1

Hell All,

I need some help as I am unsure of the direction to take. I recently accepted an IT Manager role at a small company. The day before my start date, the IT Director passed away. Unfortunately, the company and the IT Director did not maintain any records of passwords for services. They have three servers with company programs and data, as well as firewalls used in the office that I can’t access for backup or support. If this hardware were to fail today, they would be in a difficult situation.

Does anyone have recommendations for service companies that can assist with this type of issue, or suggestions for a course of action? I have never been in a position like this before.

Thank you!

15 Spice ups
2

You might be a little bit f–ked, my dude.

10 Spice ups
3

You can easily reset the admin passwords on those machines if you have physical access to them. Just need more info to provide a method. Are these running Windows Server, Linux,… Unix v8?

10 Spice ups
4

What is your IT level of expertise and knowledge? I only ask because you’ve either walked into a disastrous situation or a golden platter for your career.

If you aren’t quite “there” yet in IT, then you’re gonna have a really rough time navigating through this one but everything you mentioned is entirely fixable and doable.

If you’ve got IT chops though, you just waltzed into a layup “IT Director” position if you handle this one well.

To answer your question though, you REALLY should be starting with the vendors/manufacturers of the equipment or software you’re working with. You will obviously hit some hurdles but your situation is not unique and there have been countless times IT workers have been in a position similar where there wasn’t documentation and the folks who knew how to get into things were no longer with the company for one reason or another. I’ve been there, on a much smaller scale - in my case it was just a chunk of our infrastructure that I was dealing with when our senior sysadmin at a previous job decided to up and leave one day and ghost everybody. I ended up getting back into everything, documenting everything, etc… largely in part due to working with the vendors of the equipment and software.

The internet is a big place too - if you spend enough time looking, you will eventually find somebody who needed to get into the same hardware/software online and how they did it.

So I’d recommend reaching out to the vendors first. Then post specific questions in places like Spiceworks, Reddit, Discord, etc…

You could work with a 3rd party MSP or contractor but inevitably they will be doing the same thing you’d be doing, if you choose to do it.

23 Spice ups
5

Oh and one more thing: you may hit a point with certain hardware or software where simply “starting over” makes the most sense. Will it suck? Maybe. But then you also have the added benefit of knowing the configuration and setup inside out. Then YOU become the subject-matter-expert on your own network instead of the guy who had to reverse engineer it and try to figure out the thought processes of the previous Director.

So don’t be afraid of the old “nuke and pave” method, in places where it makes sense.

19 Spice ups
6

I’m going to touch on something of massive importance that I don’t think has been mentioned here. Once you go re-establish access, you need to set up some sort of continuity of operations plan.

You’ve got all the passwords. Great. What happens if you get hit by a bus tomorrow? Who takes over? Do they have access to the passwords? Who’s your second if you fall ill? Do they have access to the passwords?

Obviously knowledge of the passwords should be restricted, but you can clearly see why more than one person needs to be able to get into stuff.

12 Spice ups
7

That’s a “key person” problem right there. Your mission going forward is not to repeat that mistake.

Go through the former managers PC, may be something like an excel spreadsheet with them. Look in drawers etc if they are written down. For the firewalls/switches, try the default credentials. You never know.

13 Spice ups
8

Thank you all for your responses. In terms of my technical skills, they are a bit rusty since I haven’t been in a technical role for some time; I have been more in leadership positions where I wasn’t configuring or managing hardware and software. We have three Dell servers running Windows Server 2012 and small SonicWall TZ400 firewalls, but there is zero documentation. I have tried to dig through things but haven’t found much. I’m uncertain about what Dell might be able to do to assist me in this situation. I could call an MSP, but I’m not sure what they could do differently, especially since I still don’t have access to the hardware containing all the company data.

4 Spice ups
9

Its windows server 2012

1 Spice up
10

I agree this could be a huge layup to an upgraded job.
My $0.02 is you should consider are burn down and build back.
then you document the he77 out of everything.

then get a 2nd to cross train in your job.

7 Spice ups
11

Sounds like the former IT Director was just the person in the office who happened to know the most about computers, in other words enough to make things work enough for what they needed. That’s not picking on them, that’s just how it is at a lot of smaller shops.

Are these servers in workgroup mode or domain joined? If they are in workgroup mode, then resetting the password and getting in will not be a problem.

Take your pick of methods here:

5 Spice ups
12

As a CIO, I would think that CIOs or VPs or even managers do how actively hold passwords but rather the various system admins would hold it. What we may hold are “break the glass” set of passwords if the org policies have made provisions for it.

So you may want to first speak to the various admins (or even vendors) and start compiling ?

1 Spice up
13

Right off the bat,

October 10, 2023
Windows Server 2012 and Windows Server 2012 R2 was end of Life on October 10, 2023. Basically, these products will no longer receive security updates, non-security updates, bug fixes, technical support, or online technical content updates.

Unless something has changed that I don’t see… you have a huge security risk and attack vector
and vulnerability before you. Do whatever to disable all old accounts.

I would look into what it would take to get new equipment stood up and online and then migrate data over and shut the 2012 stuff down. Fun Times!

Once you have reset passwords… Endpoint, Defender, antivirus whatever you have, the hell out of them to make sure your environment is safe, and you’re not some gapping hole bot farm.

Rebuild, rebuild, rebuild…

There are tools and utilities to run a rainbow table database to gain authentication by cracking the password hash…

Another easy way you may find a password is through the security logs event viewer, when someone enters the password in the User Name field and hits enter it is recorded as plain text…

Good luck…

4 Spice ups
14

Theyre on a domain. I wish they were on a workgroup that would be alot easier.

1 Spice up
15

They never had a CIO or VP or any IT structure. It was 1 guy that did everything that had no processes.

2 Spice ups
16

I would love to rebuild but I can’t get into the old server to see what im rebuilding I would love to migrate them to something new but how can I do that without access to the hardware.

1 Spice up
17

If you can find the 2012 installation CD, you can reset the Windows Server Password.

You may need to call in technical support to hack in for you… then go from there.

18

There’s a spiceworks post for everything :slight_smile:

5 Spice ups
19

Here is how to reset the administrator password for Windows Server 2012. Scroll down about half way…

1 Spice up
20

If you are a DA, you should be able to change the local admin passwords. If you are not a DA, find someone who is and can make you one. Does someone have the IT director’s login information?
As far as the firewall goes, see if the vendor support can help.