General discussion

Locked

nt security

By npressley ·
i had a call from a customer who said he can't get in his server. for some reason it has been changed or something. is there any way to get in to reset password?
npressley@inetnow.net

This conversation is currently closed to new comments.

35 total posts (Page 3 of 4)   Prev   01 | 02 | 03 | 04   Next
Thread display: Collapse - | Expand +

All Comments

Collapse -

nt security

by Bryan Henderson In reply to nt security

If there is an Administrator account on the machine and the user knows the credidentials for that account, or has access to somone that does, they can get in and reset it.
If the is a bootable dos partition, you may be able to boot from a floppy disk(dos) and run a program called l0phtcrack. What it will do is capture the part of your registry that contains account information. Once you have that, you can run the part of the l0phtcrack program that cracks accounts and passwords. Depending on the "difficulty" of their password, you should be able to retrieve it. It may take a few minutes to a few days for the l0phtcrack program to crack it. Hope this helps, it happened to me and I had everything so "secure" I had to rebuild the machine...

Bryan

Collapse -

nt security

by npressley In reply to nt security

The question was auto-closed by TechRepublic

Collapse -

nt security

by ron In reply to nt security

Even if you do not have the ERD, you can still run a restore off of the three setup diskettes, and choose the option to rebuild/replace the SAM and Security settings during the setup procedure. When you are done with the repair of NT, it should finish with a blank Administrator password. So after you do this, logon to the Server as Administrator with no password and then you will have the access that you need. Don't forget to change the passwords on the services that logon using an account, usuallt the Administrator account.

Collapse -

nt security

by npressley In reply to nt security

The question was auto-closed by TechRepublic

Collapse -

nt security

by willh In reply to nt security

These are all good answers, I personally use the Winternals ERD Commander.

Now, to prevent this from happening in the future: establish a policy to have one user login ON THE MACHINE'S User Manager (Not the domain's). This "user" should be standard for ALL machines, and have a standard password. The "user" should be added to the Administrator's group (and removed from the Users group). This use should match a user name on the domain, used for the same purpose.

After the user is created, LOG IN,using that user name, to establish a cached profile.

The user name and password should be locked up in the manager/SysAdmin's custody and ONLY USED for opening up lost password situations.

Will Harper, MCSE

Collapse -

nt security

by npressley In reply to nt security

The question was auto-closed by TechRepublic

Collapse -

nt security

by mark.thomson In reply to nt security

If he has an ERD or if he can log on to the server at all then he can use a password crack utility to see the password.

Collapse -

nt security

by npressley In reply to nt security

The question was auto-closed by TechRepublic

Collapse -

nt security

by vickim In reply to nt security

Re-install NT Server.

Collapse -

nt security

by npressley In reply to nt security

The question was auto-closed by TechRepublic

Back to Windows Forum
35 total posts (Page 3 of 4)   Prev   01 | 02 | 03 | 04   Next

Related Discussions

Related Forums