Solved

Reset or Bypass the Domain user account log in  to win vista 32bit system

Posted on 2013-01-17
19
1,892 Views
Last Modified: 2013-01-29
Hello All,

1. We had a Domain(Win2k8) environment setup with few workstations(xp/win-vista/win7).
2. So domain users had local administrator rights on their workstations assigned. Unfortunately for some reason we had to bring down the domain environment.But      workstations are still in domain and in use, to avoid any problems related to domain we created local administrator accounts on few machines till we restore the domain server and we missed one machine(Win-Vista32) where user was still logging into that machine with domain account and he quit the job, now the problem is many applications which were configured are profile based and we don't know the password for that domain user account. Since we don't have the domain controller we can't reset the password for that account.

I tried opensource tools which I knew like ophcrack and few windows recovery tools as well, but they only allow me to reset local system accounts not that domain user account which was in use. I googled for the solutions and there are less chances of recovering the password as credentials are saved in cached on system.

Is there any way to get into that domain account. Please let me know if there any solutions.

Thanks a ton!
0
Comment
Question by:xpert_ali
  • 6
  • 5
  • 3
  • +3
19 Comments
 
LVL 19

Accepted Solution

by:
Miguel Angel Perez Muñoz earned 100 total points
ID: 38787600
0
 
LVL 2

Assisted Solution

by:sg08234
sg08234 earned 200 total points
ID: 38787603
Try Nirsoft tools and others (via  WSCC (Windows System Control Center))

Michale
0
 
LVL 16

Assisted Solution

by:R. Andrew Koffron
R. Andrew Koffron earned 100 total points
ID: 38787639
get a copy of Windows Ultimate Boot CD, and use the NTPSWD utility.  just whack the local administrator password, and than access the machine.  
I can't think of  a way to re-open the account without the domain. but you can take ownership of the files in the profile and set permissions to allow a local admin to have full control of them.
0
 
LVL 53

Assisted Solution

by:McKnife
McKnife earned 100 total points
ID: 38789813
Hi.

Get access to that hard drive, that's all you need. If it's not encrypted...
If not, you can use the famous bootdisk http://pogostick.net/~pnh/ntpasswd/ to blank the local admin's password and also enable/unlock that administrator account - afterwards use it to logon to access the files and settings of the absent domain user. If that does not work, hook that drive to another computer - everything is accessible, file-wise. That means, all settings as well. If they are in .ini files, they are easy to retrieve. If inside the registry, you need to mount that persons personal regfile (regedit ->load hive ->c:\users\thatveryuser\ntuser.dat). No problem.

If you need help, come back.
0
 

Author Comment

by:xpert_ali
ID: 38796358
Hello..Dear xperts :)

Drashiel - I know there are lot of paid soft wares available and the link you shared is paid software so I can't afford that much amount for now. Thanks for suggestion!

sg08234 -> I will give a try and let you know. Thanks!

Harel66 -> I have access to the system via local administrator account and I can take the ownership or the files as well, the thing is there are few applications/software's are configured which are profile based. So I want to log in with that domain user account. Thanks for your suggestion!

McKnife
-> I will give a try and let you know. Thanks!

Will get back to you once I try the suggestion above mentioned.
0
 
LVL 16

Expert Comment

by:R. Andrew Koffron
ID: 38797151
have you called the guy and asked nicely? maybe offer him a couple starbucks cards :)
0
 
LVL 2

Assisted Solution

by:sg08234
sg08234 earned 200 total points
ID: 38797690
WSCC: Searching for "password" shows you all password revocery tools included (about 10).

Good luck!
0
 

Author Comment

by:xpert_ali
ID: 38798368
Hello..

@sg08234 -> I tried WSCC (Windows System Control Center), but didn't help me reset/login to domain account, though its kind of helpful software.

@McKnife -> Offline NT Password and Registry Editor only helps to change local system password. I am looking for domain cached password or by pass the login itself

Issue still remains the same. Any other suggestions please. Thanks!
0
 
LVL 53

Expert Comment

by:McKnife
ID: 38798380
xpert_ali, please rethink your strategy. There is no need to somehow reactivate that account. All settings are accessible as long as you can access the drive. Program settings are in the registry - you can access the registry hive of that user, that's all you need. I described how to mount his registry branch and when mounted, settings can be exported or read out.
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 

Author Comment

by:xpert_ali
ID: 38798414
@McKnife

Roger! Then help me with the steps where I can use local account with the that domain user profile settings exactly. I would give a try if that helps in any way. Thanks!
0
 
LVL 16

Expert Comment

by:R. Andrew Koffron
ID: 38798680
There's a tool that might help but it's sort of pricey.
http://www.passcape.com/windows_passwords_recovery
0
 
LVL 53

Expert Comment

by:McKnife
ID: 38799209
I provided the steps already, maybe they sounded too easy? What step didn't you get?
0
 
LVL 16

Expert Comment

by:R. Andrew Koffron
ID: 38799258
@xpert_ali - TO expand a little on McKnife's suggestion (or what I think he's suggesting)

typically there'll be a registry hive for each user, so....
if you open the registry with regedit.
and find the user hive for the user in question.
in the software section there'll be a section for the software in question.  
you should be able to export the section for the specific software.
than import it to a different users.
I think you'd have to do a search and replace on the section with the userID to a new userID in the text (.reg) file and than load it to another user ID.
It might work, depending on how the Application is made, but be warned!!!
messing with the registry could easily turn your system into a paperweight.

If you don't really understand what we're(@mcKnife, please correct me if I'm not following your train of thought) suggesting, just don't try it, unless your ready to format and install the machine clean.
0
 

Author Comment

by:xpert_ali
ID: 38800721
@Harel66

As of now I will wait for the new user to check for the files whatever required for now and see whether it is a high priority to by pass the log in or we can go for re installation of applications in different profile.

Thanks Dude! ;)
0
 
LVL 42

Expert Comment

by:Jackie Man
ID: 38804315
Agreed.

Actually, I am confused with what you have described. Normally, we use the domain admin account to install software, not a normal domain user and you can still use the domain admin account to re-install the applications to other users not included in the initial setup of the PC.

Unless, the guy who left your company is the domain admin and it is very likely that you can forget about the user profile for the guy.
0
 
LVL 16

Expert Comment

by:R. Andrew Koffron
ID: 38805495
@jackieman, he said in the beginning, the Active directory is no longer available.  However the specific account, had software installed that was User specific.  

If the domain, or domain admin was available this would be as simple as changing the user ID's password.

SO without an AD to authenticate against, the domain account "should" remain intact as long as it has a cached copy of the last user-password the profile used to access the domain.  and Hence the application would work, in theory under the profile. Unless the application runs on windows integrated authentication, that would probably not work on cached credentials.

so the first thing everyone probably thinks is "Doh, fix the domain!!!" but things happen and the question is "how to access/repair the functionality of the machine in question without the Domain"

Drashiel, put in the best link in the first response(in my opinion), I've used passcape in previous versions of windows to reset accounts. so "think" it'd work.

McKnife, followed up with Brief description of how to work around the issue. that should have been enough for someone qualified to do the job, and at least point them in the directions to look up the specifics.

@ xpert_ali in my opinion if you're just going to sit and wait on this. probably best to close it and split the points primarily to Drashiel and McKnife.

PS @xpert_ali, you might also try and blank the account password instead of recover it (of course this runs the risk of ruining the account also).  I remember reading once in the midst of trying to learn how to break into an account "null is always null", and when working in the encrypted password stuff, it's about 10x more likely to work as a blank password.  While I don't think a blank password would work on a connected account it just might work on the cached password.
0
 
LVL 42

Expert Comment

by:Jackie Man
ID: 38825857
@Harel66

domain users had local administrator rights on their workstations assigned <- it should be the domain administrator logon to the workstation and assign the local admin rights to the local user... So, the password of the domain administrator should have been cached in the workstation. Despite the fact that the AD is down, the domain admin should be still able to logon to the workstation and change the password of the local admin.

Correct me if I am wrong.
0
 
LVL 16

Expert Comment

by:R. Andrew Koffron
ID: 38826687
@jackieman really wouldn't make any difference if the domain admin did have a cached password it would not be able to access the user and computer interface to the AD to change anything, since domain changes happen on an AD, I am nearly certain that "IF" you managed to effect the the cached domain password of the user, regardless of the Local admin status, all you'd accomplish is increasing the chance the user profile was rendered useless because the AD is no longer accessible to authenticate against.  (not that it would make the practical effect much worse).
basically the domain accounts on a workstation are crippled, without the AD, they'll only work with the last password used to successfully log into the domain.  anything that changes the cached password is MUCH more likely to just break the local link to the cached password and start the "no logon servers available for the domain Xyz.local" type issues than to make it work.

you could easily test this by grabbing a domain workstation, and moving it into a network with no connection to any of the ADs and trying to reset an account's password.
0
 

Author Closing Comment

by:xpert_ali
ID: 38830736
So , we ended up recovering required files from the domain profile and many things which were not important or things weren't worth spending money.

But still curious if we have any open source tools to recover the cached password in these kind of situation.

Anyways, Thank you all for your suggestions/solutions and keep up the good work and keep sharing any technical stuff which are worth. :)


Regards,
Xpert_Ali

"I have no special talent. I am only passionately curious."  - Albert Einstein
0

Featured Post

Will my email signature work in Office 365?

You've built an email signature using raw HTML code in Office 365, but you can't review how it looks with Transport Rules. So you have to test it over and over again before it can be used. Isn't this a bit of a waste of your time? Wouldn't a WYSIWYG editor make it a lot easier?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is an article about Leadership and accepting and adapting to new challenges. It focuses mostly on upgrading to Windows 10.
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now