Repeat after me: Windows 2000 is not NT. Windows 2000 is not NT. Got it? Yes, Microsoft's developers started with the same code base as NT4 when they built Windows 2000. But along the way, they made hundreds of crucial changes to the architecture of the system, and those changes will trip up complacent IT managers who are convinced they can bluff their way through a problem with last version's bag of tricks.
Case in point: password cracking. Two weeks ago, I posed a challenge that begins with every administrator's nightmare: You've just taken over a new job after the previous administrator left unexpectedly, and none of the surviving IT staffers know the password for a key Windows 2000 server. What alternatives do you have?
TechRepublic members flooded my mailbox with interesting suggestions. Trouble is, most of them exploited weaknesses in NT4 that have been fixed in Windows 2000.
Several members suggested L0phtCrack 2.52 from L0pht Heavy Industries. While I have a tremendous respect for this band of ethical hackers, they'd be the first to tell you that it's for NT 3.51 and 4 only. Next?
What about su.exe, a utility included in the Windows NT Resource Kit? Sorry, it requires you to supply the administrator's password—clearly impossible in this case.
One member was certain I could find the answer at pwcrack.com. That address actually took me to lostpassword.com , where I found an extensive collection of password-cracking utilities for all sorts of Windows programs. The list included a suite of tools for Windows NT 4.0 and earlier, but unfortunately, there was nothing on hand for Windows 2000.
On the advice of a couple other TechRepublic members, I went to Winternals.com and looked at NT Locksmith . These guys are some of the sharpest utility writers in the business, and tools like their ERD Professional are must-haves for IT pros...but the latest release of NT Locksmith doesn't do Win2K.
Finally, one TechRepublic member insisted that the answer was Bootdisk , a free utility available from a Norwegian developer. Sadly, the download page included a disclaimer, dated Feb. 23, 2000: "WARNING: Support for Windows 2000 seems broken!"
The best suggestion came from tonyk, who first ticked off all the failings in the previous solutions, then added:
"If you're going to post a solution, at least take the 2-3 minutes it takes to TEST to see if it will actually work. There is ONE vulnerability in 2000 that existed in NT4 and can be done while the server's online:
- 1. Go into %systemroot%\system32.
- 2. Ren logon.scr to logon.old
- 3. Copy cmd.exe to logon.scr
- 4. Log off and wait for the "screensaver" (you'll get a command prompt).
- 5. Under NT4, run musrmgr; under 2000, run mmc.
"You'll need to add user/group support to the MMC; you can then change any password you want."
That sounded good to me (if a little on the cranky side). Then I sat down to test the suggested fix for myself and discovered that it didn't work on a clean installation of Windows 2000 Server. After a flurry of e-mails with tonyk, we determined that this option worked on his system only because he had upgraded over NT4, which enforces a looser set of permissions than Windows 2000.
What's the bottom line? Guard your passwords carefully, because if you lose a password for a key Windows 2000 server, you won't be able to get it back, even if you apply every trick you learned from NT4 days.
Here's Ed's new Challenge
According to some estimates, more than half of all new computers installed in corporate environments are portables. Windows 2000 replaces the barely usable Briefcase utility with a new Offline Folders feature that promises to make life easier for notebook users. Have you deployed this feature? If so, tell your fellow TechRepublic members about some of its pitfalls and limitations. I'll dole out a total of 2,000 points to the best suggestions for synchronizing files on a notebook and desktop PC. Click here to tackle this week's Microsoft Challenge.