Useful Blog

Remove Windows 8 from a domain without the domain admin password

Written by

admin

in

There are situations where you need to break into Windows 8 (or 7, or XP).
For example, when a domain controller has disappeared and there are no cached credentials on the computer.

You will need:

A windows 8 (or 7) installation disk.

Here’s how:

There are three steps:

  1. Break in to the computer so we have a command prompt where we can ‘do things’
  2. Create a new user with local administrator rights
  3. Remove the computer from the domain.

Step 1: break in

Boot the computer from the Windows 7/8 Install Disk (I’m using Window 8 for this example):

Press any key to boot from CD or DVD

Select the language appropriate for your computer/keyboard:

Select Language Preferences and press Next

If you have the Windows 8 installation disk, you can press Shift+F10 here and skip the next few screens – that brings up a command prompt immediately.
Or click Next and then ‘Repair your computer’:
Click 'Repair your computer'

Then select: ‘Troubleshoot’:

The select Advanced options:

Finally, select Command Prompt:

Then you need to check and select the drive letter where windows is installed (it is not always the C: you normally see within Windows). You can do this with ‘DISKPART’ and ‘LIST VOL’. The drive should be clear from what you see unless you have a complicated disk setup:

Then we temporarily replace Utilmon.exe with cmd.exe and reboot:

Step 2: Creating an user with administrator rights

Then we let windows boot through to the sign-on screen. UtilMan is run by clicking on the Ease of Access button, which brings up our command line.

If we don’t have a valid user, we can now create one:

net user admin NewPass5 /add && net localgroup administrators admin /add

Then close the window and log on with the newly created user: admin.

Note: you do need to type the name of the computer in front of user name (COMPUTERNAME\admin). If you don’t know what the computer is called, just type ‘administrator’ as the username and Sign in to: will tell you the computer name.

At this point, you can undo the ‘UtilMan.exe’ break-in by opening a command prompt (as admin) and undoing what we did before. [Windows]+X and select ‘Command Prompt (admin)’:

Step 3: Forcefully removing the computer from the domain

Bring up the system properties: Alt+X, System, and click on Computer name, domain and workgroup settings: Change settings:

Then click ‘Change…’ to change the domain or workgroup:

Set the computer to be in the Workgroup: WORKGROUP:

Confirm that we know the local administrator password (set the admin user we created in step 2 is fine):

You will be asked for credentials: use the credentials for the admin user we created:

Then OK all the dialog boxes and reboot.
Log back in as ‘admin’ and set up any users you need.

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

More posts