Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Access to Computer 2

Status
Not open for further replies.

dput

IS-IT--Management
Jul 12, 2001
387
US
I have a user who took a laptop from our Domain and switched it to a workgroup. They do not know any of the local passwords and now can't access the machine. The machine will now not recognize the domain anymore. Is there anyway around this?

Dan
 
You can use OphCrack to retrieve local passwords. Pop it in and it does its thing. It will tell you the usernames and passwords for the local acoounts.
 
unless someone set a password try logging on as the Administrator and just hit enter without a password
 
Tried that and it did not work. That was my thought too. User apparently had set a password before joining the domain. I am downloading 0phcrack now.

Dan
 
Check the Microsoft website. There is a way to reset the Administrator password.

Good luck,
 
I would say give it back to the IT dept who probably know the local admin account and can login and rejoin it. Seems odd though that he was able to change it to a workgroup without knowing the credentials.

 
OphCrack will get it for you just let it run. Chances are if they didn't know what they were doing in the first place then the password will be something ridculously simple and won't take long.

post the password they chose for fun :)
 
Have the laptop restarted in "safe mode" and select "administrator" as the user. Then remove all permission from all profiles except for the administrator. If that fails then.......restart the laptop while tapping on F12 and it will bring the laptop back to factory setting and delete EVERYTHIN but, it will be like having a brand new cleam laptop which I recommend since you don't know exactly what the laptop was used for. My recommmendation is start tapping f12, resart the laptop, then follow the prompts just to be safe. Make the employee pay for the re-programming.

juiceizme
 
Ophcrack is free and nice.. I personally use ERD Commander but that costs money.. In this particular case you may be better off wiping the system clean...

B Haines
CCNA R&S, ETA FOI
 
Everyone forgot two things:

1. Change the password on the account that allowed this user to remove the PC from the doamin. If it was his own account, remove it IMMEDIATELY from the domain admin administrative group.

2. Remind him/her of the security policies that are in place that deal with circumventing company controls and security on company owned assets...if your company has such policies.

I also use ERD Commander or PE Builder for this stuff.
 
you'd be surprised at windows default domain security - a standard user can add up to 10 computers into a 2003 domain and a standard user can also disjoin from the domain (albeit not remove the account itself from AD)

I'm not suggesting you have a default policy but its perhaps not that they used a powerful account.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top