Solved

Reset or Bypass the Domain user account log in  to win vista 32bit system

Posted on 2013-01-17
19
1,880 Views
Last Modified: 2013-01-29
Hello All,

1. We had a Domain(Win2k8) environment setup with few workstations(xp/win-vista/win7).
2. So domain users had local administrator rights on their workstations assigned. Unfortunately for some reason we had to bring down the domain environment.But      workstations are still in domain and in use, to avoid any problems related to domain we created local administrator accounts on few machines till we restore the domain server and we missed one machine(Win-Vista32) where user was still logging into that machine with domain account and he quit the job, now the problem is many applications which were configured are profile based and we don't know the password for that domain user account. Since we don't have the domain controller we can't reset the password for that account.

I tried opensource tools which I knew like ophcrack and few windows recovery tools as well, but they only allow me to reset local system accounts not that domain user account which was in use. I googled for the solutions and there are less chances of recovering the password as credentials are saved in cached on system.

Is there any way to get into that domain account. Please let me know if there any solutions.

Thanks a ton!
0
Comment
Question by:xpert_ali
  • 6
  • 5
  • 3
  • +3
19 Comments
 
LVL 19

Accepted Solution

by:
Miguel Angel Perez Muñoz earned 100 total points
ID: 38787600
0
 
LVL 2

Assisted Solution

by:sg08234
sg08234 earned 200 total points
ID: 38787603
Try Nirsoft tools and others (via  WSCC (Windows System Control Center))

Michale
0
 
LVL 16

Assisted Solution

by:R. Andrew Koffron
R. Andrew Koffron earned 100 total points
ID: 38787639
get a copy of Windows Ultimate Boot CD, and use the NTPSWD utility.  just whack the local administrator password, and than access the machine.  
I can't think of  a way to re-open the account without the domain. but you can take ownership of the files in the profile and set permissions to allow a local admin to have full control of them.
0
 
LVL 53

Assisted Solution

by:McKnife
McKnife earned 100 total points
ID: 38789813
Hi.

Get access to that hard drive, that's all you need. If it's not encrypted...
If not, you can use the famous bootdisk http://pogostick.net/~pnh/ntpasswd/ to blank the local admin's password and also enable/unlock that administrator account - afterwards use it to logon to access the files and settings of the absent domain user. If that does not work, hook that drive to another computer - everything is accessible, file-wise. That means, all settings as well. If they are in .ini files, they are easy to retrieve. If inside the registry, you need to mount that persons personal regfile (regedit ->load hive ->c:\users\thatveryuser\ntuser.dat). No problem.

If you need help, come back.
0
 

Author Comment

by:xpert_ali
ID: 38796358
Hello..Dear xperts :)

Drashiel - I know there are lot of paid soft wares available and the link you shared is paid software so I can't afford that much amount for now. Thanks for suggestion!

sg08234 -> I will give a try and let you know. Thanks!

Harel66 -> I have access to the system via local administrator account and I can take the ownership or the files as well, the thing is there are few applications/software's are configured which are profile based. So I want to log in with that domain user account. Thanks for your suggestion!

McKnife
-> I will give a try and let you know. Thanks!

Will get back to you once I try the suggestion above mentioned.
0
 
LVL 16

Expert Comment

by:R. Andrew Koffron
ID: 38797151
have you called the guy and asked nicely? maybe offer him a couple starbucks cards :)
0
 
LVL 2

Assisted Solution

by:sg08234
sg08234 earned 200 total points
ID: 38797690
WSCC: Searching for "password" shows you all password revocery tools included (about 10).

Good luck!
0
 

Author Comment

by:xpert_ali
ID: 38798368
Hello..

@sg08234 -> I tried WSCC (Windows System Control Center), but didn't help me reset/login to domain account, though its kind of helpful software.

@McKnife -> Offline NT Password and Registry Editor only helps to change local system password. I am looking for domain cached password or by pass the login itself

Issue still remains the same. Any other suggestions please. Thanks!
0
 
LVL 53

Expert Comment

by:McKnife
ID: 38798380
xpert_ali, please rethink your strategy. There is no need to somehow reactivate that account. All settings are accessible as long as you can access the drive. Program settings are in the registry - you can access the registry hive of that user, that's all you need. I described how to mount his registry branch and when mounted, settings can be exported or read out.
0
Are your corporate email signatures appalling?

Is it scary how unprofessional your email signatures look? Do users create their own terrible designs and give themselves stupid job titles? You can make this a lot easier for yourself by choosing an email signature management solution from Exclaimer today.

 

Author Comment

by:xpert_ali
ID: 38798414
@McKnife

Roger! Then help me with the steps where I can use local account with the that domain user profile settings exactly. I would give a try if that helps in any way. Thanks!
0
 
LVL 16

Expert Comment

by:R. Andrew Koffron
ID: 38798680
There's a tool that might help but it's sort of pricey.
http://www.passcape.com/windows_passwords_recovery
0
 
LVL 53

Expert Comment

by:McKnife
ID: 38799209
I provided the steps already, maybe they sounded too easy? What step didn't you get?
0
 
LVL 16

Expert Comment

by:R. Andrew Koffron
ID: 38799258
@xpert_ali - TO expand a little on McKnife's suggestion (or what I think he's suggesting)

typically there'll be a registry hive for each user, so....
if you open the registry with regedit.
and find the user hive for the user in question.
in the software section there'll be a section for the software in question.  
you should be able to export the section for the specific software.
than import it to a different users.
I think you'd have to do a search and replace on the section with the userID to a new userID in the text (.reg) file and than load it to another user ID.
It might work, depending on how the Application is made, but be warned!!!
messing with the registry could easily turn your system into a paperweight.

If you don't really understand what we're(@mcKnife, please correct me if I'm not following your train of thought) suggesting, just don't try it, unless your ready to format and install the machine clean.
0
 

Author Comment

by:xpert_ali
ID: 38800721
@Harel66

As of now I will wait for the new user to check for the files whatever required for now and see whether it is a high priority to by pass the log in or we can go for re installation of applications in different profile.

Thanks Dude! ;)
0
 
LVL 41

Expert Comment

by:Jackie Man
ID: 38804315
Agreed.

Actually, I am confused with what you have described. Normally, we use the domain admin account to install software, not a normal domain user and you can still use the domain admin account to re-install the applications to other users not included in the initial setup of the PC.

Unless, the guy who left your company is the domain admin and it is very likely that you can forget about the user profile for the guy.
0
 
LVL 16

Expert Comment

by:R. Andrew Koffron
ID: 38805495
@jackieman, he said in the beginning, the Active directory is no longer available.  However the specific account, had software installed that was User specific.  

If the domain, or domain admin was available this would be as simple as changing the user ID's password.

SO without an AD to authenticate against, the domain account "should" remain intact as long as it has a cached copy of the last user-password the profile used to access the domain.  and Hence the application would work, in theory under the profile. Unless the application runs on windows integrated authentication, that would probably not work on cached credentials.

so the first thing everyone probably thinks is "Doh, fix the domain!!!" but things happen and the question is "how to access/repair the functionality of the machine in question without the Domain"

Drashiel, put in the best link in the first response(in my opinion), I've used passcape in previous versions of windows to reset accounts. so "think" it'd work.

McKnife, followed up with Brief description of how to work around the issue. that should have been enough for someone qualified to do the job, and at least point them in the directions to look up the specifics.

@ xpert_ali in my opinion if you're just going to sit and wait on this. probably best to close it and split the points primarily to Drashiel and McKnife.

PS @xpert_ali, you might also try and blank the account password instead of recover it (of course this runs the risk of ruining the account also).  I remember reading once in the midst of trying to learn how to break into an account "null is always null", and when working in the encrypted password stuff, it's about 10x more likely to work as a blank password.  While I don't think a blank password would work on a connected account it just might work on the cached password.
0
 
LVL 41

Expert Comment

by:Jackie Man
ID: 38825857
@Harel66

domain users had local administrator rights on their workstations assigned <- it should be the domain administrator logon to the workstation and assign the local admin rights to the local user... So, the password of the domain administrator should have been cached in the workstation. Despite the fact that the AD is down, the domain admin should be still able to logon to the workstation and change the password of the local admin.

Correct me if I am wrong.
0
 
LVL 16

Expert Comment

by:R. Andrew Koffron
ID: 38826687
@jackieman really wouldn't make any difference if the domain admin did have a cached password it would not be able to access the user and computer interface to the AD to change anything, since domain changes happen on an AD, I am nearly certain that "IF" you managed to effect the the cached domain password of the user, regardless of the Local admin status, all you'd accomplish is increasing the chance the user profile was rendered useless because the AD is no longer accessible to authenticate against.  (not that it would make the practical effect much worse).
basically the domain accounts on a workstation are crippled, without the AD, they'll only work with the last password used to successfully log into the domain.  anything that changes the cached password is MUCH more likely to just break the local link to the cached password and start the "no logon servers available for the domain Xyz.local" type issues than to make it work.

you could easily test this by grabbing a domain workstation, and moving it into a network with no connection to any of the ADs and trying to reset an account's password.
0
 

Author Closing Comment

by:xpert_ali
ID: 38830736
So , we ended up recovering required files from the domain profile and many things which were not important or things weren't worth spending money.

But still curious if we have any open source tools to recover the cached password in these kind of situation.

Anyways, Thank you all for your suggestions/solutions and keep up the good work and keep sharing any technical stuff which are worth. :)


Regards,
Xpert_Ali

"I have no special talent. I am only passionately curious."  - Albert Einstein
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
If you need to start windows update installation remotely or as a scheduled task you will find this very helpful.
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now