Need help with a password recovery issue

Posted on 2006-06-06
Last Modified: 2010-04-13
We have a Windows 2000 server with a user profile in which we do not know the password. This user is no longer employed with us and before they left there was supposed to be a verification that we had the correct password. Unfortunately this verification was faulty and it was incorrectly determined we had the password.    The problem comes with the users workstation.  The password is the same for local workstation as it is for the server.  If we reset the server password, we will be locked out of the box.  There are also likely some critical files in the users secure folder on the local workstation.

So, what we really need to do is find out what the user's password is on the server so that we can then use that same password to logon to the users workstation to recover the files.  We of course have all the administrator logons and passwords on the server. It's just a regular user account we need the password for

What are our options?

Thanks in advance!
Question by:bizcrown101

    Author Comment

    One more thing... This is just a member server. It is not set up with active directory/domain.
    LVL 17

    Expert Comment

    If you have the domain admin username/password or the pc's local admin password, login using a different account on the pc.Then login as domain admin on another pc, at start run type \\pcname\c$ and you should have access to the box.
    LVL 20

    Expert Comment

    Can't you just logon to the server with an admin account and reset the user's account password? Or am I missing something
    Deb :)
    LVL 87

    Expert Comment

    Get a copy of the UBCD, and boot the PC with it. It includes a utility whichh allows you to change local passwords with blanks or those of your choice.
    LVL 7

    Accepted Solution

    There are many ways to solve this issue -
    1) Remove the HD from the user's computer and connect it as a secondary HD on your own computer, then access the drive from your OS, rather than boot it. This will allow you to bypass any security settings on the drive (if you get any "access is denied" messages, simply take ownership over the file/folder and give yourself permission, you should be able to do that if you're an administrator on your own machine), as long as the user didn't use the NTFS encryption feature.
    2) If the computer is joined into a domain on which you have domain-admin privileges, you can simply use the domain admin user to access the computer.
    3) Use a boot-cd like: Hiren's Boot CD or Emergency Boot CD, which include utilities that allow you to reset the administrator password and get access to the machine. Again, do this only if the user did NOT use the NTFS encryption feature. WARNING! IF THE USER HAS ANY FILES ENCRYPTED AND YOU RESET THE ADMINISTRATOR PASSWORD YOU WILL NOT BE ABLE TO ACCESS THE ENCRYPTED FILES EVER AGAIN!
    4) Use a password auditing tool to recover the old password. This method takes usually several hours but if the password is very complex might as well take up to a month. This method is by far the slowest but it is the ONLY way to get access to NTFS encrypted files - there are no magic solutions here. To do this, connect the HD to your own PC (like in method #1). If you determine that there are indeed encrypted files/folders, copy these two files from the remote HD: \WINNT\system32\config\Sam and \WINNT\system32\config\System. Use a password audit tool to recover the password. A short list of password recovery programs:
    SamInside -
    LCP -
    @stake LC5 (formerly known as L0pht Crack)
    The fastest one is @stake LC5 but a) it's not free and b) it cannot decrypt the additional "syskey" encryption, so if you decide to use it, first load the sam file into SamInside then export the hashes as pwdump, which can be loaded to LC5.

    Author Comment

    Thanks everyone for the help!  

    Deb, the problem is/was the local account on the PC. Reseting the server password would not affect the local computer.

    BTW, I've moved the harddrive to another computer and that solved my problem.

    LVL 17

    Expert Comment

    Hi bizcrown101,

    For what it's worth, you can also use this tool :,fid,62604,tk,hsxdwn,00.asp

    The secrets will come in handy in this type of event.

    Glad you fixed the issue.


    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Join & Write a Comment

    Suggested Solutions

    NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
    Digital marketing agencies have encountered both the opportunities and difficulties that emerge from working with a wide-ranging organizations.
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
    Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now