[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Password

Posted on 2005-04-13
15
Medium Priority
?
356 Views
Last Modified: 2010-04-10
hi ,

One of our users forgot the account password to their machine, is there a way we can find out the password besides resstting it?
i can login as administrator on that machine.

Please advice!

Thanks
0
Comment
Question by:crishna1
  • 4
  • 4
  • 3
  • +3
15 Comments
 

Author Comment

by:crishna1
ID: 13776015
FYI, it is a Windows XP machine.
0
 
LVL 28

Expert Comment

by:mikebernhardt
ID: 13776024
You need to reset it and let them change it. You can't retrieve it.
0
 
LVL 17

Expert Comment

by:ccomley
ID: 13776459
No, you have to reset the password, then you either choose the new one, or you can choose an easy one and set it so the user must change it herself the next time (s)he logs in.

This is to stop people snooping into each other's accounts, even if they have the administrator password.

0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 4

Expert Comment

by:HTorres
ID: 13776486
if by any chance that password is in other programs like network resources, outlook, or something else, try to open those password dialogs, and count number of asterisks... sometimes when that happens to my users i say to them... your password had 6 chars or 4 chars... and they inmediately remember it.

hope my 0.02 cents helps.
0
 

Author Comment

by:crishna1
ID: 13776569
Well he has various services running with that password the reason why we are trying to trace that. Can our Network Admin help?
0
 
LVL 7

Accepted Solution

by:
SoyYop earned 900 total points
ID: 13776586
Well, it's possible to use brute force, and there are some utils to look for it.

You can safely reset the password IF you are not using encription on files. If so, have you set a recovery agent?

Look here:

http://xpcracker.mine.nu/xpcracker

Or here for the complete thread:

http://www.experts-exchange.com/Operating_Systems/WinXP/Q_20348448.html

0
 
LVL 7

Expert Comment

by:SoyYop
ID: 13776610
PD: Don't need to alter your client machine: Is a free web-based service.

Of course, use your hotmail account for sending the data so your client PC is not easily identified ;)
0
 

Author Comment

by:crishna1
ID: 13776622
sorry i did not follow the below , can you please eloberate.

"Of course, use your hotmail account for sending the data so your client PC is not easily identified ;)"

many thanks
0
 
LVL 4

Expert Comment

by:HTorres
ID: 13776732
open any programs with the same password
- outlook explorer
- network connections
>> anyone but xp services passwords, because they are with extra asterisks to hide its real lenght

if you have that password in a program that is an inhouse development, you can ask the developer if he/she can help you. maybe tell you the lenght or first two letters... something.  users remember pwds that way easily.



0
 
LVL 23

Assisted Solution

by:Tim Holman
Tim Holman earned 600 total points
ID: 13776754
If you have admin access, then yes, the password is crackable, but it's a hell of a lot easier just to reset it... and besides, what if this user uses the same password for other things, like Hotmail, his bank account, etc etc ?  It wouldn't be 'safe' for you to decrypt this on his behalf, would it ?  :)

Plenty of ways out -

http://www.google.com/search?sourceid=navclient&ie=UTF-8&rls=DVXA,DVXA:2005-12,DVXA:en&q=windows+xp+password+crack
0
 
LVL 4

Expert Comment

by:HTorres
ID: 13776771
also if the password is stored in a database using mysql with md5 there is a way to crack it.
0
 
LVL 7

Expert Comment

by:SoyYop
ID: 13776821
You can ignore this comment, but here is the explanation.

The service works in the following way:
- It gets the password hash (encripted) from the PC plus verification data and sent it to a web site. So, nothing is changed on your machine.
- Then, a powerfull machine cracks it, probably using dictionary attacs and brute force.
- It verifies it and sends it back by email. Then you "test" the password, no cracks, no installs, no nothing: Just do a login.

Because of security (we can be as paranoic as we want), we "may" think that they may store the password on their servers, or someone could be eyesdropping on the packets (email could be unencripted).
A security specialist would upload the data carefully, giving a mail address from another domain (not yours), so no one could track the account and password back to the pc (well, not easily).

Or we can think "I'm not so paranoic", trust the site, ignore this comments and go ahead.
10 minutes is fast...

Why not to give it a try? Is a commercial site that offers "free" and "commercial" services.

Luck,
0
 

Author Comment

by:crishna1
ID: 13776943
well , like you said , i do not think it is safe to let the outside sources access my machine.
0
 
LVL 28

Expert Comment

by:mikebernhardt
ID: 13777180
You know, if the user is using this password for various services as well as their login and they can't remember it all of a sudden... they deserve to be forced to fix it everywhere.
0
 
LVL 7

Expert Comment

by:SoyYop
ID: 13781484
Can't you create a second account for him and start moving services one by one? Maybe, create an account for the Services, and another for him. And document...
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
In this article, the configuration steps in Zabbix to monitor devices via SNMP will be discussed with some real examples on Cisco Router/Switch, Catalyst Switch, NAS Synology device.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question