I have a client who has managed to lock themselves out of their one and only level 32 account running ver 4.2. They are currently functional with their level 31 accounts but we are about to upgrade them to 5.2 and I'm searching for ideas. A couple I've had are as follows:
Send the database to Mcafee for help
Go ahead and upgrade and pray you never need the level 32 account. I think this won't work because the database has to run with a level 32 account. i.e. they maybe up a creek.
Decrypt all systems and install new 5.2 server and re-encrypt.
Maybe there is a way to migrate an encrypted box from one server to another?
If anybody has any ideas please feel free to chime in.
Is it really locked or have they just forgotten the password? I have used 4.x, so I'll base this on some 5.x thoughts. Maybe you can even upgrade the DB in development if some of these wouldn't apply to older versions. Definitely do everything in a test/dev environment and then confirm with McAfee that you're not going to break anything before doing in Prod.
1. Is the service running as sbadmin? If so, there is a warning dialog box when you configure that the service that the password is stored and can be read by anyone with access to the server - perhaps you can exploit this?
2. Restore the one SbAdmin object from your first backups when the password was the default? I did this one on 5.1.4 and it worked great. Was done with McAfee support, however. Basically just found the object in the File DB and then replaced the copy in my database.
3. Brute Force? You can probably get creative here, especially since you have access to the physical box. I wont go into too much detail on this one...
Restore from your backup the one account as Christopher says, or, contact your account manager, we can promote another user for you (though that kind of service may be chargeable).
If the account your service is using is still valid, as Christopher says you could write a simple script to create a new user using those stored credentials. I wrote one a few weeks ago, took a few minutes. Just use the useridkeyfile authentication option.