Help forgot NT Password on NT Workstation! 1

[wncads]

Hope someone can help. I take care of a company who had changed the Admistrator Pass on a NT 4.0 workstation from the typical adminpwd to "blank" by that I mean no pass.

Someone from another shift figured that out and has changed the password to something else and now we can't get in as there were no other users setup on this machine.

The machine shares a UNIX OS which we can't scrap and start over with. So, can someone please tell me how to hack in and find the pass or how to delete the file pertaining to it to get into Windows at all..... since we can't get by the PRESS CTRL-ALT-DEL to LOGIN Screen...

Thanks so much,
Keith

 

[wahooguy]

The easiest way to do this is with a utility called Lophtcrack. You can download an evaluation copy at

http://www.securitysoftwaretech.com/l0phtcrack.

With it, you can import the SAM database file and crack all the users' passwords, including administrator.

The only trick to this is how your system is configured. If the C: drive (or whichever drive contains your NT install) is a FAT partition, you can use a 98 boot disk to boot the system and copy the SAM to disk. However, if C: is an NTFS partition, you need to install another copy of NT on some free space on your HDD. Once the new NT is running, you can then read the old version's partition and retrieve the SAM from there.

The SAM file you are looking for is located in the winnt\system32\config folder. The reason for the previous step is NT uses this file while it is running. Therefore, you can't copy the open file.

If you can retrieve the SAM, lophtcrack should crack it. I used this in a similar situation and it cracked the administrator password in less than 2 hours. I'm sure there are other cracks out there. This is just the one I've used before.

wahooguy

 

[waynemaples]

see

http://is-it-true.org/nt/atips/atips262.shtml

"Recover Lost Windows NT Administrator Password"

includes many methods, some very simple, some complex, freeware and commercial

-Wayne
Contentmaster
NT/Windows 2000 Tips for NT Admins and NT Users
Hacking Tips for NT Admins

http://is-it-true.org/

 

[mikes999]

I might make a stupid suggestion, but, once you mentioned, that the box is a multisystem one (UNIX/NT), can't you run NT setup, and reinstall NT on top of an existing istallation, overwriting it completely?
With that, your UNIX system will remain untouched, and NT will be overwritten - I am not sure, whether you'll still have a multiple boot choice, but this can be easily fixed, I guess.

Worth a try, anyway.

 

[prayagpal]

If you reinstall NT over the current install, it'll definitely over-write the current boot sector (this is infamous as Microsoft Virus), and it'll not give you a dual boot option. You gotta reinstall Unix again, for dual boot option.

 

[muck]

Its very simple -
I presume your w/s is on a network ?!?
Log in to the w/a as lan admin. - go to start and run.
type - musrmgr and change the password of the local admin on the w/s from there....

musrmgr is the local user manager on all NT w/s by default.

Hope this helps,
Mike.

 

[SteelDragon]

Ok,
All awesome suggestions, but why don't you do the easy thing? Use your NT rescue disk restore your registry and vioala you have the original Password back. Just that simple, no extra software or hacks or anything required. MS thought of this very scenario when the came up with the rescue disk.

Good Luck,
SteelDragon

 

[wncads]

This is an NT workstation that is a STAND ALONE or obviously I would have gone to the server and forced a change of the password. Since its a stand alone don't have those options. The password they have changed is ADMINISTRATOR thus preventing me from getting in at all... That was the only user this company had setup on the machine, and I know how stupid that is but my company just took over their support and we are finding a lot of things like this that they have done without thinking.. Thanks for your help guys. Also, no restore disk to speek of that I can locate. Is there a way to find a good backup of the reg and restore it from the command prompt only option at boot up???

Keith
wncads@wnclink.com

 

[WhiteWiz]

I vote for the L0phtCrack method. I've tried it in the past and it works great.

 

[SteelDragon]

Keith,
Make a disk from an identical NT Wks, and then use it... you may have to edit it to get it to work, IE change variables like Workstation name, and things like that, but once you get it to "think it belongs" restore the reg, and there you have it. I would not use any other Crack method unless you totally trust what you are doing, and don't mind losing your data if it kills your comp. If you need assistance just post again... I'll monitor this and help you as needed.

Good Luck,
SteelDragon

 

[wncads]

Thanks, SteelDragon I will try that on Monday, had surgery this Monday and am working out of my home trying to get some answers on some things and catch up on correspondance. Thanks to all for your great suggestions, I will let you know what happens.

 

[De8o]

Keith,
I hope you get this before you try anything with the registry or ERD disk!!!!
I have two solutions...
(1) If a screensaver kicks in while waiting for a login find out it's name e.g. LOGON.SCR. Boot up with a dos disk and change LOGON.SCR to LOGON.BAK. Copy CMD.EXE to LOGON.SCR. If your file system is NTFS download NTFS for dos from sysinternals. Reboot and when the screen saver kicks in you'll have the command prompt and can change the password.
(2) You say you have a dual boot with UNIX so I am assuming that it is LINUX and somebody knows how to use it. If this is the case, I have a linux boot disk I can send you that will allow you to change any users password in NT. If you want a copy of this please reply.

Hope all works out well,
Darren

 

[thelmaus]

If this is an NT Workstation on an NT network and the domain admininstrator still has admin privileges to this computer, a domain administrator can run usrmgr.exe (this program is in the winnt directory of the NT Server) on another NT Workstation or a NT Server. In the user pulldown menu, hit select domain, set the domain to the workstaion name. You are now in the user manager program of the remote workstation. Change the local administrator password to whatever you like.