• Welcome to Tux Reports: Where Penguins Fly. We hope you find the topics varied, interesting, and worthy of your time. Please become a member and join in the discussions.

recover domain user password without the domain.

D

Don

Flightless Bird
Hello, I have a client that has a company laptop, and he has forgotten
his password. Now the laptop was part of an old business with a domain
that no longer exists. What can I do to recover the password. I have
access to the local admin account, but not the domain admin account on
the laptop.

Domain was with a sbs 2003 machine.
 
D

Dusko Savatovic

Flightless Bird
You cannot recover domain password without a domain controller.

If you have access to the local admin account, you can unjoin computer from
the domain. Then create a local user account and let the owner use this new
local account.


"Don" <donald7.44@gmail.com> wrote in message
news:eu9s$krtKHA.4492@TK2MSFTNGP05.phx.gbl...
> Hello, I have a client that has a company laptop, and he has forgotten his
> password. Now the laptop was part of an old business with a domain that no
> longer exists. What can I do to recover the password. I have access to the
> local admin account, but not the domain admin account on the laptop.
>
> Domain was with a sbs 2003 machine.
 
S

Susan Bradley

Flightless Bird
Don wrote:
> Hello, I have a client that has a company laptop, and he has forgotten
> his password. Now the laptop was part of an old business with a domain
> that no longer exists. What can I do to recover the password. I have
> access to the local admin account, but not the domain admin account on
> the laptop.
>
> Domain was with a sbs 2003 machine.

Offline NT Password & Registry Editor:
http://pogostick.net/~pnh/ntpasswd/main.html
 
S

Susan Bradley

Flightless Bird
Dusko Savatovic wrote:
> You cannot recover domain password without a domain controller.
>
> If you have access to the local admin account, you can unjoin computer
> from the domain. Then create a local user account and let the owner
> use this new local account.
>
>
> "Don" <donald7.44@gmail.com> wrote in message
> news:eu9s$krtKHA.4492@TK2MSFTNGP05.phx.gbl...
>> Hello, I have a client that has a company laptop, and he has
>> forgotten his password. Now the laptop was part of an old business
>> with a domain that no longer exists. What can I do to recover the
>> password. I have access to the local admin account, but not the
>> domain admin account on the laptop.
>>
>> Domain was with a sbs 2003 machine.
>
Or the duh answer I didn't even think of until this morning. Go to the
DC, reset the password for his account. Problem solved.
 
J

Jim

Flightless Bird
On Fri, 26 Feb 2010 07:05:18 -0800, Susan Bradley
<sbradcpa@pacbell.net> wrote:

>Dusko Savatovic wrote:
>> You cannot recover domain password without a domain controller.
>>
>> If you have access to the local admin account, you can unjoin computer
>> from the domain. Then create a local user account and let the owner
>> use this new local account.
>>
>>
>> "Don" <donald7.44@gmail.com> wrote in message
>> news:eu9s$krtKHA.4492@TK2MSFTNGP05.phx.gbl...
>>> Hello, I have a client that has a company laptop, and he has
>>> forgotten his password. Now the laptop was part of an old business
>>> with a domain that no longer exists. What can I do to recover the
>>> password. I have access to the local admin account, but not the
>>> domain admin account on the laptop.
>>>
>>> Domain was with a sbs 2003 machine.
>>
>Or the duh answer I didn't even think of until this morning. Go to the
>DC, reset the password for his account. Problem solved.


Not really a duh answer Susan. The OP says it's a domain that no
longer exists, so he's using cached credentials for an old domain.

I'm not sure there's a solution, since all the standard password
recovery tools work on a local account.
 
L

Leonid S. Knyshov // SBS Expert

Flightless Bird
On 2/25/2010 11:56 PM, Don wrote:
> Hello, I have a client that has a company laptop, and he has forgotten
> his password. Now the laptop was part of an old business with a domain
> that no longer exists. What can I do to recover the password. I have
> access to the local admin account, but not the domain admin account on
> the laptop.
>
> Domain was with a sbs 2003 machine.
Is there any data on that account that is domain-specific?

I am thinking perhaps the Exchange profile is a dealbreaker?

If not, just create a new local profile and copy his old profile data
into the new local profile.
--
Leonid S. Knyshov
Crashproof Solutions
510-282-1008
Twitter: @wiseleo
http://crashproofsolutions.com
Microsoft Small Business Specialist
Please vote "helpful" if I helped you :)
 
D

Don

Flightless Bird
On 2/26/2010 8:48 AM, Leonid S. Knyshov // SBS Expert wrote:
> On 2/25/2010 11:56 PM, Don wrote:
>> Hello, I have a client that has a company laptop, and he has forgotten
>> his password. Now the laptop was part of an old business with a domain
>> that no longer exists. What can I do to recover the password. I have
>> access to the local admin account, but not the domain admin account on
>> the laptop.
>>
>> Domain was with a sbs 2003 machine.
> Is there any data on that account that is domain-specific?
>
> I am thinking perhaps the Exchange profile is a dealbreaker?
>
> If not, just create a new local profile and copy his old profile data
> into the new local profile.

There is the exchange profile it is really important. If it has to be
lost oh well. But I can move his data, however there are programs tied
to the profile. I created a local profile and most of the programs will
not work.
 
L

Leonid S. Knyshov // SBS Expert

Flightless Bird
On 2/26/2010 8:24 AM, Don wrote:
>
> There is the exchange profile it is really important. If it has to be
> lost oh well. But I can move his data, however there are programs tied
> to the profile. I created a local profile and most of the programs will
> not work.

Yep, that's what I figured.

There are some workarounds we can try, such as change the registry
location for the local profile to match the domain profile, for example.
Please make a disk image of this laptop before you do anything as many
changes will be hard to reverse if things go wrong.
--
Leonid S. Knyshov
Crashproof Solutions
510-282-1008
Twitter: @wiseleo
http://crashproofsolutions.com
Microsoft Small Business Specialist
Please vote "helpful" if I helped you :)
 
S

Susan Bradley

Flightless Bird
Jim wrote:
> On Fri, 26 Feb 2010 07:05:18 -0800, Susan Bradley
> <sbradcpa@pacbell.net> wrote:
>
>> Dusko Savatovic wrote:
>>> You cannot recover domain password without a domain controller.
>>>
>>> If you have access to the local admin account, you can unjoin computer
>>> from the domain. Then create a local user account and let the owner
>>> use this new local account.
>>>
>>>
>>> "Don" <donald7.44@gmail.com> wrote in message
>>> news:eu9s$krtKHA.4492@TK2MSFTNGP05.phx.gbl...
>>>> Hello, I have a client that has a company laptop, and he has
>>>> forgotten his password. Now the laptop was part of an old business
>>>> with a domain that no longer exists. What can I do to recover the
>>>> password. I have access to the local admin account, but not the
>>>> domain admin account on the laptop.
>>>>
>>>> Domain was with a sbs 2003 machine.
>> Or the duh answer I didn't even think of until this morning. Go to the
>> DC, reset the password for his account. Problem solved.
>
>
> Not really a duh answer Susan. The OP says it's a domain that no
> longer exists, so he's using cached credentials for an old domain.
>
> I'm not sure there's a solution, since all the standard password
> recovery tools work on a local account.
Double duh. Geek = didn't fully read.

The domain profile can be copied to the local one. If he has access to
the local one, copy the profile.
 
C

Cliff Galiher - MVP

Flightless Bird
There is an exchange profile on a domain account for a domain that doesn't
exist anymore, but the exchange profile is still important??

....curious...

Without the domain, I'm with Susan. I think you'll have to copy the profile
to a new account and deal with some itmes that don't move.

-Cliff


"Don" <donald7.44@gmail.com> wrote in message
news:#g5M1AwtKHA.3408@TK2MSFTNGP06.phx.gbl...
> On 2/26/2010 8:48 AM, Leonid S. Knyshov // SBS Expert wrote:
>> On 2/25/2010 11:56 PM, Don wrote:
>>> Hello, I have a client that has a company laptop, and he has forgotten
>>> his password. Now the laptop was part of an old business with a domain
>>> that no longer exists. What can I do to recover the password. I have
>>> access to the local admin account, but not the domain admin account on
>>> the laptop.
>>>
>>> Domain was with a sbs 2003 machine.
>> Is there any data on that account that is domain-specific?
>>
>> I am thinking perhaps the Exchange profile is a dealbreaker?
>>
>> If not, just create a new local profile and copy his old profile data
>> into the new local profile.
>
> There is the exchange profile it is really important. If it has to be lost
> oh well. But I can move his data, however there are programs tied to the
> profile. I created a local profile and most of the programs will not work.
 
J

Jim

Flightless Bird
On Fri, 26 Feb 2010 09:24:44 -0700, Don <donald7.44@gmail.com> wrote:

>
>On 2/26/2010 8:48 AM, Leonid S. Knyshov // SBS Expert wrote:
>> On 2/25/2010 11:56 PM, Don wrote:
>>> Hello, I have a client that has a company laptop, and he has forgotten
>>> his password. Now the laptop was part of an old business with a domain
>>> that no longer exists. What can I do to recover the password. I have
>>> access to the local admin account, but not the domain admin account on
>>> the laptop.
>>>
>>> Domain was with a sbs 2003 machine.
>> Is there any data on that account that is domain-specific?
>>
>> I am thinking perhaps the Exchange profile is a dealbreaker?
>>
>> If not, just create a new local profile and copy his old profile data
>> into the new local profile.
>
>There is the exchange profile it is really important. If it has to be
>lost oh well. But I can move his data, however there are programs tied
>to the profile. I created a local profile and most of the programs will
>not work.


Did you make the user a local admin? That might explain why some
programs don't work.
 
D

Don

Flightless Bird
On 2/26/2010 3:52 PM, Jim wrote:
> On Fri, 26 Feb 2010 09:24:44 -0700, Don<donald7.44@gmail.com> wrote:
>
>>
>> On 2/26/2010 8:48 AM, Leonid S. Knyshov // SBS Expert wrote:
>>> On 2/25/2010 11:56 PM, Don wrote:
>>>> Hello, I have a client that has a company laptop, and he has forgotten
>>>> his password. Now the laptop was part of an old business with a domain
>>>> that no longer exists. What can I do to recover the password. I have
>>>> access to the local admin account, but not the domain admin account on
>>>> the laptop.
>>>>
>>>> Domain was with a sbs 2003 machine.
>>> Is there any data on that account that is domain-specific?
>>>
>>> I am thinking perhaps the Exchange profile is a dealbreaker?
>>>
>>> If not, just create a new local profile and copy his old profile data
>>> into the new local profile.
>>
>> There is the exchange profile it is really important. If it has to be
>> lost oh well. But I can move his data, however there are programs tied
>> to the profile. I created a local profile and most of the programs will
>> not work.
>
>
> Did you make the user a local admin? That might explain why some
> programs don't work.

the user is the local admin account. There is another account the user
used when the domain went down at work, but it has not been used for
over a year.
 
B

Bill Kearney

Flightless Bird
"Don" <donald7.44@gmail.com> wrote in message
news:eu9s$krtKHA.4492@TK2MSFTNGP05.phx.gbl...
> Hello, I have a client that has a company laptop, and he has forgotten his
> password. Now the laptop was part of an old business with a domain that no
> longer exists. What can I do to recover the password. I have access to the
> local admin account, but not the domain admin account on the laptop.

You may want to ask this in the active_directory newsgroup.

There are tools that will let you edit the various permissions involved.
There are a lot of Access Control Lists (ACLs) involved. I believe there
are some automated tools to help with this process. Otherwise it's a long
slog through a lot of files cleaning things up.

One suggestion, totally back up the drive before mucking about with it. I
seem to recall a couple of points where mistakes became an even greater
hassle to clean up.

-Bill Kearney
 
J

jj jammer

Flightless Bird
This isn't really a windows security question but more of a hacking
question. Depending on the client what you need to understand is that the
cached password is stored in the following location

HKEY_LOCAL_MACHINE\SECURITY\CACHE\NL$1 through NL$10 as a hash.

You will need a tool like cachedump (google it) to retrieve the hashes then
you can use a tool like "Johntheripper" again goggle it to crack the hash.

Hopefully this helps.




On 27/02/2010 15:46, in article
_cKdnRLWtqP_oxTWnZ2dnUVZ_gWdnZ2d@speakeasy.net, "Bill Kearney"
<wkearney99@hotmail.com> wrote:

>
> "Don" <donald7.44@gmail.com> wrote in message
> news:eu9s$krtKHA.4492@TK2MSFTNGP05.phx.gbl...
>> Hello, I have a client that has a company laptop, and he has forgotten his
>> password. Now the laptop was part of an old business with a domain that no
>> longer exists. What can I do to recover the password. I have access to the
>> local admin account, but not the domain admin account on the laptop.
>
> You may want to ask this in the active_directory newsgroup.
>
> There are tools that will let you edit the various permissions involved.
> There are a lot of Access Control Lists (ACLs) involved. I believe there
> are some automated tools to help with this process. Otherwise it's a long
> slog through a lot of files cleaning things up.
>
> One suggestion, totally back up the drive before mucking about with it. I
> seem to recall a couple of points where mistakes became an even greater
> hassle to clean up.
>
> -Bill Kearney
>
 
C

Cliff Galiher - MVP

Flightless Bird
I never really considered that an option since this is (presumably) not a
stolen device. It is a laptop that the owner still possesses and will want
access to. Hacking hashes is a time-intensive project for *weak* passwords,
and nearly impossible if password strength was required as is usual in a
domain (this was joined to SBS03 after all.)

I also tend not to share such methods as, if someone *is* posting under
false pretenses, the last thing I want to do is encourage illegal behavior.
Either way, just not good...

-Cliff


"jj jammer" <jj@jam.com> wrote in message news:C7AFF031.1B28%jj@jam.com...
> This isn't really a windows security question but more of a hacking
> question. Depending on the client what you need to understand is that the
> cached password is stored in the following location
>
> HKEY_LOCAL_MACHINE\SECURITY\CACHE\NL$1 through NL$10 as a hash.
>
> You will need a tool like cachedump (google it) to retrieve the hashes
> then
> you can use a tool like "Johntheripper" again goggle it to crack the hash.
>
> Hopefully this helps.
>
>
>
>
> On 27/02/2010 15:46, in article
> _cKdnRLWtqP_oxTWnZ2dnUVZ_gWdnZ2d@speakeasy.net, "Bill Kearney"
> <wkearney99@hotmail.com> wrote:
>
>>
>> "Don" <donald7.44@gmail.com> wrote in message
>> news:eu9s$krtKHA.4492@TK2MSFTNGP05.phx.gbl...
>>> Hello, I have a client that has a company laptop, and he has forgotten
>>> his
>>> password. Now the laptop was part of an old business with a domain that
>>> no
>>> longer exists. What can I do to recover the password. I have access to
>>> the
>>> local admin account, but not the domain admin account on the laptop.
>>
>> You may want to ask this in the active_directory newsgroup.
>>
>> There are tools that will let you edit the various permissions involved.
>> There are a lot of Access Control Lists (ACLs) involved. I believe there
>> are some automated tools to help with this process. Otherwise it's a
>> long
>> slog through a lot of files cleaning things up.
>>
>> One suggestion, totally back up the drive before mucking about with it.
>> I
>> seem to recall a couple of points where mistakes became an even greater
>> hassle to clean up.
>>
>> -Bill Kearney
>>
>
 
You must log in or register to reply here.
Top