Win 2000 admin password, help needed

[Drakain Zeil]

Hello everyone, been a while since I've really been posting here. Anyway...

At my school (I'm 17 as of January) there is a computer in the studio that the tech crew uses every day for our video announcements in the morning. However, because of previous [physical and password security] problems the admin account's password has been changed by some one who has not come forward. Formatting is out of the question...

Now, it's been a while since I've done windows password stuff, and my knowledge is very outdated, and fuzzy. I basically have no idea how to get back this account... whoever did this really messed up the computer, putting what I'll describe as 'awkward' images all over the drives.

I felt I should give a story so no one thinks I'm trying to break into my school's network.

So, if you haven't guessed by now, I would very much like to know how to change the password, or at least get the password so it can be changed, the system can be fixed, and we can finally update our virus protection.

As far as I remember, passwords are stored in PWL files...in some directory, and passwords are encrypted by... something...

Any help would be awesome.

[MrLinus]

NT Offline Password and Registry Editor (CD/Floppy) should do the trick as far as resetting the Admin password. And in Win2K passwords are stored in the SAM and Registry.

[Drakain Zeil]

Thanks, I'll be sure to try that.

[White Scorpion]

MsMittens > why don't you tell him to search the forums? the whole forums contain a lot of threads about removing / changing / retrieving windows 2000 and XP passwords....

[Tiger Shark]

why don't you tell him to search the forums?

'Cos she's a nice lady??????

[nihil]

Formatting is out of the question...

Why? if you can get into the system and save the data, you should be able to format it afterwards. After all this isn't some heavy duty production machine?

Also................as the system has obviously been totally compromised and own3d, it would be classical security policy to do this as a matter of course? What else has this miscreant done to it?

You do realise that this is not just a password issue, I hope This is SECURITY...............format and re-install would be my choice, otherwise you will have to VERY CAREFULLY scan for anything else that might be on the box? As you are an educational establishment, the software to do that will cost you.

whoever did this really messed up the computer, putting what I'll describe as 'awkward' images all over the drives.

I will decline to "rise" to that bait

It serves to demonstrate that you need to clean the system and secure it. Format and re-install is the best method.

And make sure that there is adequate physical security

[anban]

Mr.Drakain Zeil , If your problem is true then try loptcrack, it should give you the admin password without any problem. You dont need to be worried about your SAM, it will locate and do the work for you.

I dont know what OS your system has, this workd very well for 2000 and above. I have used at several vocations, it has never let me down, either for a standalone machine or a machine in network .

[MrLinus]

LC5 is ok but rather expensive for a single operation. Cain and Abel is a quick and cheap (free) alternative as would be even SamInside (at $40USD).

And I just posted the original link because I had been talking with a friend about it and had it handy.

As for the ethics of this, that's his responsibility. The standard view still applies: if you get into crap for this, it's your own issue and don't whine to us. Anything found on AO can be used both ways (good or evil). So we leave that to the original poster to deal with.

[anban]

LC5 is free for trial, it works well for local system. They dont charge anything for 30 days and after its upto you to registser or not.

I have Cain & Abel, i def. feel lc5 is worth.

[nihil]

Hmmmmmmmmm,

I am not really worried about the ethics here, just the security angle. My personal view would be that if I had a machine that had been that seriously compromised I would want to do a format and re-install.

Recovering passwords is for when you have forgotten them. NOT for when someone has hacked your box and changed them.

To put it another way, say I went to this machine and recovered the password and control, then the bad guy uses one of his backdoors to compromise it again..................I will have done one hell of a lot for my street cred?

just a thought

EDIT: Drakain~ what I am saying is be sure to cover YOUR a$$..............warn them that the correct procedure is to wipe and start again, and that you cannot accept responsibility for anything else that might be on that box.

Hey, you are trying to do them a favour? please make sure that it does not come back and bite you on the bum...............there are some pretty ungrateful people out there mate!