Option 4 to unlock the account (even though this program tells you the account is already unlocked):
    image
  10. Once you see “Unlocked!” you can quit from this program. The process to quit requires you to save your changes. Note that the default setting is not to save changes, so you cannot now use Enter to select the default option.
  11. Enter ! to quit from the password reset program:
    image
  12. Enter q to quit from the script and to ask about saving changes:
    image
  13. Enter y to write back the files that have been changed:
    image
  14. You should have been told “***** EDIT COMPLETE *****”. Press Enter to finish the program scripts:
    image
  15. At this final screen you can remove the CD or unmount the iso image from your virtual machine and press CTRL+ALT+DEL to restart the server. The server should now boot into Windows and auto-logon as it has a blank password.
  16. Change the password and optionally untick the “User cannot change password” setting.

Recovering Exchange Items When Entourage Corruption Deleted Them From The Server

Posted on Leave a commentPosted in 2003, Entourage, exchange, PFDAVAdmin, recovery

I have a client who has an Exchange 2003 server and uses Entourage for the Mac. Last week all his sent items disappeared. It seems the problem is that Entourage’s local database corrupted and sync’ed back to the server that all these items where now deleted!

To recover them I used PFDAVAdmin from http://www.microsoft.com/en-us/download/details.aspx?id=22427 and expanded the installation on the server to an empty folder. Within this empty folder I located pfdavadmin.exe and run the software:

image

Once the program is running, and ensure that you are logged in to the server as a user with a mailbox (as that seemed to stop the program working), click File and Connect:

image

Select All Mailboxes (I could not get the https:// URL for specified mailboxes to work, so I just went for All Mailboxes

Once the Getting Mailbox List dialog disappears you are left with PFDAVAdmin as before, just showing +Mailboxes. Expand Mailboxes, expand your selected problem mailbox, expand Top of Information Store and then locate the folder that contained the missing items. In my clients case it was Sent Items.

image

From the right hand screen select the Items tab. Wait for the items to appear and then from the bottom pick Deleted Contents (I’ve found if you change to Deleted Contents while the “Normal Contents” list is still being collected that PFDAVAdmin fails and you need to open a new copy of the program). The screen will update (eventually if you have lots of items) with a list of items that have Unknown for the Item-level Perms column. Select as many as you need to (I found PFDAVAdmin crashes if you pick more than 1000 items) and right-click the selection  to choose Recover Items

imageimage

Once recovery starts you need to wait a while based on the number of items recovered and then you will get dialog box popup confirming your selection. Press OK, or if the dialog is too pick to fit on the screen just press Enter, and recovery completes.

Repeat until you have all the items recovered, and I would recommend rebuilding the Entourage identity as well, as that database on Entourage is now to be considered suspect.