I have a user who took a laptop from our Domain and switched it to a workgroup. They do not know any of the local passwords and now can't access the machine. The machine will now not recognize the domain anymore. Is there anyway around this?
You can use OphCrack to retrieve local passwords. Pop it in and it does its thing. It will tell you the usernames and passwords for the local acoounts.
I would say give it back to the IT dept who probably know the local admin account and can login and rejoin it. Seems odd though that he was able to change it to a workgroup without knowing the credentials.
OphCrack will get it for you just let it run. Chances are if they didn't know what they were doing in the first place then the password will be something ridculously simple and won't take long.
Have the laptop restarted in "safe mode" and select "administrator" as the user. Then remove all permission from all profiles except for the administrator. If that fails then.......restart the laptop while tapping on F12 and it will bring the laptop back to factory setting and delete EVERYTHIN but, it will be like having a brand new cleam laptop which I recommend since you don't know exactly what the laptop was used for. My recommmendation is start tapping f12, resart the laptop, then follow the prompts just to be safe. Make the employee pay for the re-programming.
Ophcrack is free and nice.. I personally use ERD Commander but that costs money.. In this particular case you may be better off wiping the system clean...
1. Change the password on the account that allowed this user to remove the PC from the doamin. If it was his own account, remove it IMMEDIATELY from the domain admin administrative group.
2. Remind him/her of the security policies that are in place that deal with circumventing company controls and security on company owned assets...if your company has such policies.
I also use ERD Commander or PE Builder for this stuff.
you'd be surprised at windows default domain security - a standard user can add up to 10 computers into a 2003 domain and a standard user can also disjoin from the domain (albeit not remove the account itself from AD)
I'm not suggesting you have a default policy but its perhaps not that they used a powerful account.
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.