Determining when a local Windows account password was last changed

Our corporate policy requires us to change Windows server local Administrator passwords on a regular basis.  We have a script that accomplishes this, and after the change we do a QA check to validate the passwords were actually changed.

To determine when a local account password was last set (administrator, in this example) , run the following command:

net user Administrator | find /i “Password last set”

The result looks like:

Password last set            7/8/2010 11:14 AM

Tested on Windows 2000, Windows XP, Windows 2003, and Windows 2008.

Note: Just typing net user accountname will provide lots of good details about the user account.

C:\>net user administrator
User name                    Administrator
Full Name
Comment                      Built-in account for administering the computer/domain
User’s comment
Country code                 000 (System Default)
Account active               Yes
Account expires              Never

Password last set            7/8/2010 11:14 AM
Password expires             Never
Password changeable          7/9/2010 11:14 AM
Password required            Yes
User may change password     Yes

Workstations allowed         All
Logon script
User profile
Home directory
Last logon                   8/3/2010 5:42 PM

Logon hours allowed          All

Local Group Memberships      *Administrators
Global Group memberships     *None
The command completed successfully.

Howto: Reset a lost VMware guest password

So you’ve forgotten your VMware Linux or Windows guest password?  Here’s how to reset it.  These instructions focus on resetting the password through the Virtual Infrastructure Client, but there’s no reason you couldn’t do it using VMware Workstation or VMware Server.  

1. Grab a Kon-Boot .iso image.
2. In the Virtual Infrastructure client, configure the problematic guest’s Virtual CDROM for the Kon-boot ISO image.
3. Boot the problem guest server.  At the VMware BIOS screen, press the ESC key to bring up the boot menu.  Select to boot from CD-ROM.
4. When the Kon-Boot splash screen appears, press Enter to boot Windows.
5. At the Windows login screen, enter administrator as the user name, with any password you’d like.  Note:  This password is not persistent!  You must set the administrator password manually! Once the password is set, reboot the server and you will be able to login with the newly set credentials.
If you are trying to reset the password in Linux, the steps are the same, but instead of logging into Windows and resetting the adminstrator password, login to Linux and reset the root password.

Dell Dset utility default password

I always forget this, so I’m posting this here for the next time I need to review a Dell Dset report, that the default password is ‘dell’.

If you are not familiar with Dset, you can download it from

It’s a nifty utility that provides configuration and diagnostic information for Dell’s technical support staff. I like it because I can have someone run it on a remote server and email me the report. It’s very helpful when trying to determine if a hardware failure has occurred (or is occurring).

The Dset readme describes the product in the following manner:

Dell Server E-Support Tool (DSET) provides the ability to collect hardware, storage and operating system information of a Dell PowerEdge or PowerVault server. This information is consolidated into a single “System Configuration Report” that can be useful for troubleshooting or inventory collection of a system. The browser user interface provides a convenient means to view specific data through hierarchical menu trees.

DSET is intended to be a small, non-intrusive tool that does not require a reboot of the system to provide full functionality. DSET can collect information about Linux modules, services, network settings, etc. as well as system logs. DSET will also collect extended hardware information such as processors, memory, PCI cards, ESM log, BIOS/firmware versions and system health (fan/voltage levels) as well as storage configuration information (RAID controllers, hard drives).

How to change the SQL sa password from a command prompt

To change the SQL sa password from a command prompt:

Start a command prompt by typing StartRuncmd

Enter the following commands, pressing Enter after each line

OSQL -S yourservername -E
    1> EXEC sp_password NULL, ‘yourpassword’, ‘sa’
    2> GO

Where yourservername is the name of your server and yourpassword is the new sa account password.  Type exit twice to return to the server desktop. 

This works in SQL 2005, I don’t have access to other versions so I can’t say if it will or won’t work other versions of SQL.

Posted in howto. Tags: , , , . 4 Comments »

Windows Server 2008 Password Complexity Requirements

I finally got around to installing Windows Server 2008 Standard today.  I performed a Server Core installation, and was suprised how little interaction I had to have with the installer.  It seemed like I answered three or four questions, went to get a Diet Coke, and when I came back the server was at the logon prompt.

During the install process I had not been prompted to provide an Administrator password like I’d experienced during installations of previous Windows Server operating systems.  I entered Administator as the User Name and hit enter, and I was automagically logged onto the server.

Immediately Windows prompted me to change the Administrator password.  I tried reusing a few of my standard passwords, but they kept getting rejected with the following error:

“Unable to update the password.  The value provided for the new password does not meet the length, complexity, or history requirements of the domain”

I tried to create a new password several more time, but nothing worked.  I finally decided to find out what the default password policy requirements were for Windows 2008.

When this policy setting is enabled, users must create strong passwords to meet the following minimum requirements:

  • Passwords cannot contain the user’s account name or parts of the user’s full name that exceed two consecutive characters.
  • Passwords must be at least six characters in length.
  • Passwords must contain characters from three of the following four categories:
  1. English uppercase characters (A through Z).
  2. English lowercase characters (a through z).
  3. Base 10 digits (0 through 9).
  4. Non-alphabetic characters (for example, !, $, #, %).

I thought it was interesting to find the following explanation from the same web page:

“Password must meet complexity requirements

This policy setting checks all new passwords to ensure that they meet basic requirements for strong passwords. By default, the value for this policy setting in Windows Server 2008 is configured to Disabled, but it is set to Enabled in a Windows Server 2008 domain for both environments described in this guide.”

That was not the behavior I had experienced with my initial install of Windows Server 2008.  This was a core installation and was not a domain member, so why was the policy enabled? 

On another note, when you want to log out of Server Core, simply type logoff

Howto: Resend an Activation Password for a Blackberry Device from Blackberry Enterprise Server

Yesterday I installed Blackberry Enterprise Server (BES) on a Windows 2003 SP2 server that would synchronize with Groupwise 7.0.1. Installing BES was fairly straightforward, but getting the Groupwise client to synchronize the users and address books was another story.

Once we had the entire system functioning properly, it was time to synchronize the first Blackberry with the server. From the Blackberry Manager we selected the option to Generate and Email Activation Password, but the user never received the activation message – neither in her email nor on her Blackberry. We finally tracked down the result of the failure, which was we were sending the activation email from an alias address, not from a user with an actual mailbox.

This morning we changed the address the activation message was sent from to a user with an actual mailbox. When we tried to resend the activation email to the Blackberry device we received the following error from Blackberry Manager:

A password was not generated. The user still has a non-expired activation password for which the number of attempts has not exceeded the maximum of 5.

I couldn’t find anywhere to cancel the pending activation request, and was not about to wait the 48 hours for the message to expire. Nor was I going to enter the incorrect password 5 times to nullify the activation request.

Finally, I found the following solution:

1) In Blackberry Manager, right click the user and select Set Activation Password

2) In the Password box, leave both fields blank

3) In the Password Expires in _ hours box, enter a 0 (zero) and click OK

This will expire the existing activation email and password and will allow you to resend the activation email to the Blackberry device.

To resend the Activation email from Blackberry Manager, right click the user and select Generate and Email Activation Password.