Solved

windows 2008 password reset

Posted on 2014-03-07
18
284 Views
Last Modified: 2014-03-10
will this work if cryptolocker was used to encrypt drive partitions?

http://www.kieranlane.com/2012/12/12/resetting-administrator-password-windows-2008/
0
Comment
Question by:Anthony H.
  • 8
  • 7
  • 2
  • +1
18 Comments
 
LVL 14

Expert Comment

by:Zac Harris
Comment Utility
Cryptolocker is showing up as ransomware. are you sure that's what you used?
0
 

Author Comment

by:Anthony H.
Comment Utility
Sorry. Meant bit- locker windows
0
 
LVL 14

Expert Comment

by:Zac Harris
Comment Utility
There should have been a recovery key established when you encrypted the drive/partition. I would use that method as opposed to renaming files and deleting files. You may force your data into a "lock-down" state.
0
 

Author Comment

by:Anthony H.
Comment Utility
Key is not available.

Any other method?
0
 
LVL 24

Expert Comment

by:Mohammed Khawaja
Comment Utility
No key, no data.  I don't think you can do anything without the key.
0
 
LVL 53

Expert Comment

by:McKnife
Comment Utility
Please be precise about the Bitlocker encryption. What protector did you use, TPM?
Long story short: yes, if the server still boots beyond Bitlocker authentication, then there are ways to reset all passwords. And yes, we may modify Bitlocker encrypted disks offline if we have the key.

Do: details please on the encryption:
TPM
TPM+PIN
Startup Key?
0
 

Author Comment

by:Anthony H.
Comment Utility
I can't provide any details as I was not the one who set it up. there absolutely no information available.
0
 
LVL 53

Expert Comment

by:McKnife
Comment Utility
Does the PC boot without bitlocker password or not?
0
 

Author Comment

by:Anthony H.
Comment Utility
Yes
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 53

Expert Comment

by:McKnife
Comment Utility
Ok, then we could solve it if you have administrative rights, but that's what you lack, that's why you try the offline modifications, right?
0
 

Author Comment

by:Anthony H.
Comment Utility
Right. When i try password reset methods drives can't be read
0
 
LVL 53

Expert Comment

by:McKnife
Comment Utility
Since non-admins cannot reset BL protectors, we cannot circumvent BL. Thus, we cannot use any password offline resetters.
Your only bet is FireWire. If the machine has a FireWire port, you could use the FireWire hack. But FireWire on a server? Or is it desktop hardware?
0
 

Author Comment

by:Anthony H.
Comment Utility
2008 r2
0
 
LVL 53

Expert Comment

by:McKnife
Comment Utility
That is your OS, I asked for FireWire ports.
0
 

Author Comment

by:Anthony H.
Comment Utility
no firewire ports. I guess I could try to find a card.

what is the process to get it done via firewire?
0
 
LVL 53

Accepted Solution

by:
McKnife earned 500 total points
Comment Utility
That card would need to get auto-installed, so you would need to find one that works with Windows' built-in drivers. http://www.youtube.com/results?search_query=firewire+hack Shows the process.

If not possible, your last Resort is a cold-boot-attack: http://www.youtube.com/watch?v=JDaicPIgn9U
0
 

Author Comment

by:Anthony H.
Comment Utility
what software are they talking about on the video??
0
 
LVL 53

Expert Comment

by:McKnife
Comment Utility
There are two videos at least...
The first link shows methods mostly based on the software Winlockpwn.
The softwares/devices used to read out the RAM in the second video: I don't know, but there will be instructions somewhere on the web if you google "cold boot attack".
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

I was supporting a handful of Windows 2008 (non-R2) 2 node clusters with shared quorum disks. Some had SQL 2008 installed and some were just a vendor application that we supported. For the purposes of this article it doesn’t really matter which so w…
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now