Resetting the local admin password on a more locked down server

A client recently had an issue where they had lost the administrator password on their offline root CA.

The well known method of copying cmd.exe over utilman.exe was not working

When trying to reset the administrator password, it appeared to work, but on reboot, the new password was not accepted.

To that end i utilise “net” to add a temporary admin account via

net user <username> /add
net localgroup administrators <username> /add
in addition, the server had been configured to not allow any other user but administrator to show up at the console….. this i hadn’t seen before.
After a bit of poking around, i found that the following registry keys were the culprit.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI] “LastLoggedOnProvider”=””
“LastLoggedOnSAMUser”=””
“LastLoggedOnUser”=””
once those keys were set, i could logon as my temporary admin account.