active directory password recovery

[kingston13]

I am running windows 2000 server. I install active directory and create a alphanumeric password. I have not logged in for a long time and now i forgot the password. How can i recover the password without losing my configuration?????

 

[nobleman]

The easy way . Go here and buy the software. You will be done in 20 minutes.

http://www.sunbeltsoftware.com/product.cfm?id=265#skus

OR >>>> you can do it the free way .. good luck !

Offline NT Password & Registry Editor, Bootdisk

--------------------------------------------------------------------------------

I've put together a single floppy which contains things needed to edit the passwords on most systems. It uses Linux as the OS, because it's freely distributable, easy to program, and supports compressed bootdisks/ramdisks.

The bootdisk supports standard (dual)IDE controllers, and most SCSI-controllers with the drivers supplied in a seperate archive below. It does not need any other special hardware, it will run on 486 or higher, with at least 32MB (I think) ram or more.

If there's problems with accessing the disks using this bootfloppy move the harddrive to another NT-machine to access the sam-file, and try out
Grenier's DOS port


--------------------------------------------------------------------------------

WARNING 2001-09-11: The 010819 release seems unsafe!
and it has been removed.
On win2k it is reported to corrupt the files due to NTFS problems, causing blue screen (and reboot) on boot. People affected can try this:
Boot win2k CD into recovery console. Then do chkdsk.
Then go to \winnt\system32\config one of the files, probably system file is corrupt (zero size?)
Copy a backup file, system.sav over it, then reboot.

The 011022 release hopefully will not have this problem, or try the 010114 release.

--------------------------------------------------------------------------------

How to use?
Yes, long text. Please read it all before mailing me with questions
WARNING: Turning syskey off on Win2k IS UNSAFE! (read below)
HINT: Just press return/enter to accept default prompts in [brackets]
WARNING: Having a striped/mirrored systemdisk may either not work but will at least require rebuild of the mirror.
SCSI: Copy the appropriate SCSI-modules (drvname.o.gz) from the SCSI-zip-file to the "scsi"-directory on the floppy if you need scsi-support. (the floppy is FAT, use windows, dos or whatever) There's just too many drivers to include them all in the main package. As an alternative you may put lots of them on another (otherwise empty) floppy in a dir named "scsi", and switch floppies at the instruction-banner-prompt (before the scsi-promt).
Shut down machine and insert floppy.
Let the machine boot from the floppy, some computers may require adjustments in the BIOS setup to allow booting from floppy.
NOTE TO USERS OF COMPAQS OR DELLS and other machines that after loading bugs out with panics & "VFS: insert root floppy" or similar:
The bios probably reports too little RAM (there are several ways to report this, and linux fails on some bioses) You can do this:
Hold down LEFT SHIFT when booting the floppy. It will stop with a prompt
Boot:
Then enter:
floppy mem=128M (or whatever you have)
And press enter/return. Things will hopefully go better.
Some banners and loading-messages will appear, hardware information etc.
(switch to scsi-driver floppy here if needed, see above)
Available SCSI-drivers will be listed (if any, see above), and it will now prompt for SCSI-controller drivers, you may:
answer 'y' to probe all available drivers in the "scsi" dir on the floppy. It will stop probing once it manages to initialize one controller.
answer 'n' to skip searching for SCSI cards. Use this if you only have IDE-disks.
or at the prompt, enter the linux module name (without the .o or .o.gz ending) of the driver, and optionally parameters for it, to go directly for one. You will be asked again untill you answer 'n', so that more than one driver can be loaded if required.
Next comes a list of all found partitions on all disks, followed by a list of what it thinks is NTFS partitions.
At the prompt to select a partition, the first bootable NTFS partition will be the default selection. (First bootable FAT if no NTFS found) You may however select another partition (also a FAT partition) by giving its full name (like /dev/hda1 , or /dev/sda1). SCSI: sdDP -> D=disk a b c d etc, P=parition number 1 2 3 4 etc. IDE: hdDP -> D=a or b (primary IDE), c or d (secondary IDE), P=partition number.
The partition will be mounted, and the type (NTFS or FAT) will be stated.
Then you must select the full path (relative to the partition) of the registry directory. This is usually 'winnt/system32/config', which is the default selection, but it will also automatically recognize windows installed in winnt35 or windows.
Then select files to copy to temp area in ramdisk. For password editing the default is 'sam' (essential, it's the password database), 'system' (contains some info on syskey), and 'security' (additional syskey info in Win2k). If syskey is not active, only 'sam' is changed when editing passwords. If you instead want to edit something in the registry, select the hive you want, 'system' is proper for services, hardware settings etc.
You can then select between:
Password editing (default selection)
Registry editing. (see regedit.txt)
Now it has everything it needs, so the 'chntpw' utility will be started, working on the files in /tmp. There:
Some nice statistics of the registry hive will be displayed.
All usernames in the file will be listed.
A check for SYSKEY is done, if it's found to be enabled (it is by default in Win2k RC-something and up) you will be asked if you wish to disable it. You do not have to disable it unless you have lost the key-floppy or passphrase. It seems pretty safe to disable it on NT4, but will cause trouble in Win2k (see main page or syskey.txt)
You will then be prompted for the user which you want to change the password of. (default selection is administrator, it recognizes admin-account with changed name or localized names, too) It will continue to prompt for a username until '!' is given. Re-list the users with '.'
Some information on the user will be shown (and still with some debug info) before the prompt for new password.
Enter the new password, max 14 chars (it will show on the screen). Or enter nothing to keep unchanged.
Then confirm the change (this is for the change to the file, which at this point is located as a temp file in the ramdisk, writeback comes later)
If the 'chntpw' utility succeeds, you will be prompted to confirm the writeback to the NT disk/filesystem. Only 'y' is accepted for it to commit the changes. (the commit is in 2 steps. First in the editor program, then in the bootfloppy scripts. Your harddisk will only be changed if the last one is confirmed)
After everything is complete, you will get the "# " shell prompt. You may then reset the computer (three-finger-salute).

What can go wrong?
Lots of things can go wrong, but most faults won't damage your system.
The most critical moment is when writing back the registry files to NTFS. Also, the file written back may be corrupt (from chntpw messing it up), preventing your NT system from booting properly. YOU HAVE BEEN WARNED! One indication of a corrupt SAM is that the Netlogon service will fail to start, which again means it's impossible to log in.

The most reported problem as of summer 2001 is that the write back to NTFS simply don't do anything.

The second most reported problem is after load, before any prompts, things crash out, ending in something like:
VFS: Insert rootfloppy
and
Panic: unable to mount root on blahbla..

This is caused by RAM shortage, since the kernel fails to get correct memory size from the BIOS. (there are several ways to do this apparently)
Solution: Hold down LEFT SHIFT key while booting, and enter
floppy mem=128M
or whatever memory value you have.

For linux-knowledged people, you may do things manually if the scripts fail, you have shells on tty1-tty4 (ALT F1 - ALT F4).


--------------------------------------------------------------------------------


Bootdisk history
011022:
Will now only write back files that have actually changed, hopefully reducing problems with NTFS on win2k. sam is usually small, and most often the only file changed.
If writing to NTFS, a run of something called ntfsfix is now an option (but recommended), it will force windows to do chkdsk on next boot, to further reduce problems. If one of the files still gets corrupted, see top of this page for info on how to salvage.
Better drivers? (A Compaq driver did not build and is not included. sorry for this, if someone has one that works with 2.4.12, I'll put it up)
Fixed input bug when entering names of 16 characters, it caused an overflow into the password prompt, making it impossible to change the password
010819 release removed!
010819:
Fixed scsi driver module loader. No probe is now default answer. Manual loading: You give the basename (ex: aic7xxx) and it will hopefully handle it if the file is named .o or .o.gz (ex: aic7xxx.o.gz) Prompt for module loading will be repeated until you say 'n'
Path selection: default was always \winnt\system32\config, but on Windows XP (and on upgraded systems from win98) it's seems to be \windows\...., so it will now check for winnt, winnt35 and windows and suggest the found one as default.
More and better drivers. Hope I remembered to get everything in.
010114:
More drivers. Hopefully more compaq/ibm/large-vendor-type raid-type controllers. (note that support for bootpartition in complicated raids may not be there yet). I2O-drivers. Some IDE-raid stuff, maybe. It's really not possible for me to test this.
Small bugfix in scsi-probe part of bootdisk, giving driver name (without .o.gz or something) and parameters should now work I hope.
000607:
000607-release of chntpw with bugfixes when handlig large hives.

Hopefully fixed handling of large NTFS-filesystems (>6-7GB?), now only uses kernel drivers, not commandline tools.
Some devicenodes for Compaq Smartarray SCSI raids added (/dev/ida/c?d?p?)
000401: 000401-release of chntpw with better syskey-handling, no bootdisk changes apart from that, use same SCSI-drivers as previous release.
000220: Fixed some bugs leading to hang while reading registry files.
000219: Some hardwaredriver updates.
(earlier history removed)
9705xx
First public release.

--------------------------------------------------------------------------------

Download
Note: Most links are offsite. Thanks to Thomas EZ for hosting


bd011022.zip (1.4MB - Bootdisk image, date 011022)
sc011022.zip (~700KB) - SCSI-drivers (011022) (only use newest drivers with newest bootdisk, this one works with bd011022)
rawwrite2.zip - DOS Program to write the image.
NOTE THAT THE BOOTDISK CONTAINS CRYPTHOGRAPHIC CODE, and that it may be ILLEGAL to RE-EXPORT it from your country.

Use:

The zip-file contains at least the floppy image, and newer versions may also contain the chntpw linux binary as a standalone file. The unzipped image (bdxxxxxx.bin) is a block-to-block representation of the actual floppy, and the file cannot simply be copied to the floppy. Special tools must be used to write it block by block. For Dos, win95/98 & NT, use rawrite2.exe or some other imagewriter:

rawrite2 -f bd000401.bin -d A:
this is the correct usage. sorry for my earlier error.

Or from unix:

dd if=bootdisk.bin of=/dev/fd0 bs=1024

Todo:
Full registry write support (allocate new nodes, delete etc)
Bootdisk-scripts & main program still a bit to verbose even when not in verbose mode.

--------------------------------------------------------------------------------



[Back to main page]


--------------------------------------------------------------------------------

011022, pnordahl@eunet.no