Need help resetting an admin password

R

RevitXman

n00b
Joined
Jul 14, 2004
Messages
48
Okay, I really wouldnt ask if I knew I tried everything.

Background: Family has 4 PC, which the daughters former b/f helped setup. Girl dumps b/f and b/f remotely screws up the entire network AND unregistered all of the girls classes for college after she bought the books. She was owned.

I need to crack the admin password on this dell and I have tried EVERYTHING.

heres what I've done:

Tried my linux password resetter, didnt work
Tried Hirens BootCD v8, didnt work
Tried ERD Commander 05, didnt work
Tried replacing the SAM database with the orginial, fubared lsass.exe. Luckly made a backup. All fixed.

If you try to log in with the Admin account it gives you "Cannot login due to account restrictions" (I've used blank passwords, complex passwords, etc). I cant seem to find the registy keys for account policies..Seems like this guy took the admin out of local login rights..

Any suggestions? The data is backed up, but the B/f encrytped all the information, but we managed to un-encrypt it. The woman does NOT have the restore CD
 
In all seriousness you absolutely cannot trust the machine and therefore should be wiped and reinstalled from scratch.

You said you have a backup which is good, however even if you reset the admin password, you cannot be assured that the machine is safe to use.

Although they don't have a restore CD, try calling the manufacturer and obtain one. Otherwise pay for a new copy and be rest assured the BF cannot gain access to the machine again.
 
SJConsultant said:
In all seriousness you absolutely cannot trust the machine and therefore should be wiped and reinstalled from scratch.

You said you have a backup which is good, however even if you reset the admin password, you cannot be assured that the machine is safe to use.

Although they don't have a restore CD, try calling the manufacturer and obtain one. Otherwise pay for a new copy and be rest assured the BF cannot gain access to the machine again.
Click to expand...

Yeah, I'm gonna see if she'll get a copy of XP Pro
 
RevitXman said:
Background: Family has 4 PC, which the daughters former b/f helped setup. Girl dumps b/f and b/f remotely screws up the entire network AND unregistered all of the girls classes for college after she bought the books. She was owned.
Click to expand...

I would have filed a report with the police. Have the b/f charged with some hacking laws(I've had these read to me but can't think of them off the top of my head), tried to get the school to press charges for hacking into there system and making changes, and once the police were able to trace anything to him had real consultants fix the machine and sue him for the amount. Make the fucker pay.

Anyway yea I have some tools for resetting the passwords but it sounds like he may have done more then that. I would restore the system. Fun note if the b/f loaded the computer with windows by any chance is it illegal. Report his ass.

BTW when you go to reload windows run something like dban on the drive first to make sure anything he could have put on it is gone. Also it should go without saying but make sure all of everyones passwords are changed and have them monitor there bank accounts in case the guys knows those passwords.
 
Repair it via a via a quick repair and it will reset admin password for you. Then check the user manager and get rid of all of them except admin and create new ones. Then verify no logger programs are running anywhere.

And call the cops and have him arrested for hacking, actually you would have thought the school would have done that since he basically hacked into them and changed her classes.
 
mctwin2kman said:
Repair it via a via a quick repair and it will reset admin password for you. Then check the user manager and get rid of all of them except admin and create new ones. Then verify no logger programs are running anywhere.

And call the cops and have him arrested for hacking, actually you would have thought the school would have done that since he basically hacked into them and changed her classes.
Click to expand...

If any law enforcement is going to be involved it would be prudent to NOT touch the machine until a forensic analysis can be done.
 
SJConsultant said:
If any law enforcement is going to be involved it would be prudent to NOT touch the machine until a forensic analysis can be done.
Click to expand...

Yea thats why I said what I would have done as it may be to late. SJ is correct though.
 
If another user has admin rights, log on as that user, if not, make a remote desktop connection and log on as the local administrator account. Run "gpedit.msc" and remove the local administrators group or local administrator user from "Computer Configuration>Windows Settings>Security Settings>Local Settings>User Rights Assignment>Deny Logon Locally".

If remote desktop access is turned off, and you don't have any other user with enough rights to turn it back on, you are hosed.
 
Have you tried safe mode? I somewhat recall there being restrictions on the Admin account on XP Home? Can't recall.
 
zeplar said:
Have you tried safe mode? I somewhat recall there being restrictions on the Admin account on XP Home? Can't recall.
Click to expand...

Exactly.

http://support.microsoft.com/kb/290109/en-us

SYMPTOMS
When you install Windows XP Home Edition, you are prompted to enter a password for the Administrator account. After the installation has completed, you can only use the Administrator account in Safe mode. When you use the Administrator account to log on to the computer in Normal mode, you may receive the following error message:
Unable to Log You on because of an Account Restriction
Back to the top

CAUSE
This issue occurs because the Administrator account has been set aside so that it can be used in Safe mode when the Owner account is not available.
Click to expand...
 
You must log in or register to reply here.
Back
Top