Solved

Sam Files

Posted on 2004-09-19
9
349 Views
Last Modified: 2013-12-04
I have a small issue where I work.  The company I work for recently fired the desktop support guy (the only one for the building), and as such, he took with him the password for admin accounts on the local machine.  It gets more difficult too.  We use a variety of Win 2000/xp machines.  In addition to this, he not only had more than one password, but a variety of the same passwords.  He also removed the domain group so that a simple push cannot be made to reset it.  What are your recommended solutions for the expeditious recovery of the passwords from the sam files.
0
Comment
Question by:myomoto
9 Comments
 
LVL 83

Expert Comment

by:oBdA
ID: 12095881
Do you still have the domain administrator logon?
0
 
LVL 32

Expert Comment

by:Luc Franken
ID: 12095884
Hi myomoto,

There's no need in your case to recover the Administrator password, what you need is a way to reset the password, here's a list of tools to do so: http:Q_20723476.html
Full walkthrough can be found at PeteLong's site: http://www.petenetlive.com/Tech/Windows/WinGen/passwordrecovery.htm

Greetings,

LucF
0
 
LVL 1

Author Comment

by:myomoto
ID: 12095887
I am setup as basically a power user.  I know I can use the domain administrator but I'd like to steer away from that if possible.  200+ machines I'd have to do this on.
0
Save on storage to protect fatherhood memories

You're the dad who has everything. This Father's Day, make sure your family memories are protected. My Passport Ultra has automatic backup and password protection to keep your cherished photos and videos safe. With up to 3TB, you have plenty of room to hold the adventures ahead.

 
LVL 83

Accepted Solution

by:
oBdA earned 500 total points
ID: 12095979
Assuming you have the W2k Resource Kit (namely local.exe, getsid.exe, cusrmgr.exe), this script will do the trick.
It will rename the built-in local Administrator account on a given machine or  list of machines (they might have been renamed), and it will change the password. While it's at it, it will give you a list of other accounts or groups that are in the local Administrators group.
The script is currently in test mode (note the setting at the beginning), so you can do a trial run.

====8<----[RenBIAdmin.cmd]----
@echo off
setlocal
:: *** renbiadmin.cmd
:: *** Renames the built in administrator account of the specified machine and changes the password
:: *** Necessary external tools (from the W2k Resource Kit): local.exe, getsid.exe, cusrmgr.exe
:: *** New name of the built-in administrator account:
set NewAdmin=LocalAdmin
:: *** New password of the built-in administrator account:
set NewPassword=secret
:: *** "set Test=echo" (without quotation marks) for testing purposes,
:: *** "set Test=" (without quotation marks) to get serious
:: *** in test mode, it will do everything as usual, but it will neither
:: *** rename the account nor change the password.
set Test=echo
:: *** Localization; the name of the Local Administrators Group:
set AdminGroup=Administrators
:: *** List the Administrator's SID (TRUE to enable, empty or FALSE to disable):
set EnableSID=FALSE
:: *** (path and) name of the log file:
set LogFile=%~n0.log
:: *** (path and) name of the file with failed machine names:
set FailedFile=%~n0.txt

:: *** Built-in System Administrator RID (Default: 500):
set BIAdminRID=500
:: *** Admin share (used to verify administrative credentials):
set AdminShare=C$

if %1.==. goto Syntax
if exist "%FailedFile%" del "%FailedFile%"
(echo Machine Name;Local Admins;Built-in Admin;Other Admins;Return Code "Rename";Return Code "New Password")>"%LogFile%"
echo ======================================================================
if /i not %1.==/L. goto process
if %2.==. goto Syntax
set ListFile=%2
if not exist %ListFile% (
  echo Error: The list file does not exist.
  goto leave
)
for /f %%a in ('type %ListFile%') do call :process %%a
goto leave

:process
set Machine=%1
set BuiltinAdmin=
set LocalAdmins=
set OtherAdmins=
set Failed=
:: *** check if remote machine is alive:
ping -n 1 %Machine% | find "TTL" >NUL
if errorlevel 1 (
  set Machine=%Machine% [failed: not responding]
  set BuiltinAdmin=[skipped]
  set LocalAdmins=,[skipped]
  set OtherAdmins=,[skipped]
  set RCRename=[skipped]
  set RCNewPass=[skipped]
  set Failed=%Machine%
  goto log
)
:: *** check for administrative privileges on the remote machine:
net use \\%Machine%\%AdminShare% 1>NUL 2>NUL
if errorlevel 1 (
  set Machine=%Machine% [failed: access denied]
  set BuiltinAdmin=[skipped]
  set LocalAdmins=,[skipped]
  set OtherAdmins=,[skipped]
  set RCRename=[skipped]
  set RCNewPass=[skipped]
  set Failed=%Machine%
  goto log
)
net use \\%Machine%\%AdminShare% /delete 1>NUL 2>NUL

:: *** Check for the local built-in administrator account:
:CheckAdmins
for /f "tokens=1* delims=\" %%a in ('local %AdminGroup% \\%Machine%') do (
  set CheckDomain=%%a
  set CheckAdmin=%%b
  call :FindBuiltIn
)

:: *** Check if the built-in account was found:
if "%BuiltinAdmin%"=="" (
  set BuiltinAdmin=[undetermined]
  set RCRename=[skipped]
  set RCNewPass=[skipped]
  set Failed=%Machine%
  goto log
)

:: *** Check if the built-in account already has the correct name:
if /i "%BuiltinAdmin%"=="%NewAdmin%" (
  set RCRename=[skipped: name ok]
  goto ChangePass
)
:: *** Rename the built-in account and save the return code:
set RCRename=
for /f "tokens=2 delims=:" %%a in ('%Test% cusrmgr -u %BuiltinAdmin% -m \\%Machine% -r %NewAdmin% ^| find /i "ERROR"') do set RCRename=%%a
if "%RCRename%"=="" set RCRename=0
:: *** Check if renaming was successful:
if %RCRename% GTR 0 (
  set RCNewPass=[skipped: couldn't rename]
  set Failed=%Machine%
  goto log
)

:ChangePass
:: *** Change the password and save the return code:
set RCNewPass=
for /f "tokens=2 delims=:" %%a in ('%Test% cusrmgr -u %NewAdmin% -m \\%Machine% -P %NewPassword% ^| find /i "ERROR"') do set RCNewPass=%%a
if "%RCNewPass%"=="" set RCNewPass=0
if %RCNewPass% GTR 0 set failed=%Machine%
goto log

:: **********************************************************************
:: *** Subroutines:
:FindBuiltIn
:: *** Check if the account to be tested is a local one; if not, save it and return:
if /i not "%CheckDomain%"=="%Machine%" (
  set OtherAdmins=%OtherAdmins%,%CheckDomain%\%CheckAdmin%
  goto :eof
)

:: *** Get the administrator's SID of the remote machine:
for /f "tokens=7 skip=2" %%a in ('getsid \\%Machine% %CheckAdmin% \\%Machine% %CheckAdmin%') do set SID=%%a
:: *** Get the Relative Identifier:
for %%a in (%SID:-= %) do set RID=%%a
set LocalAdmins=%LocalAdmins%,%CheckAdmin%
if /i "%EnableSID%"=="TRUE" set LocalAdmins=%LocalAdmins% {%SID%}
if "%RID%"=="%BIAdminRID%" set BuiltinAdmin=%CheckAdmin%
goto :eof

:Syntax
echo.
echo renbiadmin.cmd
echo.
echo Renames the built-in administrator account ^(independently of its current name^)
echo of a given machine or a list of machines and resets the password.
echo Creates a ";"-separated logfile and a list of machines where renaming or
echo password change wasn't successful.
echo If run in test mode, no renaming/password change is done.
set TM=ON&if .%Test%.==.. set TM=OFF
echo New Admin:     %NewAdmin%
echo Logfile:       %LogFile%
echo "Failed" list: %FailedFile%
echo     Attention: Rename this file before using it as machine list with /L!
echo                The file will be deleted/recreated when running the script.
echo Test mode:     %TM%
echo.
echo Syntax:
echo renbiadmin { ^<machine^> ^| /L ^<list^> }
echo ^<machine^>: Renames the administrator account of ^<machine^>.
echo /L ^<list^>: Renames the administrator account of all machines in ^<list^>
echo            (one name per line).
goto leave
:: **********************************************************************

:log
set LocalAdmins=%LocalAdmins:~1%
if "%OtherAdmins%"=="" set OtherAdmins=,[none]
set OtherAdmins=%OtherAdmins:~1%
(echo %Machine%;%LocalAdmins%;%BuiltinAdmin%;%OtherAdmins%;%RCRename%;%RCNewPass%)>>"%LogFile%"
if not "%Failed%"=="" (echo %Failed%)>>"%FailedFile%"
echo Machine:        %Machine%
echo Local Admins:   %LocalAdmins%
echo Built-in Admin: %BuiltinAdmin%
echo Other Admins:   %OtherAdmins%
echo RC Rename:      %RCRename%
echo RC Password:    %RCNewPass%
echo ======================================================================

:leave
====8<----[RenBIAdmin.cmd]----
0
 
LVL 1

Author Comment

by:myomoto
ID: 12096274
well as it turned out, i found a copy of ERD commander 2002, and will give this a try first.  If it doesnt work, than i'll give your suggestions a try.  Thank you for your speedy replies!  Even if it works, you both have my vote to split the points.
0
 

Expert Comment

by:FF1337
ID: 12148545
the fast way is boot it with an ntfs dos boot disk, then delete the sam files and reboot.
and u got the administrator password as black
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
how to mitigate against $ theft from ATM machines 5 112
IE Plugin Issue 4 71
Possibility of Outlook running on Linux 6 107
SSL certificate pack 6 150
Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
I designed this idea while studying technology in the classroom.  This is a semester long project.  Students are asked to take photographs on a specific topic which they find meaningful, it can be a place or situation such as travel or homelessness.…
This is a video describing the growing solar energy use in Utah. This is a topic that greatly interests me and so I decided to produce a video about it.

930 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now