Administrator password bypass / Serial ATA registry corruption

Hello,

I assume that you were using this data under NT/2000/XP and you have a new OS running NT/2000/XP. If this is the case, you have a new version of NT/2000/XP running, and are just being blocked by the OS.

See, even though the account names are the same (Administrator), there is an invisible mapping within windows that generates a hairy digit number letter thing that is the real user ID.

You could make an ID for a user "Jenny". Save a file, only readable by her. Remove "Jenny". Make another ID "Jenny". The accounts are named the same, but they are VERY DIFFERENT. Windows does this (as does Unix and Mac) so that someone can leave the company, and a new person with the same ID name can come in, and there won't be a security compromise.

How do you get around it?

Administrators have the ability to "take ownership" of files and folders. You will need to login to that computer as the administrator, go to the folder / file in question, and then bring up the properties window. From there, find the security information, and take ownership of the files.

Now, if you encrypted the files under NTFS, you could be in another ballpark. I have not simulated how to fix that condition.

Christian

Hello,
Now, if you encrypted the files under NTFS, you could be in another ballpark. I have not simulated how to fix that condition.

Christian

I haven't had a chance to try it either, but I sure hope you can retreive it the same way. Otherwise it would make a good case to never use NTFS encryption. There is a bug in XP, I don't know if it has been fixed, that can cause the Administrator account to be disabled when you reboot from changing the workgroup name. If this is the only account on the machine, which can happen frequently, you're screwed. No getting back in. This has bitten me twice. I have a program that allows you to crack the user accounts and re enable, and change the passwords but if files are encrypted, you can't get to those.

Couldn't you just boot in safemode and get to the admin user? Or you could read and try this:
http://www.petri.co.il/forgot_administrator_password.htm

No sure if this is what you want to do but booting up from a Windows 2000 CD will allow you to bypass the administrator password prompt on an XP partition.

Couldn't you just boot in safemode and get to the admin user? Or you could read and try this:
http://www.petri.co.il/forgot_admin...or_password.htm

Effectively that is what I do and it is a quick easy thing, but if the Administrator has NFTS encrypted files, you will never get access to those files after doing it. So says the documentation, I haven't tried doing that, but I have to believe them. That was my point.

No sure if this is what you want to do but booting up from a Windows 2000 CD will allow you to bypass the administrator password prompt on an XP partition.

If you know a way to change the admin password or enable the admin account after doing this, I would like to know how to do it. I think I'm going to do a test case and see what happens to encrypted files after a reinstall, just to see if you can get in with a different SID unless someone has done it or knows for sure.

:cheesy: Thanx for the reply......I did a search of the Microsoft Knowledge base and found the the same info and I was successful in taking ownership of the directory and get to the files.

Hello,

I assume that you were using this data under NT/2000/XP and you have a new OS running NT/2000/XP. If this is the case, you have a new version of NT/2000/XP running, and are just being blocked by the OS.

See, even though the account names are the same (Administrator), there is an invisible mapping within windows that generates a hairy digit number letter thing that is the real user ID.

You could make an ID for a user "Jenny". Save a file, only readable by her. Remove "Jenny". Make another ID "Jenny". The accounts are named the same, but they are VERY DIFFERENT. Windows does this (as does Unix and Mac) so that someone can leave the company, and a new person with the same ID name can come in, and there won't be a security compromise.

How do you get around it?

Administrators have the ability to "take ownership" of files and folders. You will need to login to that computer as the administrator, go to the folder / file in question, and then bring up the properties window. From there, find the security information, and take ownership of the files.

Now, if you encrypted the files under NTFS, you could be in another ballpark. I have not simulated how to fix that condition.

Christian

What I foundout on my own is ya could bypass the admin without using a CD is try when booting up keep hitting the F8 key until you come to a screen that has safe mode,safe mode with networking,LOGGED.txt,Last Known good configuration,

you want to pick safe mode which should bring you to another screen that has yer Operating System pick that and windows will bootup.

Pick adminstrator if that's what it has.

When booting up in safe mode alot of yer drivers etc. will be disabled but nothing to be alarmed about.Safe mode is with the minimal amount of drivers.

Now in safe mode click onto start then goto settings then control panel then click onto user accounts ya should see an administrator name,click onto that and it should let you change everything for that user without putting in old stuff.

Hope this helps.

P.s Oh btw ya might wanna get a little notebook and write down yer computer stuff incase ya forget that's what I do.but put yer notebook somewhere where noone will find it.If ya lose yer notebook try the above method I described.

Also if what I described works ya could also make a textfile with yer usernames and passwords incase ya lose yer notebook or whatever.