I'm kind of a rookie when it comes to servers and server hardening. I was following the CIS benchmark for Windows Server 2012 and changed the allow log on locally policy to include administrator, domain administrator and guest account. I'm now locked out of my server. (Might be because there are some other policies misconfigured aswell)
Note: My server is also configured as the DC.
I've been searching for a while but can't seem to find a fix. So far i've tried:
Inserting windows cd, choosing repair and starting a command prompt. In cmd I did:
net user administrator active:yes
Which resulted in 'the command completed succesfully'.
net user administrator active:yes /{domain name}
Which resulted in an error 'NET HELPMSG 3506'
What was also odd was that when i tried
wmic computersystem get domain
It returned 'Domain' and 'WORKGROUP'.
This however didnt fix the problem because it still says 'Your account has been disabled. Please see your system administrator'.
Creating a new account using net start called administrator2, and adding it to the localgroup administrators
net localgroup administrators administrator2 /add
But it couldn't even find the account when I tried logging in. During log in i tried administrator2 + password, {localpcname}/administrator2 + password, and {domainname}/administrator2.
Enabling the hidden administrator account using http://www.howtogeek.com/75470/how-to-enable-the-hidden-windows-7-admin-account-using-the-registry/
This however wasn't possible because it said my SAM file is in use by a process.
I hope someone has a clue about what I'm doing wrong. I do have a backup of the original server with untouched policies, but I'm hesitating to use it because the other policies took a lot of work to change.
