Originaly from Mark Joseph Edwards, Windows & .NET Magazine Security UPDATE (http://www.winnetmag.com)

Have you ever lost or forgotten a user password? Several tools are available that can help you in those situations, including Peter Nordahl's Offline NT Password & Registry Editor tool (see the first URL below). Nordahl's tool is available in the form of a floppy boot disk image, which contains a single-floppy version of the Linux OS along with software that resets any valid user's password. The tool works on systems that have Syskey enabled--a nice touch--and you can also use the tool to disable Syskey. If you prefer to use a CD-ROM-based boot image, DMZ Services offers one that contains a mini-Linux boot image and Nordahl's password recovery software (second URL below). DMZ Services offers a shell script that can create the bootable International organization for Standardization (ISO)-based image and offers an ISO-based file (.iso) that you can burn directly onto a CD-RW using standard CD-RW burning software.

http://home.eunet.no/~pnordahl/ntpasswd
http://www.dmzs.com/tools/files

I guess it's not common knowledge that NT can create such bootdisks on it's own.

Yups, happpens to me all the time. Not so much as with winblowz, but like with unix shells. Most of the time I end up haveing to re-register. :D But any who, thanks for the info. ;)

Remote_Access_

*nod nod* Very useful, greenies for you :)

I never lose paswords, cuz I write them on the botom of my keyboard ;)

an NT bootdisk will not allow you to reset passwords you fool hence these tasty red points

I prefer intelligent discussion over trying to make a point with antipoints, but whatever floats your boat. I'll just let microsoft prove you wrong on this one.

http://www.microsoft.com/technet/treeview/default.asp?url=/TechNet/prodtechnol/winntas/maintain/erd.asp

Microsoft's site is terrible, hard to find anything, but this page makes reference to the fact that their disk can reset passwords.

Hello shkuey !

I promised my self to not write anything down since I have a vacation, but this thread was so tempting that I had to make a post again. And I'm sorry if you got red points for your post in this thread.

I have never denied that NT boot disk can reset passwords and be of great help. But almost no tool is that good that you would use it if you did not have to, and the tool I mentioned above is such a tool. It's still a beta or maybe even a alpha since their NTFS driver not is perfect.

I would not use NT rescue disk either if I did not have to.

Originally posted by shkuey


I prefer intelligent discussion over trying to make a point with antipoints, but whatever floats your boat. I'll just let microsoft prove you wrong on this one.

http://www.microsoft.com/technet/treeview/default.asp?url=/TechNet/prodtechnol/winntas/maintain/erd.asp

Microsoft's site is terrible, hard to find anything, but this page makes reference to the fact that their disk can reset passwords.

And now back to NT rescue disk, as I stated it's possible to restore password with it but you have to make a pair of rescue disks of every workstation since the rescue disks are "personal" and do only work on the computer you made them on (correct me if I'm wrong on this one). You also have to put them away in a wault or similiar since it's aint good to have the disks were everyone can use them.. We are talking security, yes?

Anyway.. My posting was not to show you the perfect tool, and this tool is nice and scary at the same time.. With a bootable CD and SSH client at the CD together with all other tools this could be a nightmare for the administrator of a big network aswell as a minor company dealing with sensitive information.

Now have I to take vacation for a few days, hope you all can sleep well tonight :D :D

You're correct, the bootdisks only work on the system that created them, or systems that were created via image(thus having the same security identifier). It's not an incredible security risk if somebody else were to use the disk, since it resets the password to something chosen beforehand and not whatever the user wishes (Not that you want people resetting your passwords either way).

I agree, I would not use a windows recovery disk unless it was absolutely neccisary.

Originally posted by shkuey
I guess it's not common knowledge that NT can create such bootdisks on it's own.

Hmmmm shoot me for being stupid but I wasn't aware the erd could reset passwords. I read the article and I couldn't find the reference you talked about(Am I blind as well as stupid lol). I have used this tool here :

http://www.winternals.com/products/repairandrecovery/ntrecover.asp

to reset passwords. I guess I could save a bundle. Could you please point out the reference? Thanx in advance.

Under the section "Other Handy Uses For An Emergency Repair Disk" it states:

An up-to-date ERD will also prevent gray hairs when you need to reset the password to a previously used one. It can save you many hours you might otherwise spend reinstalling Windows NT and the associated programs on the workstation being recreated.

It lacks details, but like I said, I can't find the details on microsoft's abysmal website. Basically these disks back up the registry, which stores previously used passwords (NT 4 remembers the last 3 by default, I think), and by restoring appropriate keys you can reset the password. It is not user friendly at all.

I do concede that third party software is probably far more flexible to handle these things.

Some remark:

cause the SAM is on the ERD disks too, you could also read the sam hash from the ERD and use L0phtcrack to find the password...
so basicly you have 2 options if you have the ERD disks from a specific workstation:

1) reset the password to a previous one.

2) search the password from the SAM file with a password cracker.

Originally posted by iNViCTuS
I never lose paswords, cuz I write them on the botom of my keyboard ;)


lol.....So much for security! Oh well, whatever works for you I suppose!

Originally posted by iNViCTuS
I never lose paswords, cuz I write them on the botom of my keyboard ;)

Hey, I've never thought of that! I've always used simple passwords, like admin/admin, for everything.....

:D