Solved

Sam Files

Posted on 2004-09-19
9
352 Views
Last Modified: 2013-12-04
I have a small issue where I work.  The company I work for recently fired the desktop support guy (the only one for the building), and as such, he took with him the password for admin accounts on the local machine.  It gets more difficult too.  We use a variety of Win 2000/xp machines.  In addition to this, he not only had more than one password, but a variety of the same passwords.  He also removed the domain group so that a simple push cannot be made to reset it.  What are your recommended solutions for the expeditious recovery of the passwords from the sam files.
0
Comment
Question by:myomoto
9 Comments
 
LVL 84

Expert Comment

by:oBdA
ID: 12095881
Do you still have the domain administrator logon?
0
 
LVL 32

Expert Comment

by:LucF
ID: 12095884
Hi myomoto,

There's no need in your case to recover the Administrator password, what you need is a way to reset the password, here's a list of tools to do so: http:Q_20723476.html
Full walkthrough can be found at PeteLong's site: http://www.petenetlive.com/Tech/Windows/WinGen/passwordrecovery.htm

Greetings,

LucF
0
 
LVL 1

Author Comment

by:myomoto
ID: 12095887
I am setup as basically a power user.  I know I can use the domain administrator but I'd like to steer away from that if possible.  200+ machines I'd have to do this on.
0
U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

 
LVL 84

Accepted Solution

by:
oBdA earned 500 total points
ID: 12095979
Assuming you have the W2k Resource Kit (namely local.exe, getsid.exe, cusrmgr.exe), this script will do the trick.
It will rename the built-in local Administrator account on a given machine or  list of machines (they might have been renamed), and it will change the password. While it's at it, it will give you a list of other accounts or groups that are in the local Administrators group.
The script is currently in test mode (note the setting at the beginning), so you can do a trial run.

====8<----[RenBIAdmin.cmd]----
@echo off
setlocal
:: *** renbiadmin.cmd
:: *** Renames the built in administrator account of the specified machine and changes the password
:: *** Necessary external tools (from the W2k Resource Kit): local.exe, getsid.exe, cusrmgr.exe
:: *** New name of the built-in administrator account:
set NewAdmin=LocalAdmin
:: *** New password of the built-in administrator account:
set NewPassword=secret
:: *** "set Test=echo" (without quotation marks) for testing purposes,
:: *** "set Test=" (without quotation marks) to get serious
:: *** in test mode, it will do everything as usual, but it will neither
:: *** rename the account nor change the password.
set Test=echo
:: *** Localization; the name of the Local Administrators Group:
set AdminGroup=Administrators
:: *** List the Administrator's SID (TRUE to enable, empty or FALSE to disable):
set EnableSID=FALSE
:: *** (path and) name of the log file:
set LogFile=%~n0.log
:: *** (path and) name of the file with failed machine names:
set FailedFile=%~n0.txt

:: *** Built-in System Administrator RID (Default: 500):
set BIAdminRID=500
:: *** Admin share (used to verify administrative credentials):
set AdminShare=C$

if %1.==. goto Syntax
if exist "%FailedFile%" del "%FailedFile%"
(echo Machine Name;Local Admins;Built-in Admin;Other Admins;Return Code "Rename";Return Code "New Password")>"%LogFile%"
echo ======================================================================
if /i not %1.==/L. goto process
if %2.==. goto Syntax
set ListFile=%2
if not exist %ListFile% (
  echo Error: The list file does not exist.
  goto leave
)
for /f %%a in ('type %ListFile%') do call :process %%a
goto leave

:process
set Machine=%1
set BuiltinAdmin=
set LocalAdmins=
set OtherAdmins=
set Failed=
:: *** check if remote machine is alive:
ping -n 1 %Machine% | find "TTL" >NUL
if errorlevel 1 (
  set Machine=%Machine% [failed: not responding]
  set BuiltinAdmin=[skipped]
  set LocalAdmins=,[skipped]
  set OtherAdmins=,[skipped]
  set RCRename=[skipped]
  set RCNewPass=[skipped]
  set Failed=%Machine%
  goto log
)
:: *** check for administrative privileges on the remote machine:
net use \\%Machine%\%AdminShare% 1>NUL 2>NUL
if errorlevel 1 (
  set Machine=%Machine% [failed: access denied]
  set BuiltinAdmin=[skipped]
  set LocalAdmins=,[skipped]
  set OtherAdmins=,[skipped]
  set RCRename=[skipped]
  set RCNewPass=[skipped]
  set Failed=%Machine%
  goto log
)
net use \\%Machine%\%AdminShare% /delete 1>NUL 2>NUL

:: *** Check for the local built-in administrator account:
:CheckAdmins
for /f "tokens=1* delims=\" %%a in ('local %AdminGroup% \\%Machine%') do (
  set CheckDomain=%%a
  set CheckAdmin=%%b
  call :FindBuiltIn
)

:: *** Check if the built-in account was found:
if "%BuiltinAdmin%"=="" (
  set BuiltinAdmin=[undetermined]
  set RCRename=[skipped]
  set RCNewPass=[skipped]
  set Failed=%Machine%
  goto log
)

:: *** Check if the built-in account already has the correct name:
if /i "%BuiltinAdmin%"=="%NewAdmin%" (
  set RCRename=[skipped: name ok]
  goto ChangePass
)
:: *** Rename the built-in account and save the return code:
set RCRename=
for /f "tokens=2 delims=:" %%a in ('%Test% cusrmgr -u %BuiltinAdmin% -m \\%Machine% -r %NewAdmin% ^| find /i "ERROR"') do set RCRename=%%a
if "%RCRename%"=="" set RCRename=0
:: *** Check if renaming was successful:
if %RCRename% GTR 0 (
  set RCNewPass=[skipped: couldn't rename]
  set Failed=%Machine%
  goto log
)

:ChangePass
:: *** Change the password and save the return code:
set RCNewPass=
for /f "tokens=2 delims=:" %%a in ('%Test% cusrmgr -u %NewAdmin% -m \\%Machine% -P %NewPassword% ^| find /i "ERROR"') do set RCNewPass=%%a
if "%RCNewPass%"=="" set RCNewPass=0
if %RCNewPass% GTR 0 set failed=%Machine%
goto log

:: **********************************************************************
:: *** Subroutines:
:FindBuiltIn
:: *** Check if the account to be tested is a local one; if not, save it and return:
if /i not "%CheckDomain%"=="%Machine%" (
  set OtherAdmins=%OtherAdmins%,%CheckDomain%\%CheckAdmin%
  goto :eof
)

:: *** Get the administrator's SID of the remote machine:
for /f "tokens=7 skip=2" %%a in ('getsid \\%Machine% %CheckAdmin% \\%Machine% %CheckAdmin%') do set SID=%%a
:: *** Get the Relative Identifier:
for %%a in (%SID:-= %) do set RID=%%a
set LocalAdmins=%LocalAdmins%,%CheckAdmin%
if /i "%EnableSID%"=="TRUE" set LocalAdmins=%LocalAdmins% {%SID%}
if "%RID%"=="%BIAdminRID%" set BuiltinAdmin=%CheckAdmin%
goto :eof

:Syntax
echo.
echo renbiadmin.cmd
echo.
echo Renames the built-in administrator account ^(independently of its current name^)
echo of a given machine or a list of machines and resets the password.
echo Creates a ";"-separated logfile and a list of machines where renaming or
echo password change wasn't successful.
echo If run in test mode, no renaming/password change is done.
set TM=ON&if .%Test%.==.. set TM=OFF
echo New Admin:     %NewAdmin%
echo Logfile:       %LogFile%
echo "Failed" list: %FailedFile%
echo     Attention: Rename this file before using it as machine list with /L!
echo                The file will be deleted/recreated when running the script.
echo Test mode:     %TM%
echo.
echo Syntax:
echo renbiadmin { ^<machine^> ^| /L ^<list^> }
echo ^<machine^>: Renames the administrator account of ^<machine^>.
echo /L ^<list^>: Renames the administrator account of all machines in ^<list^>
echo            (one name per line).
goto leave
:: **********************************************************************

:log
set LocalAdmins=%LocalAdmins:~1%
if "%OtherAdmins%"=="" set OtherAdmins=,[none]
set OtherAdmins=%OtherAdmins:~1%
(echo %Machine%;%LocalAdmins%;%BuiltinAdmin%;%OtherAdmins%;%RCRename%;%RCNewPass%)>>"%LogFile%"
if not "%Failed%"=="" (echo %Failed%)>>"%FailedFile%"
echo Machine:        %Machine%
echo Local Admins:   %LocalAdmins%
echo Built-in Admin: %BuiltinAdmin%
echo Other Admins:   %OtherAdmins%
echo RC Rename:      %RCRename%
echo RC Password:    %RCNewPass%
echo ======================================================================

:leave
====8<----[RenBIAdmin.cmd]----
0
 
LVL 1

Author Comment

by:myomoto
ID: 12096274
well as it turned out, i found a copy of ERD commander 2002, and will give this a try first.  If it doesnt work, than i'll give your suggestions a try.  Thank you for your speedy replies!  Even if it works, you both have my vote to split the points.
0
 

Expert Comment

by:FF1337
ID: 12148545
the fast way is boot it with an ntfs dos boot disk, then delete the sam files and reboot.
and u got the administrator password as black
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In today's information driven age, entrepreneurs have so many great tools and options at their disposal to help turn good ideas into a thriving business. With cloud-based online services, such as Amazon's Web Services (AWS) or Microsoft's Azure, bus…
Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question