Need help with a password recovery issue

We have a Windows 2000 server with a user profile in which we do not know the password. This user is no longer employed with us and before they left there was supposed to be a verification that we had the correct password. Unfortunately this verification was faulty and it was incorrectly determined we had the password.    The problem comes with the users workstation.  The password is the same for local workstation as it is for the server.  If we reset the server password, we will be locked out of the box.  There are also likely some critical files in the users secure folder on the local workstation.

So, what we really need to do is find out what the user's password is on the server so that we can then use that same password to logon to the users workstation to recover the files.  We of course have all the administrator logons and passwords on the server. It's just a regular user account we need the password for

What are our options?

Thanks in advance!
Who is Participating?
There are many ways to solve this issue -
1) Remove the HD from the user's computer and connect it as a secondary HD on your own computer, then access the drive from your OS, rather than boot it. This will allow you to bypass any security settings on the drive (if you get any "access is denied" messages, simply take ownership over the file/folder and give yourself permission, you should be able to do that if you're an administrator on your own machine), as long as the user didn't use the NTFS encryption feature.
2) If the computer is joined into a domain on which you have domain-admin privileges, you can simply use the domain admin user to access the computer.
3) Use a boot-cd like: Hiren's Boot CD or Emergency Boot CD, which include utilities that allow you to reset the administrator password and get access to the machine. Again, do this only if the user did NOT use the NTFS encryption feature. WARNING! IF THE USER HAS ANY FILES ENCRYPTED AND YOU RESET THE ADMINISTRATOR PASSWORD YOU WILL NOT BE ABLE TO ACCESS THE ENCRYPTED FILES EVER AGAIN!
4) Use a password auditing tool to recover the old password. This method takes usually several hours but if the password is very complex might as well take up to a month. This method is by far the slowest but it is the ONLY way to get access to NTFS encrypted files - there are no magic solutions here. To do this, connect the HD to your own PC (like in method #1). If you determine that there are indeed encrypted files/folders, copy these two files from the remote HD: \WINNT\system32\config\Sam and \WINNT\system32\config\System. Use a password audit tool to recover the password. A short list of password recovery programs:
SamInside -
@stake LC5 (formerly known as L0pht Crack)
The fastest one is @stake LC5 but a) it's not free and b) it cannot decrypt the additional "syskey" encryption, so if you decide to use it, first load the sam file into SamInside then export the hashes as pwdump, which can be loaded to LC5.
bizcrown101Author Commented:
One more thing... This is just a member server. It is not set up with active directory/domain.
If you have the domain admin username/password or the pc's local admin password, login using a different account on the pc.Then login as domain admin on another pc, at start run type \\pcname\c$ and you should have access to the box.
Cloud Class® Course: CompTIA Healthcare IT Tech

This course will help prep you to earn the CompTIA Healthcare IT Technician certification showing that you have the knowledge and skills needed to succeed in installing, managing, and troubleshooting IT systems in medical and clinical settings.

Can't you just logon to the server with an admin account and reset the user's account password? Or am I missing something
Deb :)
Get a copy of the UBCD, and boot the PC with it. It includes a utility whichh allows you to change local passwords with blanks or those of your choice.
bizcrown101Author Commented:
Thanks everyone for the help!  

Deb, the problem is/was the local account on the PC. Reseting the server password would not affect the local computer.

BTW, I've moved the harddrive to another computer and that solved my problem.

Hi bizcrown101,

For what it's worth, you can also use this tool :,fid,62604,tk,hsxdwn,00.asp 

The secrets will come in handy in this type of event.

Glad you fixed the issue.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.