General discussion

  • Creator
    Topic
  • #2315385

    Key personnel left with the password

    Locked

    by b143d ·

    I have a tech friend that has a Xp professional system located in an office that is the guts of the entire operation. The CFO left under threat of prosecution and did not leave any access code for anyone. This computer cannot be opened or even booted. He changed the BIOS chip too!

    Can you help him?

    billk@sunbeltchemicals.com is his address

    Thank you,

    bbutler@sunbeltchemicals.com

All Comments

  • Author
    Replies
    • #3384758

      Key personnel left with the password

      by dmiles ·

      In reply to Key personnel left with the password

      NTAccess can replace the administrator password of a Windows NT, Windows 2000, Windows XP or Windows Server 2003 system by rebooting the computer with a special set of boot disks. This is useful if you forgot the administrator password and cannot access the Windows NT/2000/XP/Server 2003 system.
      The Windows XP and Windows Server 2003 version of NTAccess can be loaded directly from the bootable Windows XP or Windows Server 2003 Setup CD-ROM.

      Top

      Some Details
      NTAccess looks for the built-in administrator account. This account cannot be disabled, it can only be renamed. NTAccess always displays the name of this account so you know how to log in even if it has been renamed. On Windows XP or Windows Server 2003 the built-in administrator account can also be disabled, but the Windows XP and Windows Server 2003 version of NTAccess will enable it again.
      NTAccess only changes the password of the built-in administrator account, it does not affect any other accounts or any registry settings and does not destroy any information on the system.

      New since Service Pack 3 for Windows NT 4.0 is the optional feature to further protect password data in the registry (also known as System Key Security or SYSKEY Protection). This may require a password or a floppy disk with an encryption key to start up a Windows NT/2000/XP/Server 2003 system. NTAccess can turn off this protection for Windows NT so that you can still access the Windows NT system as administrator. The only drawback is that the passwords of all other accounts are no longer valid cause they are encrypted with a key that cannot be recovered if the password or the floppy disk with the encryption key is not available. Of course you can change all the passwords using User Manager or some other tool after you have logged on as administrator.

      • #3384757

        Key personnel left with the password

        by dmiles ·

        In reply to Key personnel left with the password

        There are Linux boot disks that have DOS and NTFS filesystem drivers and software that will read the registry and rewrite the password hashes for any account including the Administrators. It is as simply as:

        shutdown or turnoff the PC
        put the book disk in the PC and reboot
        respond to the Linux prompts
        the highest barrier is understanding unix media descriptors
        select the account whose password hash needs to be rewritten & enter a new password
        reboot & access using the new password
        This process requires physical access to the console and an available floppy drive.

        The following site provides the downloadable boot disk image, image to disk utility, source code, and supporting documentation: Offline NT password utility. This version can disable syskey protect. They do note that turning off syskey under Windows 2000 damages the SAM and is not to be attempted except as a last resort to reinstallation. Watch for updates.

        See Analysis of Alleged Vulnerability in Windows 2000 Syskey and the Encrypting File System for Microsoft’s perspective.

        I have seen the Linux boot disks fail primarily on scsi-based boxes when the boot disk did not have the proper scsi driver or when there was some problem detected in the scsi setup. I have also seen PCs where the Linux boot disk works but the SAM seems to be invisible to Linux (although its in its standard location and later access with NTFSDOS allows it to be copied).

    • #3384637

      Key personnel left with the password

      by hagai ·

      In reply to Key personnel left with the password

      I guess the first issue is hoew to reset the bios password so here is a link of how to do it:

      http://www.labmice.net/articles/BIOS_hack.htm

      after you finish with that you can try to open WinXP with that link:

      http://www.winternals.com/products/repairandrecovery/locksmith.asp

      good luck

    • #2740324

      Key personnel left with the password

      by tqp050774vp ·

      In reply to Key personnel left with the password

      Using ERD Commander 2002 if you can make pc boot from CD.

    • #2738233

      Reply To: Key personnel left with the password

      by mja ·

      In reply to Key personnel left with the password

    • #3544161

      Reply To: Key personnel left with the password

      by mbbs ·

      In reply to Key personnel left with the password

      To remove the BIOS password, open the PC and remove the battery that feeds the BIOS memory.
      Leave it out for a day, so that also the capacitors on the motherboard are discharged.

      Replace the battery again and start up the PC again.
      You may need to change the hard disk settings to autodetect so the PC can set the correct HD parameters again

      After that, use the Linux password removal disk

      If you don’t succeed in resetting the windows admin password, you can use a Linux CD distribution called Knoppix to retrieve files from the Hard disk
      Knoppix can read data from NTFS disks and save them to a fat partition or to an USB memory stick

      Rgds,
      Marc

      Marc

Viewing 4 reply threads