Mark Minasi's Reader Forum
Mark Minasi's Reader Forum
Home | Profile | Register | Active Topics | Active Polls | Members | Search | FAQ | Minasi Forum RSS Feed
Username:
 Password:
Save Password
Forgot your Password?

 All Forums
 General Forum
 Cool Links
 Claus' understated link of the year...		  New Topic  Reply to Topic
 Printer Friendly
Author Previous Topic Topic Next Topic  

spam spam bacon spam
Old Timer

USA
486 Posts
Status: offline
Posted - 05/17/2011 :  09:49:38 AM  Show Profile  Click to see spam spam bacon spam's MSN Messenger address  Look at the Skype phone address from spam spam bacon spam  Reply with Quote
In this thread,

Lost Admin password
Claus (Xenophane) mentioned a password recovery tool that I JUST learned about, used with PERFECT, SIMPLE, success and was in near tears for how easy it made my life that night...

I was going to post it in these forums, but found Claus had beat me to it (by over a year :)

It's called offline nt password recovery (?) and DOES work on Win Server 2K3, 2K8, (but dunno about the domain admins accounts...I leave that to you guys to find out?)

I had taken some pics of the process (Jimi, don't look! Too saucy for your innocent baby blue eyes!) and am posting them here to help show how EASY and AWESOME Claus' tool is... (OMG. That soooo did NOT come out right... how do I say that?!?)

Hopefully the pics will help youse guise see what you can do with this thing...


OK. I admit my pictures are "teh suk", but whateva'!

First pic is the list of all accounts that showed up when I booted the laptop from the CD I made...

I chose to reset the ADMIN account and the second pic is of what showed up when I typed in "Administrator"...







I never even KNEW what the passwords were(!!) of this laptop's local accounts.

It had been set up for us by International (the truck manufacturer) and the accounts are used by some running services and to grab updates from IH's servers...

When the laptop started acting funky a few weeks back, I needed to start doing diagnostics and...uhhhh...it would help if I could log in :)


~Spamster
“One has to conclude that it is no great matter for someone with access to a PDP-11 to test all lower-case alphabetic strings up to length five and, given access to the machine for, say, several weekends, to test all such strings up to six characters in length.”
Password Security: A Case History
Robert Morris
Ken Thompson
Bell Laboratories
Murray Hill, New Jersey 07974
April 3, 1978

jadgate
Major Contributor

USA
917 Posts
Status: offline
Posted - 05/17/2011 :  09:58:20 AM  Show Profile  Reply with Quote
Kathy-

I have used this tool with sucess to recover local (on the box) acccounts, however, IIRC, it will not work on a domain controller once the domain is up and running for the admin account, at least that was my experience with it (a few years back). So caveat emptor for those attempting to get into the admin account of a DC due to the untimely departure of a prior admin.

Later,

Jim
James Adgate, CISSP
IT Auditor and Compliance Specialist
Data Loss Prevention (DLP)
IT Security Policy and Risk Mitigation for Enterprises
http://linkedin.com/in/jamesadgatech
Go to Top of Page

spam spam bacon spam
Old Timer

USA
486 Posts
Status: offline
Posted - 05/17/2011 :  10:27:40 AM  Show Profile  Click to see spam spam bacon spam's MSN Messenger address  Look at the Skype address for spam spam bacon spam  Reply with Quote
quote:
Originally posted by jadgate

Kathy-

I have used this tool with sucess to recover local (on the box) acccounts, however, IIRC, it will not work on a domain controller once the domain is up and running for the admin account, at least that was my experience with it (a few years back). So caveat emptor for those attempting to get into the admin account of a DC due to the untimely departure of a prior admin.

Later,

Jim


Thanks, Jim.

I wasn't sure about the domain accounts as once I got the laptop, it was pretty much bricked.
I worked on it at home, far far away from my domain :)
So "local" worked for me.


I did go to the pogostick page and found this link to resetting DOMAIN Admin accounts...
I haven't tried it, but wow! it sounds really simple...

I *LOVE* the idea that you set the screensaver to the command prompt!
AWESOME idea!

(PS-If you're gonna do this, FOLLOW THE LINK and USE IT, NOT MY SCREEN SHOT BELOW. The website has some caveats and tips...I just grabbed a screen shot of the "meat" and didn't include any extra stuff the author wrote...)

www.jms1.net%202011-5-17%2010-17-37.jpg" border="0">

(Sorry about hanging HTML...
And...No.
I ain't fixing it. Heh.)


~spammies
“One has to conclude that it is no great matter for someone with access to a PDP-11 to test all lower-case alphabetic strings up to length five and, given access to the machine for, say, several weekends, to test all such strings up to six characters in length.”
Password Security: A Case History
Robert Morris
Ken Thompson
Bell Laboratories
Murray Hill, New Jersey 07974
April 3, 1978
Go to Top of Page

Xenophane
Honorable But Hopeless Addict

Denmark
3070 Posts
Status: offline
Posted - 05/19/2011 :  4:07:17 PM  Show Profile  Visit Xenophane's Homepage  Send Xenophane an ICQ Message  Reply with Quote
You can actually use it to reset a domain admin account as well (or at least for the first step)

You have to do this on a domain controller, then you can reset the "local" password (There is a local user stored, to enable access to "Directory Service Restore mode")
Then you have full admin permissions on the domain controller(locally), you can then use INSTSRV and SRVANY to install a service that starts cmd.exe with the following parameters (/k net user administrator SecurePWD /domain). The cmd.exe process will inherit the local system permissions from the SRVANY process, and therefor have permissions to reset the domain admin pwd.
Microsoft Powershell MVP

SIG> George Bernard Shaw : The power of accurate observation is commonly called cynicism by those who have not got it. </SIG>

You can read my blog at www.xipher.dk
Go to Top of Page

lady_mcse
Old Timer

634 Posts
Status: offline
Posted - 05/20/2011 :  2:06:33 PM  Show Profile  Reply with Quote
I fell in love with that tool at my last job. My BOSS, the guy who had been in IT since dinosaurs roamed the earth and was generally VERY good at what he does ... had decided to drop a whole bunch of classroom PC's out of one domain, planning ot add them to another. So he went from PC to pc dropping them down into workgroup, then started at #1 again to rejoin the domain and, wooops. The admin password he was so sure was right was not.

So I hit up my best friend Google, and within half an hour or so we had the whole place back up and running on the new domain.
Anne O'Day
MCITP: SharePoint 2010
Go to Top of Page

wobble_wobble
Honorable But Hopeless Addict

Ireland
4516 Posts
Status: offline
Posted - 05/20/2011 :  5:30:12 PM  Show Profile  Visit wobble_wobble's Homepage  Look at the Skype address for wobble_wobble  Reply with Quote
If you have access to the Microsoft DART you can get the modern versions of SysInternals ERD Commander.

Other than 2008/ 2008 R2 DC's ( Claus mentions a fix) it will help reset a password nicely, as well as do a lot more.
Joe

After everything that has happened during the month of Jan 07, I do believe that pigs fly backwards!

http://whatismyv6.com/
Go to Top of Page
  Previous Topic Topic Next Topic  
 New Topic  Reply to Topic
 Printer Friendly
Jump To:
Mark Minasi's Reader Forum © 2002-2011 Mark Minasi Go To Top Of Page
This page was generated in 0.16 seconds. Snitz Forums 2000