Reset or Bypass the Domain user account log in to win vista 32bit system
Hello All,
1. We had a Domain(Win2k8) environment setup with few workstations(xp/win-vista/
2. So domain users had local administrator rights on their workstations assigned. Unfortunately for some reason we had to bring down the domain environment.But workstations are still in domain and in use, to avoid any problems related to domain we created local administrator accounts on few machines till we restore the domain server and we missed one machine(Win-Vista32) where user was still logging into that machine with domain account and he quit the job, now the problem is many applications which were configured are profile based and we don't know the password for that domain user account. Since we don't have the domain controller we can't reset the password for that account.
I tried opensource tools which I knew like ophcrack and few windows recovery tools as well, but they only allow me to reset local system accounts not that domain user account which was in use. I googled for the solutions and there are less chances of recovering the password as credentials are saved in cached on system.
Is there any way to get into that domain account. Please let me know if there any solutions.
Thanks a ton!
1. We had a Domain(Win2k8) environment setup with few workstations(xp/win-vista/
2. So domain users had local administrator rights on their workstations assigned. Unfortunately for some reason we had to bring down the domain environment.But workstations are still in domain and in use, to avoid any problems related to domain we created local administrator accounts on few machines till we restore the domain server and we missed one machine(Win-Vista32) where user was still logging into that machine with domain account and he quit the job, now the problem is many applications which were configured are profile based and we don't know the password for that domain user account. Since we don't have the domain controller we can't reset the password for that account.
I tried opensource tools which I knew like ophcrack and few windows recovery tools as well, but they only allow me to reset local system accounts not that domain user account which was in use. I googled for the solutions and there are less chances of recovering the password as credentials are saved in cached on system.
Is there any way to get into that domain account. Please let me know if there any solutions.
Thanks a ton!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
have you called the guy and asked nicely? maybe offer him a couple starbucks cards :)
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hello..
@sg08234 -> I tried WSCC (Windows System Control Center), but didn't help me reset/login to domain account, though its kind of helpful software.
@McKnife -> Offline NT Password and Registry Editor only helps to change local system password. I am looking for domain cached password or by pass the login itself
Issue still remains the same. Any other suggestions please. Thanks!
@sg08234 -> I tried WSCC (Windows System Control Center), but didn't help me reset/login to domain account, though its kind of helpful software.
@McKnife -> Offline NT Password and Registry Editor only helps to change local system password. I am looking for domain cached password or by pass the login itself
Issue still remains the same. Any other suggestions please. Thanks!
xpert_ali, please rethink your strategy. There is no need to somehow reactivate that account. All settings are accessible as long as you can access the drive. Program settings are in the registry - you can access the registry hive of that user, that's all you need. I described how to mount his registry branch and when mounted, settings can be exported or read out.
ASKER
@McKnife
Roger! Then help me with the steps where I can use local account with the that domain user profile settings exactly. I would give a try if that helps in any way. Thanks!
Roger! Then help me with the steps where I can use local account with the that domain user profile settings exactly. I would give a try if that helps in any way. Thanks!
There's a tool that might help but it's sort of pricey.
http://www.passcape.com/windows_passwords_recovery
http://www.passcape.com/windows_passwords_recovery
I provided the steps already, maybe they sounded too easy? What step didn't you get?
@xpert_ali - TO expand a little on McKnife's suggestion (or what I think he's suggesting)
typically there'll be a registry hive for each user, so....
if you open the registry with regedit.
and find the user hive for the user in question.
in the software section there'll be a section for the software in question.
you should be able to export the section for the specific software.
than import it to a different users.
I think you'd have to do a search and replace on the section with the userID to a new userID in the text (.reg) file and than load it to another user ID.
It might work, depending on how the Application is made, but be warned!!!
messing with the registry could easily turn your system into a paperweight.
If you don't really understand what we're(@mcKnife, please correct me if I'm not following your train of thought) suggesting, just don't try it, unless your ready to format and install the machine clean.
typically there'll be a registry hive for each user, so....
if you open the registry with regedit.
and find the user hive for the user in question.
in the software section there'll be a section for the software in question.
you should be able to export the section for the specific software.
than import it to a different users.
I think you'd have to do a search and replace on the section with the userID to a new userID in the text (.reg) file and than load it to another user ID.
It might work, depending on how the Application is made, but be warned!!!
messing with the registry could easily turn your system into a paperweight.
If you don't really understand what we're(@mcKnife, please correct me if I'm not following your train of thought) suggesting, just don't try it, unless your ready to format and install the machine clean.
ASKER
@Harel66
As of now I will wait for the new user to check for the files whatever required for now and see whether it is a high priority to by pass the log in or we can go for re installation of applications in different profile.
Thanks Dude! ;)
As of now I will wait for the new user to check for the files whatever required for now and see whether it is a high priority to by pass the log in or we can go for re installation of applications in different profile.
Thanks Dude! ;)
Agreed.
Actually, I am confused with what you have described. Normally, we use the domain admin account to install software, not a normal domain user and you can still use the domain admin account to re-install the applications to other users not included in the initial setup of the PC.
Unless, the guy who left your company is the domain admin and it is very likely that you can forget about the user profile for the guy.
Actually, I am confused with what you have described. Normally, we use the domain admin account to install software, not a normal domain user and you can still use the domain admin account to re-install the applications to other users not included in the initial setup of the PC.
Unless, the guy who left your company is the domain admin and it is very likely that you can forget about the user profile for the guy.
@jackieman, he said in the beginning, the Active directory is no longer available. However the specific account, had software installed that was User specific.
If the domain, or domain admin was available this would be as simple as changing the user ID's password.
SO without an AD to authenticate against, the domain account "should" remain intact as long as it has a cached copy of the last user-password the profile used to access the domain. and Hence the application would work, in theory under the profile. Unless the application runs on windows integrated authentication, that would probably not work on cached credentials.
so the first thing everyone probably thinks is "Doh, fix the domain!!!" but things happen and the question is "how to access/repair the functionality of the machine in question without the Domain"
Drashiel, put in the best link in the first response(in my opinion), I've used passcape in previous versions of windows to reset accounts. so "think" it'd work.
McKnife, followed up with Brief description of how to work around the issue. that should have been enough for someone qualified to do the job, and at least point them in the directions to look up the specifics.
@ xpert_ali in my opinion if you're just going to sit and wait on this. probably best to close it and split the points primarily to Drashiel and McKnife.
PS @xpert_ali, you might also try and blank the account password instead of recover it (of course this runs the risk of ruining the account also). I remember reading once in the midst of trying to learn how to break into an account "null is always null", and when working in the encrypted password stuff, it's about 10x more likely to work as a blank password. While I don't think a blank password would work on a connected account it just might work on the cached password.
If the domain, or domain admin was available this would be as simple as changing the user ID's password.
SO without an AD to authenticate against, the domain account "should" remain intact as long as it has a cached copy of the last user-password the profile used to access the domain. and Hence the application would work, in theory under the profile. Unless the application runs on windows integrated authentication, that would probably not work on cached credentials.
so the first thing everyone probably thinks is "Doh, fix the domain!!!" but things happen and the question is "how to access/repair the functionality of the machine in question without the Domain"
Drashiel, put in the best link in the first response(in my opinion), I've used passcape in previous versions of windows to reset accounts. so "think" it'd work.
McKnife, followed up with Brief description of how to work around the issue. that should have been enough for someone qualified to do the job, and at least point them in the directions to look up the specifics.
@ xpert_ali in my opinion if you're just going to sit and wait on this. probably best to close it and split the points primarily to Drashiel and McKnife.
PS @xpert_ali, you might also try and blank the account password instead of recover it (of course this runs the risk of ruining the account also). I remember reading once in the midst of trying to learn how to break into an account "null is always null", and when working in the encrypted password stuff, it's about 10x more likely to work as a blank password. While I don't think a blank password would work on a connected account it just might work on the cached password.
@Harel66
domain users had local administrator rights on their workstations assigned <- it should be the domain administrator logon to the workstation and assign the local admin rights to the local user... So, the password of the domain administrator should have been cached in the workstation. Despite the fact that the AD is down, the domain admin should be still able to logon to the workstation and change the password of the local admin.
Correct me if I am wrong.
domain users had local administrator rights on their workstations assigned <- it should be the domain administrator logon to the workstation and assign the local admin rights to the local user... So, the password of the domain administrator should have been cached in the workstation. Despite the fact that the AD is down, the domain admin should be still able to logon to the workstation and change the password of the local admin.
Correct me if I am wrong.
@jackieman really wouldn't make any difference if the domain admin did have a cached password it would not be able to access the user and computer interface to the AD to change anything, since domain changes happen on an AD, I am nearly certain that "IF" you managed to effect the the cached domain password of the user, regardless of the Local admin status, all you'd accomplish is increasing the chance the user profile was rendered useless because the AD is no longer accessible to authenticate against. (not that it would make the practical effect much worse).
basically the domain accounts on a workstation are crippled, without the AD, they'll only work with the last password used to successfully log into the domain. anything that changes the cached password is MUCH more likely to just break the local link to the cached password and start the "no logon servers available for the domain Xyz.local" type issues than to make it work.
you could easily test this by grabbing a domain workstation, and moving it into a network with no connection to any of the ADs and trying to reset an account's password.
basically the domain accounts on a workstation are crippled, without the AD, they'll only work with the last password used to successfully log into the domain. anything that changes the cached password is MUCH more likely to just break the local link to the cached password and start the "no logon servers available for the domain Xyz.local" type issues than to make it work.
you could easily test this by grabbing a domain workstation, and moving it into a network with no connection to any of the ADs and trying to reset an account's password.
ASKER
So , we ended up recovering required files from the domain profile and many things which were not important or things weren't worth spending money.
But still curious if we have any open source tools to recover the cached password in these kind of situation.
Anyways, Thank you all for your suggestions/solutions and keep up the good work and keep sharing any technical stuff which are worth. :)
Regards,
Xpert_Ali
"I have no special talent. I am only passionately curious." - Albert Einstein
But still curious if we have any open source tools to recover the cached password in these kind of situation.
Anyways, Thank you all for your suggestions/solutions and keep up the good work and keep sharing any technical stuff which are worth. :)
Regards,
Xpert_Ali
"I have no special talent. I am only passionately curious." - Albert Einstein
ASKER
Drashiel - I know there are lot of paid soft wares available and the link you shared is paid software so I can't afford that much amount for now. Thanks for suggestion!
sg08234 -> I will give a try and let you know. Thanks!
Harel66 -> I have access to the system via local administrator account and I can take the ownership or the files as well, the thing is there are few applications/software's are configured which are profile based. So I want to log in with that domain user account. Thanks for your suggestion!
McKnife -> I will give a try and let you know. Thanks!
Will get back to you once I try the suggestion above mentioned.