Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

lost administrator password 1

Status
Not open for further replies.

garyw

MIS
Dec 17, 1999
17
GB
Hi<br>
<br>
Customer running NT4.0 SP4 had only one admin account & they've forgotten the password. Does anyone know a way around this, apart from using NTRecover & Locksmith?
 
this is from <A HREF=" TARGET="_new"><br>
<br>
If you have lost the Administrator password, you must have the following to recover:<br>
<br>
1. A regular user account that can logon locally to your Windows NT Workstation, Server,<br>
or PDC whichever you are recovering.<br>
<br>
If you already have an alternate install of NT, skip to The Process, Set 02.<br>
<br>
2. The Windows NT CD-ROM and setup diskettes (winnt /ox to make them from the CD-ROM).<br>
3. Enough room to install a temporary copy of NT (Workstation will suffice, even to recover on a PDC).<br>
4. Your latest Service Pack.<br>
<br>
The Process:<br>
<br>
01. Install a copy of Windows NT as TEMPNT, on any drive. Install your latest Service Pack.<br>
<br>
02. Boot the alternate install.<br>
<br>
03. At a command prompt, type AT HH:MM /INTERACTIVE CMD /K where HH:MM is 10 minutes from now<br>
(or however much time you need to complete the remaining steps and logon to your primary installation).<br>
<br>
04. Use Regedt32 to edit:<br>
<br>
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Schedule<br>
<br>
05. Double click Schedule and click the one sub-key.<br>
<br>
06. Double click the Schedule value name in the right hand pane and copy the REG_BINARY string to the clipboard.<br>
<br>
07. Select HKEY_LOCAL_MACHINE and Load Hive from the Registry menu.<br>
<br>
08. Navigate to your original installation\System32\Config folder and double-click System.<br>
<br>
09. At the Key Name prompt, type ORIGSYS.<br>
<br>
10. Navigate to ORIGSYS\Select and remember the value of Current; i.e. n.<br>
<br>
11. Browse to ORIGSYS\ControlSet00n\Services\Schedule and if Start is not 0x2, set it to 0x2.<br>
<br>
12. With Schedule selected, Add Key from the Edit menu.<br>
<br>
13. Type 001 in Key Name and click OK.<br>
<br>
14. Select 001 and Add Value name Command as type REG_SZ and set the string to CMD /K.<br>
<br>
15. Select 001 and Add Value name Schedule as type REG_BINARY and paste the string from step 06.<br>
<br>
16. Select ORIGSYS and Unload Hive from the Registry Menu.<br>
<br>
17. Use Conrol Panel / System / Startup... to make your original install the default.<br>
<br>
18. At a CMD prompt:<br>
<br>
attrib -r -s -h c:\boot.ini<br>
edit c:\boot.ini and either change the id of the TEMPNT lines to Maint 4.0 on both entries<br>
if you intend to keep this maintenance install or delete them. attrib +r +s +h c:\boot.ini<br>
<br>
19. Shutdown and restart your original install.<br>
<br>
20. Logon as your user account and wait for HH:MM from step 03.<br>
<br>
21. When the CMD prompt opens, it will be under the context of the Schedule user,<br>
either the System account or an administrative account.<br>
If this machine is the NOT the PDC, type MUSRMGR.EXE, if it is the PDC, type USRMGR.EXE.<br>
If you get an error, click YES and type your domain name.<br>
<br>
22. Set the Administrator password and logoff.<br>
<br>
23. Logon as Administrator. <br>
<br>
24. If you are deleted the TEMPNT entries in step 18, delete &lt;Drive:&gt;\TEMPNT<br>
 
here is another method for resetting the password for the lost admin account<br>
<A HREF=" TARGET="_new"><br>
<br>
01. Install an alternate copy of Windows NT.<br>
<br>
02. Boot the alternate install.<br>
<br>
03. Use Control Panel / System / Startup.. to change the default boot instance to your original install.<br>
<br>
04. In the original Windows NT folder, navigate to the \System32 sub-folder.<br>
<br>
05. Save a copy of logon.scr, the default logon screen saver.<br>
<br>
NOTE: If you implemented tip 0028, use that screen saver every time I reference logon.scr.<br>
<br>
06. Delete logon.scr.<br>
<br>
07. Copy CMD.EXE to logon.scr.<br>
<br>
NOTE: If you have implemented tip 0004, set AutoAdminLogon to 0 by using tip 0182<br>
<br>
08. Shutdown and restart your original install.<br>
<br>
09. Wait for the logon screen saver to initiate. It will actually open a CMD prompt, in the context of the local system account.<br>
<br>
10. Type MUSRMGR, into the CMD prompt from step 09, to execute User Manager, and reset the Administrator's password.<br>
<br>
11. Delete the logon.scr from %SystemRoot%\System32.<br>
<br>
12. Rename the saved default screen saver, from step 05, to logon.scr.<br>
<br>
NOTE: If you have implemented tip 0004, set AutoAdminLogon back to 1, by typing Regedt32 into the CMD prompt from step 09.<br>
<br>
13. If you wish to keep the alternate install:<br>
<br>
Compress its' folder.<br>
<br>
ATTRIB -R -S -H c:\boot.ini<br>
<br>
Edit c:\boot.ini and change the text of the alternate installs 2 entries to ALTNT.<br>
<br>
Implement tip 0012.<br>
<br>
14. If you wish to remove the alternate install:<br>
<br>
Delete its' folder.<br>
<br>
ATTRIB -R -S -H c:\boot.ini<br>
<br>
Edit c:\boot.ini and remove the alternate install's two (2) entries. <br>
<br>
<br>
<br>
 
I've got a crack around here somewhere that if you can log onto the server as any user, you can run the crack and crack all the users passwords in about 2-15 minutes, at least it did last time I used it at a NT class. If you need it, let me know and I'll make arrangements to get it to you.<br>
<br>
Dan<br>
<A HREF="mailto:mooredan@jddealer.com">mooredan@jddealer.com</A>
 
Thanks everyone<br>
<br>
Used NTFSDOS to access & copy the SAM file, & lOphtcrack (cheers NumberFive) to get the password list. One happy customer.<br>
<br>
Gary
 
Quick question - <br>
<br>
How do you get access to the SAM file?<br>
<br>

 
Sorry, I'll add to that last post.<br>
<br>
I'm using a NT 4 Workstation which is running NTFS. How do I get the SAM file from the machine from the machine? Normal DOS disks will not allow you to view NTFS. A quick guide would be appreciated!<br>
<br>
Many thanks.
 
Hi again<br>
<br>
I used a normal DOS bootable floppy (actually W95) then ran NTFSDOS (downloadable - try <A HREF=" TARGET="_new"> from same floppy. This allows NTFS partitions to be treated as FAT.<br>
<br>
From there, navigated to WINNT\system32\config and copied sam file to floppy.<br>
<br>
Gary
 
So did they remember the password after you told them what it was?<br>
<br>
I went and found the crack that I was talking about, it's the same one that you used.<br>
<br>
Dan
 
Just for information, lOphtcrack, the package that hacks passwords, took about 24 hours to crack one password in the SAM file. It was quite a complicated one, but it did do it. It cracked the other two passwords in about 2 seconds....<br>
<br>

 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top