Access to Computer 2

[dput]

I have a user who took a laptop from our Domain and switched it to a workgroup. They do not know any of the local passwords and now can't access the machine. The machine will now not recognize the domain anymore. Is there anyway around this?

Dan

 

[dseaver]

You can use OphCrack to retrieve local passwords. Pop it in and it does its thing. It will tell you the usernames and passwords for the local acoounts.

 

[eyec]

unless someone set a password try logging on as the Administrator and just hit enter without a password

 

[dput]

Tried that and it did not work. That was my thought too. User apparently had set a password before joining the domain. I am downloading 0phcrack now.

Dan

 

[lhuegele]

Check the Microsoft website. There is a way to reset the Administrator password.

Good luck,

 

[PcLinuxGuru]

I would say give it back to the IT dept who probably know the local admin account and can login and rejoin it. Seems odd though that he was able to change it to a workgroup without knowing the credentials.

 

[sectorboot]

Depends on the OS.
From W2000 up, they can't.

 

[Hondy]

OphCrack will get it for you just let it run. Chances are if they didn't know what they were doing in the first place then the password will be something ridculously simple and won't take long.

post the password they chose for fun

 

[juice1zm3]

Have the laptop restarted in "safe mode" and select "administrator" as the user. Then remove all permission from all profiles except for the administrator. If that fails then.......restart the laptop while tapping on F12 and it will bring the laptop back to factory setting and delete EVERYTHIN but, it will be like having a brand new cleam laptop which I recommend since you don't know exactly what the laptop was used for. My recommmendation is start tapping f12, resart the laptop, then follow the prompts just to be safe. Make the employee pay for the re-programming.

juiceizme

 

[maczen]

Ophcrack is free and nice.. I personally use ERD Commander but that costs money.. In this particular case you may be better off wiping the system clean...

B Haines
CCNA R&S, ETA FOI

 

[manfmmd]

Everyone forgot two things:

1. Change the password on the account that allowed this user to remove the PC from the doamin. If it was his own account, remove it IMMEDIATELY from the domain admin administrative group.

2. Remind him/her of the security policies that are in place that deal with circumventing company controls and security on company owned assets...if your company has such policies.

I also use ERD Commander or PE Builder for this stuff.

 

[maczen]

Good point Manfmmd!

B Haines
CCNA R&S, ETA FOI

 

[Hondy]

you'd be surprised at windows default domain security - a standard user can add up to 10 computers into a 2003 domain and a standard user can also disjoin from the domain (albeit not remove the account itself from AD)

I'm not suggesting you have a default policy but its perhaps not that they used a powerful account.