?
Solved

Service Install Locked out account login.

Posted on 2003-03-26
18
Medium Priority
?
267 Views
Last Modified: 2010-04-13
Hi All.

I have Windows 2000 installed on a laptop.  While installing a application I was asked for a service login and password. The install then changed the account properties so that i cant login to the machine any more.  The account details that i gave it were the only ones that i have for that machine.

I am on another machine at work with a network...but the machine is not a member of the domain.

Any ideas ?...

Thanks in advance.
0
Comment
Question by:cliffbarns
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 10
  • 4
  • 2
  • +1
18 Comments
 
LVL 44

Expert Comment

by:CrazyOne
ID: 8209046
I unclear to what has happened so I don't know if the following will work or not

See if this helps

Most of these are bootable floppies that give you a backdoor to the SAM registry hive and allows you change the admins password.

---------------------------------
Free stuff

Instructions
This is a utility to (re)set the password of any user that has a valid (local) account on your NT system, by modifying  the crypted password in the registrys SAM file.
http://home.eunet.no/~pnordahl/ntpasswd/bootdisk.html
image files
http://home.eunet.no/~pnordahl/ntpasswd/bd030126.zip  Bootdisk image, date 030126
http://home.eunet.no/~pnordahl/ntpasswd/sc030126.zip - SCSI-drivers (030126)
The unzipped image (bdxxxxxx.bin) is a block-to-block representation of the actual floppy, and the file cannot simply be copied to the floppy. Special tools must be used to write it block by block. For Dos, win95/98 & NT, use rawrite2.exe or some other imagewriter:
http://home.eunet.no/~pnordahl/ntpasswd/rawrite2.zip - DOS Program to write floppy images.

http://home.eunet.no/~pnordahl/ntpasswd/cd030126.zip - Bootable CD image with same version and drivers as floppies above.
====================

Another one
Change administrator password on NT/2000, without knowing it!!! Bootdisk...
http://www.thomasmathiesen.com/itak/html/software.html
image file
http://www.thomasmathiesen.com/filez/sw/external/linuxbootimage.zip
image writer
http://www.thomasmathiesen.com/filez/sw/external/imagewriter.zip
====================

Another one
Offline NT Password and Registry Editor
http://www.pc-pipeline.com/modules.php?op=modload&name=Downloads&file=index&req=viewdownload&cid=3

Download it here
http://www.pc-pipeline.com/modules.php?op=modload&name=Downloads&file=index&req=getit&lid=6

Run it to create a boot floppy then follow the instructions. If you choose to do this then you are doing this at your own risk. Just change the admin pw and login then change the account pw's that you desire.

Make sure you have a floppy disk in the floppy drive and let the program create the boot floppy. Now restart the machine a let it boot from the floppy. Now follow what it instructs you to do.

Use it like a bootdisk.

Another one
NTFS/FAT Boot disk for password recovery/reset
http://www.pchelplive.com/modules.php?name=Downloads 
----------------------------------

NTAccess can replace the administrator password of a Windows XP, Windows NT or Windows 2000 system by rebooting the computer with a special set of boot disks or CD-ROM (XP only). This is useful if you forgot the administrator password and cannot access the Windows XP/2000/NT system.
http://www.sunbeltsoftware.com/product.cfm?id=265


The Password Auditing and Recovery Application
http://www.atstake.com/research/lc/index.html

L0phtCrack, The integrated password cracker for NT
http://www.securiteam.com/tools/L0phtCrack__The_integrated_password_cracker_for_NT.html

ERD Commander
http://www.winternals.com/products/repairandrecovery/erdcommander2002.asp

When your server or workstation won't boot, you need ERD Commander 2002. ERD Commander 2002 boots dead systems directly from CD into a Windows-like environment. You'll have full access to the dead system's volumes, so you can diagnose and repair problems using tools located on the ERD Commander 2002 Start menu. And you'll have built-in network access to safely move data off of, or on to, the dead system. With ERD Commander 2002 you can repair a system quickly and easily, saving you time and rescuing your critical data.
--------------------------------------

Or you could, if you have a FAT32 file system, just boot to a Win98 bootdisk and rename the SAM file (registry Hive) in the C:\WINNT\system32\config folder to something else. Of course this will remove all accounts on the system and you will need to rebuild them. If you are using NTFS then boot to the Win2000 CD and do this from the Recovery console.

For XP
Windows XP Tip: Password Recovery Disk
Take preventive measures against losing user-level passwords
http://www.techtv.com/callforhelp/answerstips/story/0,24330,3356093,00.html


The Crazy One
0
 
LVL 14

Expert Comment

by:kronostm
ID: 8209059

 try booting in safe mode and see if u can modify the existing account proprieties or maybe a new account is needed. I have no ideea what could have happened. If I understand well you filled up a form with your account details? Was your password between that details? What's the error message when u try to login? Do you make a local login or u have a domain controller to authorize your user/pwd ?
    more info nedeed

best regards
Kronos
0
 
LVL 14

Expert Comment

by:kronostm
ID: 8209075
Now I saw crazyone's post. I agree with him.  

...Crazyone, u are fast. Very fast...   too fast  ;(

my respect
 :)
0
10 Questions to Ask when Buying Backup Software

Choosing the right backup solution for your organization can be a daunting task. To make the selection process easier, ask solution providers these 10 key questions.

 
LVL 44

Expert Comment

by:CrazyOne
ID: 8209079
If it is a service that is doing this then Boot to the Recovery Console and disable the service

LISTSVC
The listsvc command lists all available services, drivers and their start types for the current Windows 2000 installation. This may be useful when using the disable and enable commands.

NOTE: These are extracted from the %SystemRoot%\System32\Config\SYSTEM hive. Should the SYSTEM hive become damaged or missing, unpredictable results may occur.
LOGON
---------

DISABLE
disable servicename

The disable command disables a Windows 2000 system service or driver.

where servicename specifies the name of the service or driver to be disabled. Use the listsvc command to display all eligible services or drivers to disable. The disable command prints the old start type of the service before resetting it to SERVICE_DISABLED. Because of this, you should record the old start type, in case it is necessary to re-enable the service.

The start_type values that the disable command displays are:
SERVICE_DISABLED
SERVICE_BOOT_START
SERVICE_SYSTEM_START
SERVICE_AUTO_START
SERVICE_DEMAND_START
0
 
LVL 44

Expert Comment

by:CrazyOne
ID: 8209088
>>>Crazyone, u are fast. Very fast...   too fast  ;(

You aren't slow. You got in pretty quick yourself. :>)
0
 

Author Comment

by:cliffbarns
ID: 8209186
Hi CrazyOne...

Exelent work and informative.

But the service changed the account details.
So what i need to do is change the account details to allow me to logon.  When i try and logon i get : 'Local Policy of this system does not permit you to logon interactively'...

Can i change this with any of the tools you mentioned.

Thanks.
Cliff
0
 
LVL 44

Expert Comment

by:CrazyOne
ID: 8209210
Error Message: The Local Policy of This System Does Not Permit You to Logon Interactively
http://support.microsoft.com/default.aspx?scid=kb;en-us;285793
0
 
LVL 44

Accepted Solution

by:
CrazyOne earned 2000 total points
ID: 8209212
Error Message: The Local Policy of This System Does Not Permit You to Log on Interactively
http://support.microsoft.com/default.aspx?scid=kb;en-us;276590
0
 

Author Comment

by:cliffbarns
ID: 8209216
Hi CrazyOne...

Exelent work and informative.

But the service changed the account details.
So what i need to do is change the account details to allow me to logon.  When i try and logon i get : 'Local Policy of this system does not permit you to logon interactively'...

Can i change this with any of the tools you mentioned.

Thanks.
Cliff
0
 
LVL 44

Expert Comment

by:CrazyOne
ID: 8209219
Those are two different links I posted BTW
0
 
LVL 44

Expert Comment

by:CrazyOne
ID: 8209225
Umm Cliff when you click the refresh button on your browser this is what causes the duplication of the last comment you made. :>)
0
 
LVL 44

Expert Comment

by:CrazyOne
ID: 8209229
When was the last time you backed up the registry

Note the following approcah will not replace any system files.

Can you boot to your Win2000 CD? If so then when it finally boots At the "Welcome to Setup" screen, press F10, or press R to repair, and then C to start the Recovery Console this will allow you to use the command line. From here do something like the following. Or if the file system is FAT32 you can use a Win98 bootdisk to do this. www.bootdisk.com

COPY /Y C:\WINNT\repair\RegBack\TheParticularHive C:\WINNT\system32\config\

This will replace the registry hive to the last time that hive was bacped up. Hopefully you didn't backup the registry at the time the problems started to happen.

Following is a list of the files that are the registry hives. Note these files don't have a file extension on them

DEFAULT
SAM
SECURITY
SOFTWARE
SYSTEM

For the SYSTEM hive you could try the following before doing the copy method.

ren c:\windows\system32\config\SYSTEM SYSTEM.bak
ren c:\windows\system32\config\SYSTEM.alt SYSTEM

I would suggest to first BACKUP these hives from the C:\WINNT\system32\config\ to folder of your making or choice just don't back them up to the C:\WINNT\repair\RegBack\ folder.  

You will probably need to reapply any services patches that you have previously installed.
0
 

Expert Comment

by:likuid
ID: 8211332
cliffbarns
this may help you if strictly followed:
u need to access your laptop computer via network from another win2k computer. im gonna call this computer "rescue"

on rescue go to start menu > run ; type mmc and hit enter
on the console point to console menu > "add/remove snap in"
in the "standalone" tab click ADD; in the new window select "security configuration and analisys" snap in and click ADD then CLOSE and OK.

right click on "security configuration and analisys" point and click "open database" in the "open window" go to the desktop and type secedit in the file name field, click OPEN.
select "setup security" file in the template import window and click OPEN.

right click on "security configuration and analisys" point and click "analize computer now" on the log file prompt hit ok.

Once the process is completed, go to start menu > run and type:
\\LAPTOP\c$
(replace laptop with the computername of your laptop)
it should prompt for a username/password; type in the laptop's administrator password; make sure u user COMPUTERNAME\administrator as the username (replace COMPUTERNAME with the laptop name).

if it fail to open try the password recovery from crazyone.

if everything is cool you should have a window showing you the C: drive of your laptop.

now navigate to c:\winnt\security\database and replace the secedit.sdb with the one you have on rescue's PC desktop.

restart your laptop and try to log on.

let me now if it worked

GL!!

likuid®
0
 

Expert Comment

by:likuid
ID: 8211406
replace LAPTOP with the IP address of the laptop when you use \\LAPTOP\C$
0
 

Author Comment

by:cliffbarns
ID: 8217145
Ok ok ...
Thanks CrazyOne.. I managed to get onto the emergency shell...

But... I cant seem to run any commands.  Are the commands all restricted ?...

What i was hoping to do is run the ntrights.exe program to revoke the no logon rights...

If that fails could i change the IP address on the machine so that i can try execute the utility once the program is on the network...

Thanks again.
0
 
LVL 44

Expert Comment

by:CrazyOne
ID: 8221660
>>> I managed to get onto the emergency shell

Do you mean the revoery console if so it has its own set if commands and does not allow use of any other commands otther than its own.
0
 

Author Comment

by:cliffbarns
ID: 8223249
CrazyOne : Super work.

Just a small comment.  I got in by revoking the SeDenyInteractiveLogonRight with ntrights.exe in the Resource kit, from another machine via a cross-over cable  

But interestingly enough i was not set to admin on any domain or anything like that.  I was just on my book, on a seperate workgroup, and had the other one on its own.

Seems like realy _CRAPPY_ security to me.

What you think ?...
0
 
LVL 44

Expert Comment

by:CrazyOne
ID: 8223276
I agree. There are lot of backdoors to Windows 2000 but it is virtually impossible any OS to be able to lock down all the back doors.
0

Featured Post

Get real performance insights from real users

Key features:
- Total Pages Views and Load times
- Top Pages Viewed and Load Times
- Real Time Site Page Build Performance
- Users’ Browser and Platform Performance
- Geographic User Breakdown
- And more

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Hey fellow admins! This time, I have a little fairy tale for you. As many tales do, it starts boring and then gets pretty gory. I hope you like it. TL;DR: It is about an important security matter, you should read it if you run or administer Windows …
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question