Link to home
Start Free TrialLog in
Avatar of Thor2923
Thor2923Flag for United States of America

asked on

need to reset adminstrator password on Windows XP workstation

I am at one of our branch offices today and we have an old WIndows XP workstation that is believed to have some valuable data on it. The trouble is it has been removed from the network so long I cannot log it back in without a security violation. It probably has to be removed and rejoined to the domain. My bigger problem is the IT people that built this machine are nowhere to be found or do not remember the old password. I cannot get in as a local admin. I need a password reset application I can boot to, I not mind spending a few bucks if it will get me out of this, but not sure what to get and I do not want to buy something for nothing. My other concern is the hard drive is configured by McAfee safe boot encryption software and I am concerned the routine admin password hack will not work. Does anyone have any ideas or suggestions
ASKER CERTIFIED SOLUTION
Avatar of Lee W, MVP
Lee W, MVP
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Thor2923
Thor2923
Flag of United States of America image

ASKER

that is exactly the answer I expected and the answer I did not want to hear LOL. but you are probably right. I do not see how I could or should be able to reset the admin password in the state it is in now
Avatar of Sean Jackson
Sean Jackson
Flag of United States of America image
Yeah, you'll just have to start over when you upgrade this machine to Win7.
Avatar of Lee W, MVP
Lee W, MVP
Flag of United States of America image
I would say how valuable is the data?  If it's worth thousands, than it may make sense to contact data recovery services.  There are techniques that can POSSIBLY be used to get that the data... if the system is XP and has been offline for a while, there may be "hackers" who could use an exploit to gain administrative access to it and run a tool like disk2vhd to create a copy of the drive, unencrypted, that would then allow you to access files.

I want to stress, the data recovery services would be expensive *IF THEY EXIST* (If the NSA can do it, you'd figure commercial entities can probably come close... if you can find the right commercial entity).
Avatar of McKnife
McKnife
Flag of Germany image
How is the encryption configured? Preboot authentication? If so (which is advisable), then there's no way but to break that encryption by brute force. If the encryption is transparent (using a TPM without a PIN), then there are ways to get in. With McAfee, it is possible that a TPM is used, but transparent? You will have to boot it to know.
Avatar of Gabriel Clifton
Gabriel Clifton
Flag of United States of America image
Yes, Lee W is correct in that if the drive is encrypted you are out of luck. You would not even be able to add the drive as a slave in a different system and read the data. That is why you encrypt it, to prevent anyone else from accessing any data.
Avatar of Thor2923
Thor2923
Flag of United States of America image

ASKER

I basically am supposed to pull an NK2 file off of it so a user can retrieve some old email addresses he had stored in his cache. No, it is not worth thousands or even hundreds. I think this machine is ready to be marked down and given away
Avatar of McKnife
McKnife
Flag of Germany image
Please give feedback on my question, it might be the only way.
Avatar of Lee W, MVP
Lee W, MVP
Flag of United States of America image
I'm guessing you cannot log in as the user either?  Can you log in as ANY user?
Avatar of McKnife
McKnife
Flag of Germany image
Dear Thor2923,
please be aware that it is rather unpleasant for experts like me, who try to help, to be ignored until the question is closed.