Windows – Lost / Forgotten Password?

KB ID 0000755

Problem

There are many reasons why you might want to do this, someone has managed to change a user password and that person is not available, you might simply have forgotten it. Or you might have been given a machine, or bought one from ebay that has come without a password. Also there have been a few times when a user has looked me in the eye and said “I’m typing my password in, but it’s not working”, I have never seen a password change on it’s own, so I will just put that down to the evil password gremlins.

The procedure will also work on the Windows local administrators password, just bear in mind that his account is disabled by default, (after Windows 8). This procedure will not work if the machine in question has had its hard drive encrypted using BitLocker.

You can use this procedure to blank, (or reset) a Domain Controllers DSRM (Directory Services Restore Mode) password.

You can avoid this procedure if you have access to another account on this machine that has administrative access. If you can log on as an administrator, then you can change the password of other local accounts on the affected machine without the need to do this.

Solution

How to Burn the ISO Disc Image

1. Download the Password Reset CD Image.

2. Download ImgBurn and install, Launch the program, if it does not look like this you need to select View >EX-Mode-Picker. Select the ‘Write image file to disc’ option.

2. The file you downloaded is a zip file that contains the disk image, you will need to extract the image from the zip file (i.e. drag it to your desktop). From within ImgBurn launch the browse option and navigate to the disk image you have just extracted > Open.

3. Select the burn to disc icon (Note: This will be greyed out, until there is a blank CD in the drive). The image is very small, it will not take long to burn.

Carry Out a Windows 8 Password Reset.

This procedure uses the boot CD you have just created, for it to work you need to make sure the machine will attempt to boot to its CD/DVD Drive before it boots to its hard drive. (Or it will simply boot into Windows again). This change in ‘Boot Order’ is carried out in the machines BIOS, how you enter this varies depending on machine vendor, when you first turn on the machine watch for a message that looks like Press {key} to enter Setup. Typically Esc, Del, F1, F2, or F9. When in the BIOS locate the boot order and move the CD/DVD Drive to the top of the list.

1. Boot your machine from your freshly burned CD, when you see this screen simply press {Enter} to boot.

2. Depending on how many disks/partitions you have it will discover them and assign a number to each one, here I only have 1 so I will type ‘1 {Enter}’.

Note: You may see a small 300Mb partition, ignore that. You may also see your machines recovery partition if it has one, if that’s the case you may have to carry out some trial and error to get the right one.

3. The system is set to look for the default registry location C:WindowsSystem32Config so simply press {Enter}. If it fails at this point you selected the wrong drive/partition.

4. We want password reset so select option 1.

5. We will be editing user data and passwords, so again select option 1.

6. You will be presented with a list of the user objects that it can locate, here I want to reset the password for the ‘PeteLong’ user object so simply type in the username you want to edit.

Note: As mentioned you can see here the administrator account is disabled, if you want to work with that account, you will need to unlock and enable it on the next screen before you blank or change the password.

7. You can choose option 2 and type in a new password, but I’m going the blank the password, then change it when I get back into the machine by selecting option 1.

8. To step back you need to enter an exclamation mark.

9. Enter a ‘q’ to quit.

10. To write the changes you have made enter a ‘y’.

11. As long as you are happy, and have no other accounts that need changing, enter ‘n’.

12. Now remove the boot CD, and press Ctrl+Alt+Delete to reboot the machine.

13. As the user object we are dealing with was the last one that has logged on, it will select that account as soon as the computer boots, and now it has a blank password it will automatically log on.

14. To change the password, press Ctrl+I > Change PC settings.

15. Users > Create a password.

16. Type and confirm your new password, and enter a password hint > Next.

17. Log off the account and test the new password.

 

Related Articles, References, Credits, or External Links

NA

Windows NT/2K/XP/2K3 Password Recovery

KB ID 0000095

Problem

Note: As the title suggests, this is quite an old post! you might prefer THIS ONE.

Disclaimer: This information is designed to help people who are locked out of their own PC’s and not for Hacker Wannabe’s with the IQ of a haddock. Information is not inherently dangerous, just some people are. If you want to break things and be a general pain in the ass, sod off to Google and leave the grown ups alone. Pete Long 16/05/04

Generally if people are reading this they have lost or forgotten their administrator password, the more technically astute of you will baulk at this as you know the importance of this password, the simple fact is most people don’t, and by the time they need it its on a long lost post-it note. Similarly if you buy a second hand PC from eBay for example the seller will not always furnish you with the admin password.This can be resolved by wiping the hard drive and simply re-installing windows from scratch, but the chances are there will be information you need to save of the PC and you are stuck in a catch 22 situation.

OK so how do you get into the system? Well in truth there are a myriad of ways into a PC providing you are at the keyboard.

Solution

STEP 1

To be honest the simplest solution is the one most overlooked, is the password set to blank? try just pressing enter and not putting in a password. Most people use one password for everything (though this is not very secure 🙂 use the password you would normally use and remember Windows Passwords are CaSe SEnsitiVe, so try capitalising the first letter for example.

STEP 2

Well if Step 1 didn’t help you now have a choice,If your on a network with a DOMAIN you can gain access by using a domain administrators account, or if you can get in with YOUR username Click Start > Run > lusrmgr.msc {enter} right click the administrator and see if YOU have rights to change the password. OR you can simply wipe and rebuild the system, if that’s not an option and you simply HAVE TO get into the system then proceed to STEP 3

STEP 3

OK, more choices, the simplest solution is to change the admin password, using some third party software, this will let you in with administrative access and is pretty simple to do, there are a ton of applications to do this, I’ll demonstrate the one I usually use, and provide links to other tools at the end. There’s also another option which is to change the way windows starts to simply bypass the login completely, this is a little more complex to do but I’ll run through that as well. For some of you that may not be a solution, there may be a reason that you simply need the existing password, this is considerably more complex and can only be done in one way, that involves removing all the passwords and using software to de-crypt them. (This will cost you money)

Changing the Existing Password

Lets be honest, this is what 99.9% of you will want to do, you will also need to do this on another PC that has internet access to download the files and create the boot floppy disk you require, as I’ve already said there are a lot of tools available to you the one I use is free and can be downloaded from eunet.no

NOTE: If you have encrypted files with the administrator account then these will files will be unavailable to you after carrying this out. (If your now wondering if you have – the fact you’re wondering usually indicates you don’t 🙂

From the zip file select all the files and “EXTRACT” them to your hard drive.

Now you have extracted the files you need to use them to create the boot floppy you require. Put a blank floppy disk in the floppy drive (warning all files on this disk will be wiped ensure there’s nothing important on it.)

Now either open windows explorer or double click “My Computer” and navigate to your C: drive, you are looking for a file called “install.bat” (NB on your system it may just look like “install” depending on how your machine is set up) when you locate the file double click it to run it.

The setup program will run, and ask you which drive you want to create the boot image on, press a then press {Enter}, It will ask you to put a clean floppy in the drive and press {enter}

The setup program will chug along and create the floppy for you. You will know its finished when its displayed the following, just press any key to exit.

Well that’s your tool created, its time to take it to the offending machine. For it to work the offending machine will need its boot order setting so that it boots from floppy BEFORE the hard drive, for the majority of you it will be set up this way, if it wont launch the floppy disk when you boot the PC chances are this is the problem. To rectify it you need to enter the PC’s BIOS settings and change the boot order, and put the floppy (or A: drive) first in the boot order. This procedure is slightly different depending on your PC manufacturer and the BIOS itself. When your PC first boots it usually tells you how to enter the BIOS, typically by saying “Press <key> to enter setup” where <key> is usually F1, F2, F10, Esc, Delete or another key or combination of key strokes. When you get into the BIOS navigate through the screens until you see the boot order and move floppy (or A: drive) to the top on the list.

When the PC boots a lot of info will flash up on the screen, its just loading a bit of Linux don’t panic. When it settles down it asks you where windows is (its talking in UNIX speak don’t worry) you probably only have one operating system, if your clever enough to multiboot (have multiple operating systems on one PC) then Ill assume your clever enough to locate the partition you are looking for, for the rest of you just press {Enter}

It now asks “Where is the registry” but it displays the default location so just press {Enter}

Now you want to use a thing called the SAM, don’t panic just press {Enter}

The administrator is just a user so you need to accept the default choice of “Edit user data and passwords” by pressing {Enter}

The software selects the administrator by default, if it’s another user your after you can type its username (They are all listed above to help you) but we want the administrator so just hit {Enter}

You can now either type in a new password, or simply type an asterisk (this sets a blank password), you will be asked to confirm, do so by pressing Y then {Enter} all being well you will get a “Changed!” pop up on the screen and it will ask if there is another user you want to change the password for, Press ! {Enter} to return to the main menu, then press q {Enter} you now need to COMMIT the changes, press Y then {Enter} after doing some work it will say ***** EDIT COMPLETE ****** then press n {Enter} Now remove the floppy and press Ctrl+Alt+Delete to reboot.

When windows reboots it will run its built in disk checking program “Chkdsk” DONT interrupt it, just let it do its own thing, after a while windows will boot normally and you can login with the new password. (NB: Windows XP users, if you don’t see the Administrator account listed on the welcome screen press Ctrl+Alt+Delete TWICE to get a standard login screen.)

I DONT HAVE A FLOPPY DRIVE!!!!

No problem, there are CD Based boot utilities that will do the same job 🙂

EBCD-Emergency boot CD “change password of any user, including administator of Windows NT/2000/XP OS. You do not need to know the old password.”

Change the way Windows Starts

Note:This will not work on Windows Server 2003

If you turn your PC on it will eventually get to logon, if you do nothing a screen saver will launch, this screensaver is called LOGON.SCR, all very well and good you say but what use is that? Well If you replace LOGON.SCR with the windows command line program (cmd.exe) it will launch a command line window instead, and not just any command line window, you are then typing commands with the SYSTEM rights, (This is higher than administrator)

So how is that done? Well it depends on your setup, if you have formatted the machine as FAT32 you are in luck simply download a boot disk from boot disk.com, and change.

for windows 2000

copy c:winntsystem32logon.scr c:winntsystem32logon.bak {Enter} del c:winntsystem32logon.scr (Enter} copy c:winntsystem32cmd.exe c:winntsystem32cmd.bak {Enter} ren c:winntsystem32cmd.exe c:winntsystem32logon.scr {Enter}

for windows XP

copy c:windowssystem32logon.scr c:windowssystem32logon.bak {Enter} del c:windowssystem32logon.scr (Enter} copy c:windowssystem32cmd.exe c:windowssystem32cmd.bak {Enter} ren c:windowssystem32cmd.exe c:windowssystem32logon.scr {Enter}

Then reboot when the system reboots go and have a coffee, when you see the command window type

net user administrator password {Enter}

The password will now be set to password, reboot and change logon.bak to logon.scr and cmd.bak to cmd.exe

However Most people will have their machines formatted as NTFS which, being more secure is not able to be changed from a boot disk, unless its a boot disk with NTFSPro on it, then it can (WARNING THIS IS NOT FREE). Or simply remove the hard drive and place it in another (working PC) then use windows explorer to back up the logon.scr and cmd.exe files (change their extensions to .bak) and rename cmd.exe to logon.scr, Put it back in your PC and away you go.

WARNING THE FOLLOWING COSTS MONEY 🙁

If you have got this far down the page, and your not in yet, then we are going to have to break the habit of a lifetime (and spirit of this site) and spend some cash. Basically the most drastic (and time consuming) method involves removing the entire list of encrypted passwords from the inaccessible machine and decrypting them.

Your encrypted passwords are help in two locations, the first is called the SAM (system account manager) and the second is the PC’s registry.

The files you need live in the following locations….

Windows XP C:WINDOWSsystem32configSAM & C:WINDOWSsystem32configSYSTEM

WIndows 2000 C:WINNTsystem32configSAM & C:WINNTsystem32configSYSTEM

NOTE: The system file is too big to fit on a floppy if you are using floppies you will need a dos compression utility like RAR to compress it.

OK, I’ve detailed above how to get at files on a system you don’t have access to, I’d recommend putting the drive in another PC and just copying it out, If you want a FREE alternative download Knoppix (this is Linux that runs from a CD, boot with it and extract the file straight from the affected system.)

Now you have extracted the two files you need to extract the passwords this takes specialist software, the most famous is LophtCrack from @Stake software but at time of writing its nearly $600 another choice is Proactive Windows Explorer from Elcomsoft which is half the price.

 

Related Articles, References, Credits, or External Links

NA

MRS Proxy Error ‘The connection to the server could not be completed’

KB ID 0001358

Problem

When attempting a cross forest mailbox migration, When specifying the ‘Remote MRS Proxy Server address’ you get the following error;

error

the connection to the server ‘server-fqdn‘ could not be completed

Solution

Note: For Office 365 Environments see below.

This tripped me up for quite a while, (it kept saying access denied). I’d tested this previously and everything was working. Note: If you have never had it working, ensure that the name you are using is resolvable in DNS and it’s the name on the certificate of the MRS Proxy server, (or at least a subject alternative name) See this link for how to set it up properly.

Assuming, (like me) everything is OK and the MRS proxy service is running etc, then I found the root cause of my problem by running;

[box]Get-MigrationEndpoint | fl[/box]

I saw the problem straight away, it was using ‘cached credentials for an admin user who had changed their password, now all I had to do was work out how to replace the credentials!

Within the the Exchange admin center > Recipients > Migration > {Ellipsis} > ‘Migration Endpoints’.

Update.

Enter the new (correct credentials)  > Save > Save.

Now retry your ‘batch’ migration.

Office 365 Migration Endpoint Error

If you get the same error when attempting to setup a Migration Endpoint in Office 365;

Then simply skip setting up the endpoint, and perform a batch migration, the system will then connect to the MRS proxy service and work.

Related Articles, References, Credits, or External Links

NA

Windows – Cannot Save the ‘Hosts file’

KB ID 0000674 

Problem

Windows did this with Windows 7 (and Vista). If you attempt to edit the hosts file you will see the following.

You don’t have permission to save in this location. Contact the administrator to obtain permission. Would you like to save in the My Documents folder instead?

Solution

1. You could run an admin command window, and use the EDIT command, but Notepad is easier. Open the Apps page (Windows Key+Q) > Locate Notepad and right click it > Run as Administrator.

Note: YES Even if you are logged in as an administrator.

2. Now you can open the hosts file (make sure you change the file type to all files or notepad wont see it!). And you can then edit the file and save the changes.

 

Related Articles, References, Credits, or External Links

NA

Exchange 2010 – “You Don’t have sufficient permissions to view this data”orHow to Add an Exchange 2010 Administrator

KB ID 0000315 

Problem

When using the Exchange Management Console (EMC). You see the following error.

Solution

As with most errors, it’s self explanatory you need to grant permissions to the logged on user, In Exchange 2007 we could do that in the EMC, with 2010 we cannot.

Exchange 2010 uses Role Based Access Control (RBAC). So we need to add the rights in Active Directory.

1. On a domain controller Start > run > dsa.msc {enter}

2. Locate the “Microsoft Exchange Security Group” OU, then you should see the “Organization Management” Group > Add your user in there.

 

Related Articles, References, Credits, or External Links

NA

Exchange 2010 – No Exchange servers are available in any Active Directory sites

KB ID 0000658 

Problem

Seen when trying to connect to the Exchange 2010 Management Console.

Initialization failed.
The following error occurred while searching for the on-premises Exchange server: No Exchange servers are available in any Active Directory sites. You can’t connect to remote Powershell on a computer that only has the Management Tools role installed. It was running the command ‘Discover-ExchangeServer -UseWIA $true -SuppressError $true -CurrentVersion ‘Version 14.1 (Build 218.15)”.

Solution

Even though it looks like it’s something pretty serious, it isn’t. You are simply logged on as a user that does not have the rights to run the management console.

This commonly happens when you logon to the Exchange server as the servers local administrator. You need to be logged on the the Exchange server as a user that is a member of the ‘Organization Management’ group.

Related Articles, References, Credits, or External Links

Cannot Access Exchange 2010 Management Console

Exchange ActiveSync Not Working for Some Users “Post Migration”

KB ID 0000695

Problem

Error seen on some users on both Exchange 2007 and 2010, (post migration) form earlier versions of Exchange. When it fails you will also see this error.

Event ID 1053 MSExchange ActiveSync

Exchange ActiveSync doesn’t have sufficient permissions to create the “CN={User Name},OU=<OU Name>,DC={Domain Name},DC=com” container under Active Directory user “Active Directory operation failed on servername.domain-name.com This error is not retriable. Additional information: Access is denied.

Active directory response: 00000005: SecErr: DSID-031521D0, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0

Make sure the user has inherited permission granted to domainExchange Servers to allow List, Create child, Delete child of object type “msExchangeActiveSyncDevices” and doesn’t have any deny permissions that block such operations.

Solution

Note: This can happen if the user is a member of any of these groups.

Account Operators
Administrators
Backup Operators
Domain Admins
Domain Controllers
Enterprise Admins
Print Operators
Read-only Domain Controllers
Replicator
Schema Admins
Server Operators

If your user IS a member of any of these groups, then have their ActiveSync device ready to be configured, as this fix will “revert” back every hour. If you get it connected and working before it reverts you will be fine.

Note: Users and mailbox’s created post migration are NOT affected.

1. On your Exchange Server > Launch the Exchange Management Console > Server Configuration > Select your CAS Server > Properties > Security Settings > Locate the DC that it is using.

2. Go the that Domain Controller, and press Windows Key+R > dsa.msc {enter} > Active Directory Users and Computers should open.

3. View > Ensure Advanced Features is enabled > Locate the problem user > Properties > Security > Advanced > Ensure Exchange Servers is present > Tick the box to “Allow inheritable permissions from this objects parent” > Apply.

4. Now attempt to connect your ActiveSync client.

Related Articles, References, Credits, or External Links

NA

Exchange – (INSUFF_ACCESS_RIGHTS)

KB ID 0000719 

Problem

Saw this on a brand new Exchange 2010 install, this is not the first time I’ve written about this problem. It’s caused by the same thing as the error in KB0000434, back then I was trying to move mailboxes. This time I was changing the default E-mail Address Policy. It let me change the policy, but when it tried to apply the change to the user(s) this happened.

Error
Warning:
Failed to update recipient “PeteNetLive/Users/Administrator”. The following exception occurred: Active Directory operation failed on DC01.PeteNetLive.com. This error is not retriable. Additional information: Insufficient access rights to perform the operation.
Active directory response: 00002098: SecErr: DSID-03150BB9, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0

Solution

1. On a domain controller launch “Active directory users and computers” > View > Advanced options.

2. Locate the user that is being denied access (the user you were logged in as), right click > properties > Security Tab > Advanced > Tick “Include inheritable permissions from this object’s parent” > Apply > OK.

3. Try again.

Permanent Fix

Particularly after a migration this can continue to be a problem, you can stop it on a domain wide basis by doing the following;

1. Open active directory Users and computers > Expand {domain-name} > System > AdminSDHolder > Properties > Security > Advanced.

Note: You may need advanced options turning on to see System (View > Advanced).

2. Place a tick in the ‘Include inheritable permissions form this objects parent’ option> Apply > OK.

Related Articles, References, Credits, or External Links

Exchange Mailbox Move Error – (INSUFF_ACCESS_RIGHTS)

Original Article written 22/11/12