Win2K admin password reset?

1,095 registered users | 0 active users | 0 LpH | Statistics
Login | Create New User

Welcome to IWETHEY!

Post #35,281 by kmself 4/12/02 5:26:01 PM Reply	Win2K admin password reset? I'm remote nursing a system which has a nonstandard admin password. Googling for techniques -- does anyone know a good way to recover the admin password? I've got my two able hands and the LNX-BBC bootable Linux CDROM with me. I'm currently transferring critical data off-system. There may or may not be a Win2K install disk available, OTOH, if that's what I need, I'll bring it next time ;-) `-- Karsten M. Self [link\|mailto:kmself@ix.netcom.com\|kmself@ix.netcom.com] [link\|http://kmself.home.netcom.com/\|[link\|http://kmself.home.netcom.com/\|http://kmself.home.netcom.com/]] What part of "gestalt" don't you understand? Keep software free. Oppose the CBDTPA. Kill S.2048 dead. [link\|http://www.eff.org/alerts/20020322_eff_cbdtpa_alert.html\|[link\|http://www.eff.org/alerts/20020322_eff_cbdtpa_alert.html\|http://www.eff.org/...a_alert.html]]`
Post #35,289 by folkert 4/12/02 7:10:04 PM Reply	Ummm no fast and easy way.... We have recently been deploying w2k... our attitude towards it is: Excuse me while I image your machine, you may want to make sure you have all of your data off it... Other than that, it is a SAM cracker. `greg, curley95@attbi.com -- REMEMBER ED CURRY!!! Keep software free. Oppose the CBDTPA. Kill S.2048 dead. [link\|http://www.eff.org/alerts/20020322_eff_cbdtpa_alert.html\|[link\|http://www.eff.org/alerts/20020322_eff_cbdtpa_alert.html\|http://www.eff.org/...a_alert.html]]`
Post #35,355 by folkert 4/14/02 10:09:47 AM Reply	[strike]Ummm no fast and easy way....[/strike] Well I guess, if ya don't ask... ya never know. Thanx, AG! `greg, curley95@attbi.com -- REMEMBER ED CURRY!!! Keep software free. Oppose the CBDTPA. Kill S.2048 dead. [link\|http://www.eff.org/alerts/20020322_eff_cbdtpa_alert.html\|[link\|http://www.eff.org/alerts/20020322_eff_cbdtpa_alert.html\|http://www.eff.org/...a_alert.html]]`
Post #35,292 by Andrew Grygus 4/12/02 10:53:53 PM Reply	The Linux boot disk I used . . . . allowed reset the W2K admin password to a known value. Took all of 5 minutes from waking through the door. [link\|http://www.aaxnet.com\|AAx]
Post #35,322 by kmself 4/13/02 6:43:20 PM Reply	...which is what? Care to share? Is that a standard microdistro, or something you've ginned up custom? Trinux would be the most likely candidate, but I don't know of any microLinux distros that advertise ability to reset WinNT or progeny passwords. `-- Karsten M. Self [link\|mailto:kmself@ix.netcom.com\|kmself@ix.netcom.com] [link\|http://kmself.home.netcom.com/\|[link\|http://kmself.home.netcom.com/\|http://kmself.home.netcom.com/]] What part of "gestalt" don't you understand? Keep software free. Oppose the CBDTPA. Kill S.2048 dead. [link\|http://www.eff.org/alerts/20020322_eff_cbdtpa_alert.html\|[link\|http://www.eff.org/alerts/20020322_eff_cbdtpa_alert.html\|http://www.eff.org/...a_alert.html]]`
Post #35,335 by Andrew Grygus 4/13/02 8:40:13 PM 4/13/02 10:13:12 PM Reply	Here ya' go . . . Sorry for the tease, I was in too much of a rush to look up the details. It's called [link\|http://home.eunet.no/~pnordahl/ntpasswd/bootdisk.html\| Boot Disk]. There's three files: bd011022.bin (the main program), sc011022 (required only to support SCSI controllers), and rawrite.zip (to write images to a boot floppy). Read the main page and there are a number of subsidiary pages linked in the text. I booted up on a Win2000 machine with syskey enabled and just told it to change the password. Before going to the customer's site I did, of course, practice on a expendable NT machine. The approach I used was to let it save a regular non-syskey password which Win2K helpfully converted to a syskey password on the next boot. Worked like a charm. [link\|http://www.aaxnet.com\|AAx] Edited by Andrew Grygus April 13, 2002, 10:13:12 PM EDT Expand All History
Post #35,353 by kmself 4/14/02 4:55:11 AM Reply	You rock! ...I figure I owe you a keg or two. `-- Karsten M. Self [link\|mailto:kmself@ix.netcom.com\|kmself@ix.netcom.com] [link\|http://kmself.home.netcom.com/\|[link\|http://kmself.home.netcom.com/\|http://kmself.home.netcom.com/]] What part of "gestalt" don't you understand? Keep software free. Oppose the CBDTPA. Kill S.2048 dead. [link\|http://www.eff.org/alerts/20020322_eff_cbdtpa_alert.html\|[link\|http://www.eff.org/alerts/20020322_eff_cbdtpa_alert.html\|http://www.eff.org/...a_alert.html]]`
Post #35,526 by kmself 4/15/02 8:34:59 PM Reply	and...just used it on a Win2K box Worked like a charm. Booting the disk you're given a set of prompts to walk through sane defaults for most choices, adequate warnings of potentially dangerous actions, and, best of all, it works. About three minutes from boot to reboot and back into the system. Note also: the LNX-BBC ships with the ntpwedit utility, but doesn't support writing to NTFS. I suspect this will be supported in a future release. `-- Karsten M. Self [link\|mailto:kmself@ix.netcom.com\|kmself@ix.netcom.com] [link\|http://kmself.home.netcom.com/\|[link\|http://kmself.home.netcom.com/\|http://kmself.home.netcom.com/]] What part of "gestalt" don't you understand? Keep software free. Oppose the CBDTPA. Kill S.2048 dead. [link\|http://www.eff.org/alerts/20020322_eff_cbdtpa_alert.html\|[link\|http://www.eff.org/alerts/20020322_eff_cbdtpa_alert.html\|http://www.eff.org/...a_alert.html]]`
Post #85,684 by pwhysall 3/5/03 2:46:58 AM Reply	Be vewwy vewwy careful with this it is absolutely the tool of last resort. Remember, kids, NTFS write support in Linux is extremely experimental. If the phase of the moon is wrong then your NTFS file system may be hosed. I've also heard that this kills domain controllers dead. If you've forgotten your domain administrator password and you're thinking of using this tool, then you should probably go outside and shoot yourself in the face, because a member of the domain admins group can change that, and you don't have any domain admin users... Peter [link\|http://www.debian.org\|Shill For Hire] [link\|http://www.kuro5hin.org\|There is no K5 Cabal] [link\|http://guildenstern.dyndns.org\|Blog]
Post #85,921 by Andrew Grygus 3/5/03 10:56:12 PM Reply	Of course it's a tool of last resort . . . . but I've used it about 20 times on about 6 machines for practice and it's been flawless. It's worked on NT, Windows 2000 and Windows XP. I've only used it for real about three times, all on NT. Of course, none of these were domain controllers. I'll have to try that sometime on a machine that's being decomissioned. [link\|http://www.aaxnet.com\|AAx]
Post #85,930 by kmself 3/5/03 11:26:05 PM Reply	When write support works well... ...is when it's changing a fixed number of bytes in a file that\r\ndoesn't change length. Eg, apparently, changing the Administrator\r\npassword. So risk of filesystem corruption is likely very minimal. \r\n\r\n Domain controllers -- now that's another story, can't speak to\r\nit. \r\n --\r\n Karsten M. Self [link\|mailto:kmself@ix.netcom.com\|kmself@ix.netcom.com]\r\n [link\|http://kmself.home.netcom.com/\|http://kmself.home.netcom.com/]\r\n What part of "gestalt" don't you understand?\r\n [link\|http://twiki.iwethey.org/twiki/bin/view/Main/\|TWikIWETHEY] -- an experiment in collective intelligence. Stupidity. Whatever.\r\n \r\n Keep software free. Oppose the CBDTPA. Kill S.2048 dead.\r\n[link\|http://www.eff.org/alerts/20020322_eff_cbdtpa_alert.html\|http://www.eff.org/alerts/20020322_eff_cbdtpa_alert.html]\r\n
Post #35,367 by Silverlock 4/14/02 12:29:08 PM Reply	This one goes in the permanent bag o' tricks. Excellent tip Andrew. Thanks. Taiwan is a country. Anyone who says otherwise is a communist.
Post #85,683 by Steve Lowe 3/5/03 1:39:45 AM Reply	Saved me tonight Thanks to Karsten for remembering this on jabber tonight, to AG for posting it in the first place, and to Scott for our now excellent search utility :-) ----- Steve

Win2K admin password reset? - (kmself) - (12) - April 12, 2002, 05:26:01 PM EDT

Ummm no fast and easy way.... - (folkert) - (1) - April 12, 2002, 07:10:04 PM EDT

[strike]Ummm no fast and easy way....[/strike] - (folkert) - April 14, 2002, 10:09:47 AM EDT

The Linux boot disk I used . . - (Andrew Grygus) - (9) - April 12, 2002, 10:53:53 PM EDT

...which is what? - (kmself) - (8) - April 13, 2002, 06:43:20 PM EDT

Here ya' go . . . - (Andrew Grygus) - (7) - April 13, 2002, 10:13:12 PM EDT

You rock! - (kmself) - (4) - April 14, 2002, 04:55:11 AM EDT

and...just used it on a Win2K box - (kmself) - (3) - April 15, 2002, 08:34:59 PM EDT

Be vewwy vewwy careful with this - (pwhysall) - (2) - March 5, 2003, 02:46:58 AM EST

Of course it's a tool of last resort . . - (Andrew Grygus) - March 5, 2003, 10:56:12 PM EST

When write support works well... - (kmself) - March 5, 2003, 11:26:05 PM EST

This one goes in the permanent bag o' tricks. - (Silverlock) - April 14, 2002, 12:29:08 PM EDT

Saved me tonight - (Steve Lowe) - March 5, 2003, 01:39:45 AM EST

iwethey.org

I'm the best there is at what I do. But what I do isn't very nice.
59 ms