FastSysAdmin

Category: Windows Server

  • How to Change Windows Server 2022 Administrator Password Using a Bootable USB Made with Ventoy (Utilman.exe Method)

    If you’ve forgotten the administrator password for your Windows Server 2022, you can reset it by replacing the Utilman.exe file with Command Prompt using a bootable USB drive created with Ventoy. This method allows you to bypass the login screen and reset the password directly. In this guide, we’ll walk you through the steps to change the Windows Server 2022 administrator password using a Ventoy bootable USB drive and the Utilman.exe method.

    What You’ll Need

    1. A working computer with internet access.
    2. A USB flash drive (at least 8GB).
    3. VentoyDownload Here
    4. A Windows Server 2022 ISO file: Download Here

    Step 1: Create a Ventoy Bootable USB Drive

    1. Download and install Ventoy on your working computer.
    2. Insert the USB flash drive into your computer.
    3. Open Ventoy and select your USB drive under the Device dropdown.
    4. Click Install to set up Ventoy on the USB drive.
    5. Copy the Windows Server 2022 ISO file to the USB drive.

    Step 2: Boot from the Ventoy USB Drive

    1. Insert the Ventoy USB drive into the locked Windows Server 2022 machine.
    2. Restart the server and enter the BIOS/UEFI settings (usually by pressing F2F12Del, or Esc during boot).
    3. Change the boot order to prioritize the USB flash drive.
    4. Save changes and exit the BIOS/UEFI settings.

    Step 3: Access Command Prompt via Utilman.exe Replacement

    1. Boot into the Ventoy USB drive and select the Windows Server 2022 ISO.
    2. On the Windows Setup screen, press Shift + F10 to open Command Prompt.
    3. Identify the Windows installation drive:Copydiskpart list volume exit
      • Look for the drive labeled “Windows” (e.g., C:).
    4. Navigate to the System32 folder:
      cd C:\Windows\System32
    5. Rename Utilman.exe to Utilman.exe.bak:
      ren Utilman.exe Utilman.exe.bak
    6. Copy cmd.exe and rename it to Utilman.exe:
      copy cmd.exe Utilman.exe
    7. Close Command Prompt and restart the server:
      wpeutil reboot

    Step 4: Reset the Administrator Password

    1. On the Windows Server 2022 login screen, click the Ease of Access icon (or press Win + U).
    2. This will open Command Prompt since Utilman.exe has been replaced.
    3. Reset the administrator password:
      net user Administrator NewPassword
      • Replace Administrator with the username of the account you want to reset.
      • Replace NewPassword with your desired password.
    4. Close Command Prompt and log in using the new password.

    Step 5: Restore Utilman.exe

    1. After logging in, open Command Prompt as an administrator.
    2. Navigate to the System32 folder:
      cd C:\Windows\System32
    3. Delete the replaced Utilman.exe:
      del Utilman.exe
    4. Restore the original Utilman.exe:
      ren Utilman.exe.bak Utilman.exe

    Step 6: Secure Your Server

    1. After regaining access, consider enabling additional security measures, such as:
      • BitLocker for drive encryption.
      • Multi-factor authentication for remote access.
      • Regular password updates.
    2. Keep a secure record of your passwords to avoid future lockouts.

    Conclusion

    Changing the Windows Server 2022 administrator password using a Ventoy bootable USB drive and the Utilman.exe method is a powerful way to regain access to your server. By following the steps outlined in this guide, you can bypass the login screen and reset the password directly. Ventoy’s flexibility makes it an excellent tool for managing multiple bootable ISOs, including Windows Server 2022.

    If you found this guide helpful, feel free to share it with your peers or leave a comment below with your thoughts or questions. Happy troubleshooting!

    About the Author:

    Ali Asad is a network engineer and tech enthusiast with a passion for sharing knowledge about networking, cybersecurity, and IT infrastructure. Follow [Your Blog/Social Media] for more tips and tutorials!

  • Using the pathping command to trace network traffic

     

    pathping command is an alternative to traceroute command in Windows
    Power Shell. traceroute shows the first hop as the first router that you
    traverse and does not show you what physical NIC the packets are
    flowing out of but pathping does show NIC IP Address. It also shows
    statistics about packet loss.

    pathping Example

    PS C:UsersAli Asad> pathping google.com

Tracing route to google.com [216.58.208.238]
over a maximum of 30 hops:
  0  Ali-PC [10.1.0.2]
  1  10.1.0.1
  2  210.56.23.97
  3  tw21-static149.tw1.com [117.20.21.149]
  4  tw255-static100.tw1.com [110.93.255.100]
  5  110.93.252.198
  6  72.14.194.14
  7  108.170.240.56
  8  209.85.240.12
  9  108.170.231.187
 10  108.170.247.1
 11  72.14.238.197
 12  par10s22-in-f238.1e100.net [216.58.208.238]

Computing statistics for 300 seconds...
            Source to Here   This Node/Link
Hop  RTT    Lost/Sent = Pct  Lost/Sent = Pct  Address
  0                                           Ali-PC [10.1.0.2]
                                0/ 100 =  0%   |
  1    0ms     0/ 100 =  0%     0/ 100 =  0%  10.1.0.1
                                0/ 100 =  0%   |
  2    1ms     1/ 100 =  1%     1/ 100 =  1%  210.56.23.97
                                0/ 100 =  0%   |
  3    2ms     1/ 100 =  1%     1/ 100 =  1%  tw21-static149.tw1.com [117.20.21.149]
                                0/ 100 =  0%   |
  4   19ms     1/ 100 =  1%     1/ 100 =  1%  tw255-static100.tw1.com [110.93.255.100]
                                0/ 100 =  0%   |
  5   20ms     1/ 100 =  1%     1/ 100 =  1%  110.93.252.198
                                0/ 100 =  0%   |
  6   32ms     0/ 100 =  0%     0/ 100 =  0%  72.14.194.14
                                0/ 100 =  0%   |
  7   30ms     2/ 100 =  2%     2/ 100 =  2%  108.170.240.56
                                0/ 100 =  0%   |
  8  ---     100/ 100 =100%   100/ 100 =100%  209.85.240.12
                                0/ 100 =  0%   |
  9  ---     100/ 100 =100%   100/ 100 =100%  108.170.231.187
                                0/ 100 =  0%   |
 10  ---     100/ 100 =100%   100/ 100 =100%  108.170.247.1
                                0/ 100 =  0%   |
 11  ---     100/ 100 =100%   100/ 100 =100%  72.14.238.197
                                0/ 100 =  0%   |
 12   32ms     0/ 100 =  0%     0/ 100 =  0%  par10s22-in-f238.1e100.net [216.58.208.238]

Trace complete.

  • FTP Error: 530 User cannot log in, home directory inaccessible

     

    1. Login to the Windows Server as an Administrator user.
    2. Open IIS [Start → Administrative Tools → Internet Information Service].
    3. Expand Sites option from left pane.

    4. You will see a Default FTP Site in site list, expand this website.

    5. Now, double click on FTP Authorization Rules option from the center pane.

    6. From the right pane, click on Add Allow Rule.

    7. Select the option of All Users and tick the check box of Read and Write permission.
    8. Click on OK button to save the changes and Restart Microsoft FTP Services to reflect them.

    Follow below mentioned steps to restart Microsoft FTP Services:

    1. Open Services [Start → Run → type services.msc and Hit Enter].
    2. Select the service named Microsoft FTP Service.
    3. Click on Restart link from the left pane option.

    Now, try again to login to the FTP account. If everything goes fine,
    then you should not receive any error while connecting to your FTP
    account.

  • Backup Batch file for Windows

    @echo off
     
    :: Compressing the Folder
    7z a "C:Backup.7z" "C:Application"

    :: Mounting the remote directory 

    net use x: \192.168.0.1dBackup /user:username password

    :: Copying backup file to remote directory
    copy /Z /Y "C:Backup.7z" "x:Backup.7z"

    :: Adding Timestamp 

    For /f "tokens=2-4 delims=/ " %%a in ('date /t') do (set mydate=%%c-%%a-%%b)
    For /f "tokens=1-2 delims=/:" %%a in ('time /t') do (set mytime=%%a%%b)
    rename "x:CodeUsers.7z" "Users-%mydate%%mytime%.7z"
     
    :: Unmounting the remote directory
    net use x: /delete

  • How to change Windows Server Remote Desktop Port

     

    Its recommended to change the default port of the RDS services so that these are not scanned in network attacks

    1. Start the registry editor. (Type regedit in the Search box.)
    2. Navigate to the following registry subkey:
      HKEY_LOCAL_MACHINESystemCurrentControlSetControlTerminal ServerWinStationsRDP-Tcp
    3. Find PortNumber
    4. Click Edit > Modify, and then click Decimal.
    5. Type the new port number, and then click OK.
    6. Close the registry editor, and restart your computer.

     

    The next time you connect to this computer by using the Remote Desktop
    connection, you must type the new port. If you’re using a firewall, make
    sure to configure your firewall to permit connections to the new port
    number.

     

    You can check the current port by running the following PowerShell command:

    PowerShell
    Get-ItemProperty -Path 'HKLM:SYSTEMCurrentControlSetControlTerminal ServerWinStationsRDP-Tcp' -name "PortNumber"

    For example:

    PowerShell
    PortNumber   : 3389
PSPath       : Microsoft.PowerShell.CoreRegistry::HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlTerminal ServerWinStationsRDP-Tcp
PSParentPath : Microsoft.PowerShell.CoreRegistry::HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlTerminal ServerWinStations
PSChildName  : RDP-Tcp
PSDrive      : HKLM
PSProvider   : Microsoft.PowerShell.CoreRegistry

    You can also change the RDP port by running the following PowerShell
    command. In this command, we’ll specify the new RDP port as 3390.

    To add a new RDP Port to the registry:

    PowerShell
    $portvalue = 3390

Set-ItemProperty -Path 'HKLM:SYSTEMCurrentControlSetControlTerminal ServerWinStationsRDP-Tcp' -name "PortNumber" -Value $portvalue 

New-NetFirewallRule -DisplayName 'RDPPORTLatest-TCP-In' -Profile 'Public' -Direction Inbound -Action Allow -Protocol TCP -LocalPort $portvalue 
New-NetFirewallRule -DisplayName 'RDPPORTLatest-UDP-In' -Profile 'Public' -Direction Inbound -Action Allow -Protocol UDP -LocalPort $portvalue

     

    You will need to restart RDS services for the changes to take effect or reboot the system.