Post #35,281
4/12/02 5:26:01 PM
|
Win2K admin password reset?
I'm remote nursing a system which has a nonstandard admin password.
Googling for techniques -- does anyone know a good way to recover the admin password?
I've got my two able hands and the LNX-BBC bootable Linux CDROM with me. I'm currently transferring critical data off-system. There may or may not be a Win2K install disk available, OTOH, if that's what I need, I'll bring it next time ;-)
-- Karsten M. Self [link|mailto:kmself@ix.netcom.com|kmself@ix.netcom.com] [link|http://kmself.home.netcom.com/|[link|http://kmself.home.netcom.com/|http://kmself.home.netcom.com/]] What part of "gestalt" don't you understand?
Keep software free. Oppose the CBDTPA. Kill S.2048 dead. [link|http://www.eff.org/alerts/20020322_eff_cbdtpa_alert.html|[link|http://www.eff.org/alerts/20020322_eff_cbdtpa_alert.html|http://www.eff.org/...a_alert.html]]
|
Post #35,289
4/12/02 7:10:04 PM
|
Ummm no fast and easy way....
We have recently been deploying w2k... our attitude towards it is:
Excuse me while I image your machine, you may want to make sure you have all of your data off it...
Other than that, it is a SAM cracker.
greg, curley95@attbi.com -- REMEMBER ED CURRY!!!
Keep software free. Oppose the CBDTPA. Kill S.2048 dead. [link|http://www.eff.org/alerts/20020322_eff_cbdtpa_alert.html|[link|http://www.eff.org/alerts/20020322_eff_cbdtpa_alert.html|http://www.eff.org/...a_alert.html]]
|
Post #35,355
4/14/02 10:09:47 AM
|
[strike]Ummm no fast and easy way....[/strike]
Well I guess, if ya don't ask... ya never know.
Thanx, AG!
greg, curley95@attbi.com -- REMEMBER ED CURRY!!!
Keep software free. Oppose the CBDTPA. Kill S.2048 dead. [link|http://www.eff.org/alerts/20020322_eff_cbdtpa_alert.html|[link|http://www.eff.org/alerts/20020322_eff_cbdtpa_alert.html|http://www.eff.org/...a_alert.html]]
|
Post #35,292
4/12/02 10:53:53 PM
|
The Linux boot disk I used . .
. . allowed reset the W2K admin password to a known value. Took all of 5 minutes from waking through the door.
[link|http://www.aaxnet.com|AAx]
|
Post #35,322
4/13/02 6:43:20 PM
|
...which is what?
Care to share? Is that a standard microdistro, or something you've ginned up custom?
Trinux would be the most likely candidate, but I don't know of any microLinux distros that advertise ability to reset WinNT or progeny passwords.
-- Karsten M. Self [link|mailto:kmself@ix.netcom.com|kmself@ix.netcom.com] [link|http://kmself.home.netcom.com/|[link|http://kmself.home.netcom.com/|http://kmself.home.netcom.com/]] What part of "gestalt" don't you understand?
Keep software free. Oppose the CBDTPA. Kill S.2048 dead. [link|http://www.eff.org/alerts/20020322_eff_cbdtpa_alert.html|[link|http://www.eff.org/alerts/20020322_eff_cbdtpa_alert.html|http://www.eff.org/...a_alert.html]]
|
Post #35,335
4/13/02 8:40:13 PM
4/13/02 10:13:12 PM
|
Here ya' go . . .
Sorry for the tease, I was in too much of a rush to look up the details. It's called [link|http://home.eunet.no/~pnordahl/ntpasswd/bootdisk.html| Boot Disk].
There's three files: bd011022.bin (the main program), sc011022 (required only to support SCSI controllers), and rawrite.zip (to write images to a boot floppy).
Read the main page and there are a number of subsidiary pages linked in the text. I booted up on a Win2000 machine with syskey enabled and just told it to change the password. Before going to the customer's site I did, of course, practice on a expendable NT machine.
The approach I used was to let it save a regular non-syskey password which Win2K helpfully converted to a syskey password on the next boot. Worked like a charm.
[link|http://www.aaxnet.com|AAx]
|
Post #35,353
4/14/02 4:55:11 AM
|
You rock!
...I figure I owe you a keg or two.
-- Karsten M. Self [link|mailto:kmself@ix.netcom.com|kmself@ix.netcom.com] [link|http://kmself.home.netcom.com/|[link|http://kmself.home.netcom.com/|http://kmself.home.netcom.com/]] What part of "gestalt" don't you understand?
Keep software free. Oppose the CBDTPA. Kill S.2048 dead. [link|http://www.eff.org/alerts/20020322_eff_cbdtpa_alert.html|[link|http://www.eff.org/alerts/20020322_eff_cbdtpa_alert.html|http://www.eff.org/...a_alert.html]]
|
Post #35,526
4/15/02 8:34:59 PM
|
and...just used it on a Win2K box
Worked like a charm. Booting the disk you're given a set of prompts to walk through sane defaults for most choices, adequate warnings of potentially dangerous actions, and, best of all, it works. About three minutes from boot to reboot and back into the system.
Note also: the LNX-BBC ships with the ntpwedit utility, but doesn't support writing to NTFS. I suspect this will be supported in a future release.
-- Karsten M. Self [link|mailto:kmself@ix.netcom.com|kmself@ix.netcom.com] [link|http://kmself.home.netcom.com/|[link|http://kmself.home.netcom.com/|http://kmself.home.netcom.com/]] What part of "gestalt" don't you understand?
Keep software free. Oppose the CBDTPA. Kill S.2048 dead. [link|http://www.eff.org/alerts/20020322_eff_cbdtpa_alert.html|[link|http://www.eff.org/alerts/20020322_eff_cbdtpa_alert.html|http://www.eff.org/...a_alert.html]]
|
Post #85,684
3/5/03 2:46:58 AM
|
Be vewwy vewwy careful with this
it is absolutely the tool of last resort.
Remember, kids, NTFS write support in Linux is extremely experimental. If the phase of the moon is wrong then your NTFS file system may be hosed.
I've also heard that this kills domain controllers dead.
If you've forgotten your domain administrator password and you're thinking of using this tool, then you should probably go outside and shoot yourself in the face, because a member of the domain admins group can change that, and you don't have any domain admin users...
Peter [link|http://www.debian.org|Shill For Hire] [link|http://www.kuro5hin.org|There is no K5 Cabal] [link|http://guildenstern.dyndns.org|Blog]
|
Post #85,921
3/5/03 10:56:12 PM
|
Of course it's a tool of last resort . .
. . but I've used it about 20 times on about 6 machines for practice and it's been flawless. It's worked on NT, Windows 2000 and Windows XP. I've only used it for real about three times, all on NT.
Of course, none of these were domain controllers. I'll have to try that sometime on a machine that's being decomissioned.
[link|http://www.aaxnet.com|AAx]
|
Post #85,930
3/5/03 11:26:05 PM
|
When write support works well...
...is when it's changing a fixed number of bytes in a file that\r\ndoesn't change length. Eg, apparently, changing the Administrator\r\npassword. So risk of filesystem corruption is likely very minimal. \r\n\r\n Domain controllers -- now that's another story, can't speak to\r\nit. \r\n
--\r\n Karsten M. Self [link|mailto:kmself@ix.netcom.com|kmself@ix.netcom.com]\r\n [link|http://kmself.home.netcom.com/|http://kmself.home.netcom.com/]\r\n What part of "gestalt" don't you understand?\r\n [link|http://twiki.iwethey.org/twiki/bin/view/Main/|TWikIWETHEY] -- an experiment in collective intelligence. Stupidity. Whatever.\r\n \r\n Keep software free. Oppose the CBDTPA. Kill S.2048 dead.\r\n[link|http://www.eff.org/alerts/20020322_eff_cbdtpa_alert.html|http://www.eff.org/alerts/20020322_eff_cbdtpa_alert.html]\r\n
|
Post #35,367
4/14/02 12:29:08 PM
|
This one goes in the permanent bag o' tricks.
Excellent tip Andrew. Thanks.
Taiwan is a country. Anyone who says otherwise is a communist.
|
Post #85,683
3/5/03 1:39:45 AM
|
Saved me tonight
Thanks to Karsten for remembering this on jabber tonight, to AG for posting it in the first place, and to Scott for our now excellent search utility :-)
----- Steve
|