Solved

Reset or Bypass the Domain user account log in  to win vista 32bit system

Posted on 2013-01-17
19
1,956 Views
Last Modified: 2013-01-29
Hello All,

1. We had a Domain(Win2k8) environment setup with few workstations(xp/win-vista/win7).
2. So domain users had local administrator rights on their workstations assigned. Unfortunately for some reason we had to bring down the domain environment.But      workstations are still in domain and in use, to avoid any problems related to domain we created local administrator accounts on few machines till we restore the domain server and we missed one machine(Win-Vista32) where user was still logging into that machine with domain account and he quit the job, now the problem is many applications which were configured are profile based and we don't know the password for that domain user account. Since we don't have the domain controller we can't reset the password for that account.

I tried opensource tools which I knew like ophcrack and few windows recovery tools as well, but they only allow me to reset local system accounts not that domain user account which was in use. I googled for the solutions and there are less chances of recovering the password as credentials are saved in cached on system.

Is there any way to get into that domain account. Please let me know if there any solutions.

Thanks a ton!
0
Comment
Question by:xpert_ali
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
  • 3
  • +3
19 Comments
 
LVL 19

Accepted Solution

by:
Miguel Angel Perez Muñoz earned 100 total points
ID: 38787600
0
 
LVL 2

Assisted Solution

by:sg08234
sg08234 earned 200 total points
ID: 38787603
Try Nirsoft tools and others (via  WSCC (Windows System Control Center))

Michale
0
 
LVL 16

Assisted Solution

by:R. Andrew Koffron
R. Andrew Koffron earned 100 total points
ID: 38787639
get a copy of Windows Ultimate Boot CD, and use the NTPSWD utility.  just whack the local administrator password, and than access the machine.  
I can't think of  a way to re-open the account without the domain. but you can take ownership of the files in the profile and set permissions to allow a local admin to have full control of them.
0
Don't Cry: How Liquid Web is Ensuring Security

WannaCry is just the start. Read how Liquid Web is protecting itself and its customers against new threats.

 
LVL 55

Assisted Solution

by:McKnife
McKnife earned 100 total points
ID: 38789813
Hi.

Get access to that hard drive, that's all you need. If it's not encrypted...
If not, you can use the famous bootdisk http://pogostick.net/~pnh/ntpasswd/ to blank the local admin's password and also enable/unlock that administrator account - afterwards use it to logon to access the files and settings of the absent domain user. If that does not work, hook that drive to another computer - everything is accessible, file-wise. That means, all settings as well. If they are in .ini files, they are easy to retrieve. If inside the registry, you need to mount that persons personal regfile (regedit ->load hive ->c:\users\thatveryuser\ntuser.dat). No problem.

If you need help, come back.
0
 

Author Comment

by:xpert_ali
ID: 38796358
Hello..Dear xperts :)

Drashiel - I know there are lot of paid soft wares available and the link you shared is paid software so I can't afford that much amount for now. Thanks for suggestion!

sg08234 -> I will give a try and let you know. Thanks!

Harel66 -> I have access to the system via local administrator account and I can take the ownership or the files as well, the thing is there are few applications/software's are configured which are profile based. So I want to log in with that domain user account. Thanks for your suggestion!

McKnife
-> I will give a try and let you know. Thanks!

Will get back to you once I try the suggestion above mentioned.
0
 
LVL 16

Expert Comment

by:R. Andrew Koffron
ID: 38797151
have you called the guy and asked nicely? maybe offer him a couple starbucks cards :)
0
 
LVL 2

Assisted Solution

by:sg08234
sg08234 earned 200 total points
ID: 38797690
WSCC: Searching for "password" shows you all password revocery tools included (about 10).

Good luck!
0
 

Author Comment

by:xpert_ali
ID: 38798368
Hello..

@sg08234 -> I tried WSCC (Windows System Control Center), but didn't help me reset/login to domain account, though its kind of helpful software.

@McKnife -> Offline NT Password and Registry Editor only helps to change local system password. I am looking for domain cached password or by pass the login itself

Issue still remains the same. Any other suggestions please. Thanks!
0
 
LVL 55

Expert Comment

by:McKnife
ID: 38798380
xpert_ali, please rethink your strategy. There is no need to somehow reactivate that account. All settings are accessible as long as you can access the drive. Program settings are in the registry - you can access the registry hive of that user, that's all you need. I described how to mount his registry branch and when mounted, settings can be exported or read out.
0
 

Author Comment

by:xpert_ali
ID: 38798414
@McKnife

Roger! Then help me with the steps where I can use local account with the that domain user profile settings exactly. I would give a try if that helps in any way. Thanks!
0
 
LVL 16

Expert Comment

by:R. Andrew Koffron
ID: 38798680
There's a tool that might help but it's sort of pricey.
http://www.passcape.com/windows_passwords_recovery
0
 
LVL 55

Expert Comment

by:McKnife
ID: 38799209
I provided the steps already, maybe they sounded too easy? What step didn't you get?
0
 
LVL 16

Expert Comment

by:R. Andrew Koffron
ID: 38799258
@xpert_ali - TO expand a little on McKnife's suggestion (or what I think he's suggesting)

typically there'll be a registry hive for each user, so....
if you open the registry with regedit.
and find the user hive for the user in question.
in the software section there'll be a section for the software in question.  
you should be able to export the section for the specific software.
than import it to a different users.
I think you'd have to do a search and replace on the section with the userID to a new userID in the text (.reg) file and than load it to another user ID.
It might work, depending on how the Application is made, but be warned!!!
messing with the registry could easily turn your system into a paperweight.

If you don't really understand what we're(@mcKnife, please correct me if I'm not following your train of thought) suggesting, just don't try it, unless your ready to format and install the machine clean.
0
 

Author Comment

by:xpert_ali
ID: 38800721
@Harel66

As of now I will wait for the new user to check for the files whatever required for now and see whether it is a high priority to by pass the log in or we can go for re installation of applications in different profile.

Thanks Dude! ;)
0
 
LVL 47

Expert Comment

by:Jackie Man
ID: 38804315
Agreed.

Actually, I am confused with what you have described. Normally, we use the domain admin account to install software, not a normal domain user and you can still use the domain admin account to re-install the applications to other users not included in the initial setup of the PC.

Unless, the guy who left your company is the domain admin and it is very likely that you can forget about the user profile for the guy.
0
 
LVL 16

Expert Comment

by:R. Andrew Koffron
ID: 38805495
@jackieman, he said in the beginning, the Active directory is no longer available.  However the specific account, had software installed that was User specific.  

If the domain, or domain admin was available this would be as simple as changing the user ID's password.

SO without an AD to authenticate against, the domain account "should" remain intact as long as it has a cached copy of the last user-password the profile used to access the domain.  and Hence the application would work, in theory under the profile. Unless the application runs on windows integrated authentication, that would probably not work on cached credentials.

so the first thing everyone probably thinks is "Doh, fix the domain!!!" but things happen and the question is "how to access/repair the functionality of the machine in question without the Domain"

Drashiel, put in the best link in the first response(in my opinion), I've used passcape in previous versions of windows to reset accounts. so "think" it'd work.

McKnife, followed up with Brief description of how to work around the issue. that should have been enough for someone qualified to do the job, and at least point them in the directions to look up the specifics.

@ xpert_ali in my opinion if you're just going to sit and wait on this. probably best to close it and split the points primarily to Drashiel and McKnife.

PS @xpert_ali, you might also try and blank the account password instead of recover it (of course this runs the risk of ruining the account also).  I remember reading once in the midst of trying to learn how to break into an account "null is always null", and when working in the encrypted password stuff, it's about 10x more likely to work as a blank password.  While I don't think a blank password would work on a connected account it just might work on the cached password.
0
 
LVL 47

Expert Comment

by:Jackie Man
ID: 38825857
@Harel66

domain users had local administrator rights on their workstations assigned <- it should be the domain administrator logon to the workstation and assign the local admin rights to the local user... So, the password of the domain administrator should have been cached in the workstation. Despite the fact that the AD is down, the domain admin should be still able to logon to the workstation and change the password of the local admin.

Correct me if I am wrong.
0
 
LVL 16

Expert Comment

by:R. Andrew Koffron
ID: 38826687
@jackieman really wouldn't make any difference if the domain admin did have a cached password it would not be able to access the user and computer interface to the AD to change anything, since domain changes happen on an AD, I am nearly certain that "IF" you managed to effect the the cached domain password of the user, regardless of the Local admin status, all you'd accomplish is increasing the chance the user profile was rendered useless because the AD is no longer accessible to authenticate against.  (not that it would make the practical effect much worse).
basically the domain accounts on a workstation are crippled, without the AD, they'll only work with the last password used to successfully log into the domain.  anything that changes the cached password is MUCH more likely to just break the local link to the cached password and start the "no logon servers available for the domain Xyz.local" type issues than to make it work.

you could easily test this by grabbing a domain workstation, and moving it into a network with no connection to any of the ADs and trying to reset an account's password.
0
 

Author Closing Comment

by:xpert_ali
ID: 38830736
So , we ended up recovering required files from the domain profile and many things which were not important or things weren't worth spending money.

But still curious if we have any open source tools to recover the cached password in these kind of situation.

Anyways, Thank you all for your suggestions/solutions and keep up the good work and keep sharing any technical stuff which are worth. :)


Regards,
Xpert_Ali

"I have no special talent. I am only passionately curious."  - Albert Einstein
0

Featured Post

Salesforce Has Never Been Easier

Improve and reinforce salesforce training & adoption using WalkMe's digital adoption platform. Start saving on costly employee training by creating fast intuitive Walk-Thrus for Salesforce. Claim your Free Account Now

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Windows functions GetTickCount and timeGetTime retrieve the number of milliseconds since the system was started. However, the value is stored in a DWORD, which means that it wraps around to zero every 49.7 days. This article shows how to solve t…
This article helps those who get the 0xc004d307 error when trying to rearm (reset the license) Office 2013 in a Virtual Desktop Infrastructure (VDI) and/or those trying to prep the master image for Microsoft Key Management (KMS) activation. (i.e.- C…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…
Suggested Courses

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question