Ad:

Windows NT / 2000 / XP Discussion Thread
Unsolved
Views: 30367

Jul 16th, 2004

Administrator password bypass / Serial ATA registry corruption

Expand Post »

I was running on my machine a Seagate Serial ATA harddrive (120gb) and had data corruption of the registry (Windows XP Pro). The data on the partions was retrieved but the data that was under the administrator account on the C drive is currently being stopped by the administrator password. No prompt is given just access denied.

This is with the old serial ata as a slave drive.

I was thinking of installing Windows back over the old install and I am thinking that the data will still be there and accessible.

Is there a better way or a program I can use that will break the admin password?

TIA

Similar Threads

Serial ATA hard drive data corruption/ XP Pro Administrator password bypass in Storage

catpro42

Reputation Points: 10

Solved Threads: 0

Newbie Poster

Offline

3 posts
since Jul 2004

Permalink

Jul 17th, 2004

Re: Administrator password bypass / Serial ATA registry corruption

Hello,

I assume that you were using this data under NT/2000/XP and you have a new OS running NT/2000/XP. If this is the case, you have a new version of NT/2000/XP running, and are just being blocked by the OS.

See, even though the account names are the same (Administrator), there is an invisible mapping within windows that generates a hairy digit number letter thing that is the real user ID.

You could make an ID for a user "Jenny". Save a file, only readable by her. Remove "Jenny". Make another ID "Jenny". The accounts are named the same, but they are VERY DIFFERENT. Windows does this (as does Unix and Mac) so that someone can leave the company, and a new person with the same ID name can come in, and there won't be a security compromise.

How do you get around it?

Administrators have the ability to "take ownership" of files and folders. You will need to login to that computer as the administrator, go to the folder / file in question, and then bring up the properties window. From there, find the security information, and take ownership of the files.

Now, if you encrypted the files under NTFS, you could be in another ballpark. I have not simulated how to fix that condition.

Christian

kc0arf

Team Colleague

Reputation Points: 121

Solved Threads: 57

Posting Virtuoso

Offline

1,629 posts
since Mar 2004

Permalink

Jul 17th, 2004

Re: Administrator password bypass / Serial ATA registry corruption

Quote originally posted by kc0arf ...

Hello,
Now, if you encrypted the files under NTFS, you could be in another ballpark. I have not simulated how to fix that condition.

Christian

I haven't had a chance to try it either, but I sure hope you can retreive it the same way. Otherwise it would make a good case to never use NTFS encryption. There is a bug in XP, I don't know if it has been fixed, that can cause the Administrator account to be disabled when you reboot from changing the workgroup name. If this is the only account on the machine, which can happen frequently, you're screwed. No getting back in. This has bitten me twice. I have a program that allows you to crack the user accounts and re enable, and change the passwords but if files are encrypted, you can't get to those.

bentkey

Reputation Points: 24

Solved Threads: 8

Posting Whiz

Offline

321 posts
since Apr 2004

Permalink

Jul 17th, 2004

Re: Administrator password bypass / Serial ATA registry corruption

Couldn't you just boot in safemode and get to the admin user? Or you could read and try this:
http://www.petri.co.il/forgot_admini...r_password.htm

senterstyle

Reputation Points: 30

Solved Threads: 1

Junior Poster in Training

Offline

63 posts
since Jul 2003

Permalink

Jul 17th, 2004

Re: Administrator password bypass / Serial ATA registry corruption

No sure if this is what you want to do but booting up from a Windows 2000 CD will allow you to bypass the administrator password prompt on an XP partition.

techahbeng

Reputation Points: 10

Solved Threads: 2

Newbie Poster

Offline

24 posts
since Jul 2004

Permalink

Jul 17th, 2004

Re: Administrator password bypass / Serial ATA registry corruption

Quote originally posted by senterstyle ...

Couldn't you just boot in safemode and get to the admin user? Or you could read and try this:
http://www.petri.co.il/forgot_admin...or_password.htm

Effectively that is what I do and it is a quick easy thing, but if the Administrator has NFTS encrypted files, you will never get access to those files after doing it. So says the documentation, I haven't tried doing that, but I have to believe them. That was my point.

Quote originally posted by techahbeng ...

No sure if this is what you want to do but booting up from a Windows 2000 CD will allow you to bypass the administrator password prompt on an XP partition.

If you know a way to change the admin password or enable the admin account after doing this, I would like to know how to do it. I think I'm going to do a test case and see what happens to encrypted files after a reinstall, just to see if you can get in with a different SID unless someone has done it or knows for sure.

bentkey

Reputation Points: 24

Solved Threads: 8

Posting Whiz

Offline

321 posts
since Apr 2004

Permalink

Jul 20th, 2004

Re: Administrator password bypass / Serial ATA registry corruption

:cheesy: Thanx for the reply......I did a search of the Microsoft Knowledge base and found the the same info and I was successful in taking ownership of the directory and get to the files.

Quote originally posted by kc0arf ...

Hello,

I assume that you were using this data under NT/2000/XP and you have a new OS running NT/2000/XP. If this is the case, you have a new version of NT/2000/XP running, and are just being blocked by the OS.

See, even though the account names are the same (Administrator), there is an invisible mapping within windows that generates a hairy digit number letter thing that is the real user ID.

You could make an ID for a user "Jenny". Save a file, only readable by her. Remove "Jenny". Make another ID "Jenny". The accounts are named the same, but they are VERY DIFFERENT. Windows does this (as does Unix and Mac) so that someone can leave the company, and a new person with the same ID name can come in, and there won't be a security compromise.

How do you get around it?

Administrators have the ability to "take ownership" of files and folders. You will need to login to that computer as the administrator, go to the folder / file in question, and then bring up the properties window. From there, find the security information, and take ownership of the files.

Now, if you encrypted the files under NTFS, you could be in another ballpark. I have not simulated how to fix that condition.

Christian

catpro42

Reputation Points: 10

Solved Threads: 0

Newbie Poster

Offline

3 posts
since Jul 2004

Permalink

Jan 29th, 2006

Re: Administrator password bypass / Serial ATA registry corruption

What I foundout on my own is ya could bypass the admin without using a CD is try when booting up keep hitting the F8 key until you come to a screen that has safe mode,safe mode with networking,LOGGED.txt,Last Known good configuration,

you want to pick safe mode which should bring you to another screen that has yer Operating System pick that and windows will bootup.

Pick adminstrator if that's what it has.

When booting up in safe mode alot of yer drivers etc. will be disabled but nothing to be alarmed about.Safe mode is with the minimal amount of drivers.

Now in safe mode click onto start then goto settings then control panel then click onto user accounts ya should see an administrator name,click onto that and it should let you change everything for that user without putting in old stuff.

Hope this helps.

P.s Oh btw ya might wanna get a little notebook and write down yer computer stuff incase ya forget that's what I do.but put yer notebook somewhere where noone will find it.If ya lose yer notebook try the above method I described.

Also if what I described works ya could also make a textfile with yer usernames and passwords incase ya lose yer notebook or whatever.

Firedragon32

Reputation Points: 10

Solved Threads: 0

Newbie Poster

Offline

1 posts
since Jan 2006

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.

Previous Thread in Windows NT / 2000 / XP Forum Timeline: Blue Screen Of Death On Windows Xp

Next Thread in Windows NT / 2000 / XP Forum Timeline: Add/Remove programs gone

DaniWeb Message

Cancel Changes

User Name
Password