XP Password

Hi, i need to get into a PC running Win XP pro, the password was set by a child who forgot what he typed...lol

any ideas?

 

Here is what I have found, though I haven't tried it myself.

When you do get back in I would suggest setting up a Guest Account for the child and not letting them near an Admin account.


http://home.eunet.no/~pnordahl/ntpasswd/


This program works great, as long as you blank the password, and do not try to set it. If you try to set it, the "Computer Management" utility will report an internal error and the Administrator account will not show up. You will have to go to the "Users and Passwords" control panel. There you will find the Administrator account, and that is where you will have to reset it. Go back to "Computer Management", and the error is gone and the Administrator account is back.

The CD booted fine on a SCSI system, but the partitions are not immediately available. You need to tell it to load the SCSI drivers. The program can discover the correct drivers to load if you tell it to “autoprobe”. You have to “autoprobe” one time for each SCSI controller that you have. I had to do it twice, once for a “cciss” driver, and once for a “aic7xxx” driver. If you want, you can manually load each SCSI driver. Just enter the number that appears before your drivers name. This is preferred if they have to be loaded in a certain order.

The problem that I had was not being able to access the partitions. The software saw them and listed them. It showed each with a number from 0 to 2. The first one was the CD-ROM; the last two were hard drive partitions. I tried both 1 and 2, but it just would not bring them up. I even tried loading just one SCSI driver and not the other. No error message, no clue as to why the partition could not be accessed.

Pressing "A" gets me this message:
-----------------------
Disk:
Disk /dev/cciss/disk0/disc: 291.3 GB, 291331192320 bytes
All Partitions:
/dev/cciss/disc0/part1 * 1 1045 8393931 42 SFS
/dev/cciss/disc0/part2 1046 35419 276109155 42 SFS

Partition type 42:

From http://www.win.tue.nl/~aeb/partitio...on_types-1.html

-42 Windows 2000 dynamic extended partition marker
-If a partition table entry of type 0x42 is present in the legacy partition table, then W2K ignores the legacy partition table and uses a proprietary partition table and a proprietary partitioning scheme (LDM or DDM). As the Microsoft KnowledgeBase writes: Pure dynamic disks (those not containing any hard-linked partitions) have only a single partition table entry (type 42) to define the entire disk. Dynamic disks store their volume configuration in a database located in a 1-MB private region at the end of each dynamic disk.

The tool does not currently support Dynamic Disks (LDM etc) so it won't work properly. I believe there has been written a driver for it, but I have no idea on how easy it is to integrate.

One of the options you have to recovery this may be to do a "parallel" install (if that is possible on such disks) and access the old sam file from that installation. Or try some local exploit on the system if you can log in as a normal user. Or try one of the commercial tools.

The developer of this disk was asked what is the best way to protect systems from his program. Here is his reply:

Quote:

Except things to defeat booting from removable storage, the only thing I know about is to encrypt the whole system. There are some encryption systems around that can encrypt (and also boot password protect) a whole NT/2k/XP-system, the whole disk. These kinds of products are usually used on laptops to prevent information getting into wrong hands when the laptop
is stolen.


Hope this helps...

Cheers

 

thanks for that, going to try it now

 

Appreciate it if you can let us know how you go, as we all learn this way...

Cheers

 

There is a further link here: http://www.lostpassword.com/windows-xp-2000-nt.htm

Cheers

 

Hi sry for the late reply, it worked, took a bit of playin around but finally got it.

thanks for the link blackspear.