Reinserting Admin Account?

B

bigstusexy

2[H]4U
Joined
Jan 28, 2002
Messages
3,194
Hello,

Anyone know how to revive the Admin account or grant someone administrator privlages on a 2k/xp (I think it was XP) box?


Here is how it was explained to me: Guy goes to install something on a computer, gets denied, goes to login with the Admin username and password, windows reposts with acount does not exist. He logs in as the person that was using the computer checks the user information and yep, no admin account and that account doesn't seem to have admin privlages.

He then boots using the linix based password changer, it also doesn't list an admin account.

The computer is in a Work group (boy is there a funny story about that).

Any suggestions let me know. I'll definetly be searching. Oh yeah reinstalling is the last option
 
I can honestly say I have never seen a computer without an admin account. I'm not sure the specifics of how you checked for it, but is it ossible the account was renamed? I rename my guest and admin accounts (the usernames).

The problem you may have is that without having elevated user rights, you may not be able to create an admin account...unless the account you're currently using is also an admin.
 
The problem you may have is that without having elevated user rights, you may not be able to create an admin account...unless the account you're currently using is also an admin.
Click to expand...
Agreed. I mean, what would be the point of having any security if anyone logging in could make himself an admin?
 
You guys aren't getting what I mean, When you have physical access to a system anything is possible, File security means jack unless it's encrypted and with EFS there is a way to recover the key.

What I'm looking for is a way to reinsert an admin account or grant privlages, maybe something weird like allowing the system account to interact and actualy log in, something like that.

It's not super important now as we've contacted the person that did the original install, he told us (actually my boss, who orignially asked me about this) that yeah he did get rid of the admin account on a few boxes but there was a back door he left. Through that my boss was able to get in and insert a new admin. I'm going to keep looking for this as it might come in handy in the future, I'll post what I find.
 
I'd like to see how someone could completely remove all admin accounts from the box. Having physical access to the box isn't really relative in this example...I think you were misunderstanding our answers.
 
bigstusexy said:
Hello,

Anyone know how to revive the Admin account or grant someone administrator privlages on a 2k/xp (I think it was XP) box?

Any suggestions let me know. I'll definetly be searching. Oh yeah reinstalling is the last option
Click to expand...

I'd figure out which account is the renamed "adminsitrator" account. It can't be deleted, but it can be renamed and the description changed.

I regularly rename my accounts on my local machine. I rename the "guest" account to "admin", and change its description. I then rename the "administrator" accoount to "guest" and change its description; then I rename "admin" to "administrator".

Nobody ever trys to hack into your "guest" account. The local admin account does have a well known SID, so someone who isn't a script kiddie wouldn't be fooled, but the real pros are few and far between, and they go after the low hanging fruit anyway. There's plenty of it.

If there aren't any local accounts on the machine with local administrator access with a password you know, all you can do is take the local SAM hive and hope the account with admin access has an easy to crack password. Or use you Linux password changing tool to change all thr local passwords, then log into each account until you find the one that is really the local administrator account.

Personally, I'd attach the HD to another box, recover whatever data you needed and reformat it. I wouldn't trust the OS without a wipe and reinstall until it was scanned from a known clean uninfectable environment with multiple tools (like a BartPE CD or UBCD for Windows).
 
Here is an interesting article that describes removing the "administrator" account from admin privs. It could be a combination of the above link and renaming the admin account.

AFAIK the only way to verify the "administrator" account was removed and not renamed would be to check SIDS.
 
says the guy that can't get an admin account working

bigstusexy said:
You guys aren't getting what I mean, When you have physical access to a system anything is possible, File security means jack unless it's encrypted and with EFS there is a way to recover the key.
Click to expand...
 
Instead of looking at individual accounts, look at the Administrators GROUP. It will list any accounts left with Admin privilages.

Also, was this machine ever on an ActiveDirectory domain? If so, that brings in a whole new bunch of possibilities.

-Larry
 
You must log in or register to reply here.
Back
Top