1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

recover domain user password without the domain.

Discussion in 'Windows XP' started by Don, Feb 26, 2010.

  1. Don

    Don Flightless Bird

    Hello, I have a client that has a company laptop, and he has forgotten
    his password. Now the laptop was part of an old business with a domain
    that no longer exists. What can I do to recover the password. I have
    access to the local admin account, but not the domain admin account on
    the laptop.

    Domain was with a sbs 2003 machine.
     
  2. Dusko Savatovic

    Dusko Savatovic Flightless Bird

    You cannot recover domain password without a domain controller.

    If you have access to the local admin account, you can unjoin computer from
    the domain. Then create a local user account and let the owner use this new
    local account.


    "Don" <donald7.44@gmail.com> wrote in message
    news:eu9s$krtKHA.4492@TK2MSFTNGP05.phx.gbl...
    > Hello, I have a client that has a company laptop, and he has forgotten his
    > password. Now the laptop was part of an old business with a domain that no
    > longer exists. What can I do to recover the password. I have access to the
    > local admin account, but not the domain admin account on the laptop.
    >
    > Domain was with a sbs 2003 machine.
     
  3. Susan Bradley

    Susan Bradley Flightless Bird

    Don wrote:
    > Hello, I have a client that has a company laptop, and he has forgotten
    > his password. Now the laptop was part of an old business with a domain
    > that no longer exists. What can I do to recover the password. I have
    > access to the local admin account, but not the domain admin account on
    > the laptop.
    >
    > Domain was with a sbs 2003 machine.


    Offline NT Password & Registry Editor:
    http://pogostick.net/~pnh/ntpasswd/main.html
     
  4. Susan Bradley

    Susan Bradley Flightless Bird

    Dusko Savatovic wrote:
    > You cannot recover domain password without a domain controller.
    >
    > If you have access to the local admin account, you can unjoin computer
    > from the domain. Then create a local user account and let the owner
    > use this new local account.
    >
    >
    > "Don" <donald7.44@gmail.com> wrote in message
    > news:eu9s$krtKHA.4492@TK2MSFTNGP05.phx.gbl...
    >> Hello, I have a client that has a company laptop, and he has
    >> forgotten his password. Now the laptop was part of an old business
    >> with a domain that no longer exists. What can I do to recover the
    >> password. I have access to the local admin account, but not the
    >> domain admin account on the laptop.
    >>
    >> Domain was with a sbs 2003 machine.

    >

    Or the duh answer I didn't even think of until this morning. Go to the
    DC, reset the password for his account. Problem solved.
     
  5. Jim

    Jim Flightless Bird

    On Fri, 26 Feb 2010 07:05:18 -0800, Susan Bradley
    <sbradcpa@pacbell.net> wrote:

    >Dusko Savatovic wrote:
    >> You cannot recover domain password without a domain controller.
    >>
    >> If you have access to the local admin account, you can unjoin computer
    >> from the domain. Then create a local user account and let the owner
    >> use this new local account.
    >>
    >>
    >> "Don" <donald7.44@gmail.com> wrote in message
    >> news:eu9s$krtKHA.4492@TK2MSFTNGP05.phx.gbl...
    >>> Hello, I have a client that has a company laptop, and he has
    >>> forgotten his password. Now the laptop was part of an old business
    >>> with a domain that no longer exists. What can I do to recover the
    >>> password. I have access to the local admin account, but not the
    >>> domain admin account on the laptop.
    >>>
    >>> Domain was with a sbs 2003 machine.

    >>

    >Or the duh answer I didn't even think of until this morning. Go to the
    >DC, reset the password for his account. Problem solved.



    Not really a duh answer Susan. The OP says it's a domain that no
    longer exists, so he's using cached credentials for an old domain.

    I'm not sure there's a solution, since all the standard password
    recovery tools work on a local account.
     
  6. On 2/25/2010 11:56 PM, Don wrote:
    > Hello, I have a client that has a company laptop, and he has forgotten
    > his password. Now the laptop was part of an old business with a domain
    > that no longer exists. What can I do to recover the password. I have
    > access to the local admin account, but not the domain admin account on
    > the laptop.
    >
    > Domain was with a sbs 2003 machine.

    Is there any data on that account that is domain-specific?

    I am thinking perhaps the Exchange profile is a dealbreaker?

    If not, just create a new local profile and copy his old profile data
    into the new local profile.
    --
    Leonid S. Knyshov
    Crashproof Solutions
    510-282-1008
    Twitter: @wiseleo
    http://crashproofsolutions.com
    Microsoft Small Business Specialist
    Please vote "helpful" if I helped you :)
     
  7. Don

    Don Flightless Bird

    On 2/26/2010 8:48 AM, Leonid S. Knyshov // SBS Expert wrote:
    > On 2/25/2010 11:56 PM, Don wrote:
    >> Hello, I have a client that has a company laptop, and he has forgotten
    >> his password. Now the laptop was part of an old business with a domain
    >> that no longer exists. What can I do to recover the password. I have
    >> access to the local admin account, but not the domain admin account on
    >> the laptop.
    >>
    >> Domain was with a sbs 2003 machine.

    > Is there any data on that account that is domain-specific?
    >
    > I am thinking perhaps the Exchange profile is a dealbreaker?
    >
    > If not, just create a new local profile and copy his old profile data
    > into the new local profile.


    There is the exchange profile it is really important. If it has to be
    lost oh well. But I can move his data, however there are programs tied
    to the profile. I created a local profile and most of the programs will
    not work.
     
  8. On 2/26/2010 8:24 AM, Don wrote:
    >
    > There is the exchange profile it is really important. If it has to be
    > lost oh well. But I can move his data, however there are programs tied
    > to the profile. I created a local profile and most of the programs will
    > not work.


    Yep, that's what I figured.

    There are some workarounds we can try, such as change the registry
    location for the local profile to match the domain profile, for example.
    Please make a disk image of this laptop before you do anything as many
    changes will be hard to reverse if things go wrong.
    --
    Leonid S. Knyshov
    Crashproof Solutions
    510-282-1008
    Twitter: @wiseleo
    http://crashproofsolutions.com
    Microsoft Small Business Specialist
    Please vote "helpful" if I helped you :)
     
  9. Susan Bradley

    Susan Bradley Flightless Bird

    Jim wrote:
    > On Fri, 26 Feb 2010 07:05:18 -0800, Susan Bradley
    > <sbradcpa@pacbell.net> wrote:
    >
    >> Dusko Savatovic wrote:
    >>> You cannot recover domain password without a domain controller.
    >>>
    >>> If you have access to the local admin account, you can unjoin computer
    >>> from the domain. Then create a local user account and let the owner
    >>> use this new local account.
    >>>
    >>>
    >>> "Don" <donald7.44@gmail.com> wrote in message
    >>> news:eu9s$krtKHA.4492@TK2MSFTNGP05.phx.gbl...
    >>>> Hello, I have a client that has a company laptop, and he has
    >>>> forgotten his password. Now the laptop was part of an old business
    >>>> with a domain that no longer exists. What can I do to recover the
    >>>> password. I have access to the local admin account, but not the
    >>>> domain admin account on the laptop.
    >>>>
    >>>> Domain was with a sbs 2003 machine.

    >> Or the duh answer I didn't even think of until this morning. Go to the
    >> DC, reset the password for his account. Problem solved.

    >
    >
    > Not really a duh answer Susan. The OP says it's a domain that no
    > longer exists, so he's using cached credentials for an old domain.
    >
    > I'm not sure there's a solution, since all the standard password
    > recovery tools work on a local account.

    Double duh. Geek = didn't fully read.

    The domain profile can be copied to the local one. If he has access to
    the local one, copy the profile.
     
  10. Cliff Galiher - MVP

    Cliff Galiher - MVP Flightless Bird

    There is an exchange profile on a domain account for a domain that doesn't
    exist anymore, but the exchange profile is still important??

    ....curious...

    Without the domain, I'm with Susan. I think you'll have to copy the profile
    to a new account and deal with some itmes that don't move.

    -Cliff


    "Don" <donald7.44@gmail.com> wrote in message
    news:#g5M1AwtKHA.3408@TK2MSFTNGP06.phx.gbl...
    > On 2/26/2010 8:48 AM, Leonid S. Knyshov // SBS Expert wrote:
    >> On 2/25/2010 11:56 PM, Don wrote:
    >>> Hello, I have a client that has a company laptop, and he has forgotten
    >>> his password. Now the laptop was part of an old business with a domain
    >>> that no longer exists. What can I do to recover the password. I have
    >>> access to the local admin account, but not the domain admin account on
    >>> the laptop.
    >>>
    >>> Domain was with a sbs 2003 machine.

    >> Is there any data on that account that is domain-specific?
    >>
    >> I am thinking perhaps the Exchange profile is a dealbreaker?
    >>
    >> If not, just create a new local profile and copy his old profile data
    >> into the new local profile.

    >
    > There is the exchange profile it is really important. If it has to be lost
    > oh well. But I can move his data, however there are programs tied to the
    > profile. I created a local profile and most of the programs will not work.
     
  11. Jim

    Jim Flightless Bird

    On Fri, 26 Feb 2010 09:24:44 -0700, Don <donald7.44@gmail.com> wrote:

    >
    >On 2/26/2010 8:48 AM, Leonid S. Knyshov // SBS Expert wrote:
    >> On 2/25/2010 11:56 PM, Don wrote:
    >>> Hello, I have a client that has a company laptop, and he has forgotten
    >>> his password. Now the laptop was part of an old business with a domain
    >>> that no longer exists. What can I do to recover the password. I have
    >>> access to the local admin account, but not the domain admin account on
    >>> the laptop.
    >>>
    >>> Domain was with a sbs 2003 machine.

    >> Is there any data on that account that is domain-specific?
    >>
    >> I am thinking perhaps the Exchange profile is a dealbreaker?
    >>
    >> If not, just create a new local profile and copy his old profile data
    >> into the new local profile.

    >
    >There is the exchange profile it is really important. If it has to be
    >lost oh well. But I can move his data, however there are programs tied
    >to the profile. I created a local profile and most of the programs will
    >not work.



    Did you make the user a local admin? That might explain why some
    programs don't work.
     
  12. Don

    Don Flightless Bird

    On 2/26/2010 3:52 PM, Jim wrote:
    > On Fri, 26 Feb 2010 09:24:44 -0700, Don<donald7.44@gmail.com> wrote:
    >
    >>
    >> On 2/26/2010 8:48 AM, Leonid S. Knyshov // SBS Expert wrote:
    >>> On 2/25/2010 11:56 PM, Don wrote:
    >>>> Hello, I have a client that has a company laptop, and he has forgotten
    >>>> his password. Now the laptop was part of an old business with a domain
    >>>> that no longer exists. What can I do to recover the password. I have
    >>>> access to the local admin account, but not the domain admin account on
    >>>> the laptop.
    >>>>
    >>>> Domain was with a sbs 2003 machine.
    >>> Is there any data on that account that is domain-specific?
    >>>
    >>> I am thinking perhaps the Exchange profile is a dealbreaker?
    >>>
    >>> If not, just create a new local profile and copy his old profile data
    >>> into the new local profile.

    >>
    >> There is the exchange profile it is really important. If it has to be
    >> lost oh well. But I can move his data, however there are programs tied
    >> to the profile. I created a local profile and most of the programs will
    >> not work.

    >
    >
    > Did you make the user a local admin? That might explain why some
    > programs don't work.


    the user is the local admin account. There is another account the user
    used when the domain went down at work, but it has not been used for
    over a year.
     
  13. Bill Kearney

    Bill Kearney Flightless Bird

    "Don" <donald7.44@gmail.com> wrote in message
    news:eu9s$krtKHA.4492@TK2MSFTNGP05.phx.gbl...
    > Hello, I have a client that has a company laptop, and he has forgotten his
    > password. Now the laptop was part of an old business with a domain that no
    > longer exists. What can I do to recover the password. I have access to the
    > local admin account, but not the domain admin account on the laptop.


    You may want to ask this in the active_directory newsgroup.

    There are tools that will let you edit the various permissions involved.
    There are a lot of Access Control Lists (ACLs) involved. I believe there
    are some automated tools to help with this process. Otherwise it's a long
    slog through a lot of files cleaning things up.

    One suggestion, totally back up the drive before mucking about with it. I
    seem to recall a couple of points where mistakes became an even greater
    hassle to clean up.

    -Bill Kearney
     
  14. jj jammer

    jj jammer Flightless Bird

    This isn't really a windows security question but more of a hacking
    question. Depending on the client what you need to understand is that the
    cached password is stored in the following location

    HKEY_LOCAL_MACHINE\SECURITY\CACHE\NL$1 through NL$10 as a hash.

    You will need a tool like cachedump (google it) to retrieve the hashes then
    you can use a tool like "Johntheripper" again goggle it to crack the hash.

    Hopefully this helps.




    On 27/02/2010 15:46, in article
    _cKdnRLWtqP_oxTWnZ2dnUVZ_gWdnZ2d@speakeasy.net, "Bill Kearney"
    <wkearney99@hotmail.com> wrote:

    >
    > "Don" <donald7.44@gmail.com> wrote in message
    > news:eu9s$krtKHA.4492@TK2MSFTNGP05.phx.gbl...
    >> Hello, I have a client that has a company laptop, and he has forgotten his
    >> password. Now the laptop was part of an old business with a domain that no
    >> longer exists. What can I do to recover the password. I have access to the
    >> local admin account, but not the domain admin account on the laptop.

    >
    > You may want to ask this in the active_directory newsgroup.
    >
    > There are tools that will let you edit the various permissions involved.
    > There are a lot of Access Control Lists (ACLs) involved. I believe there
    > are some automated tools to help with this process. Otherwise it's a long
    > slog through a lot of files cleaning things up.
    >
    > One suggestion, totally back up the drive before mucking about with it. I
    > seem to recall a couple of points where mistakes became an even greater
    > hassle to clean up.
    >
    > -Bill Kearney
    >
     
  15. Cliff Galiher - MVP

    Cliff Galiher - MVP Flightless Bird

    I never really considered that an option since this is (presumably) not a
    stolen device. It is a laptop that the owner still possesses and will want
    access to. Hacking hashes is a time-intensive project for *weak* passwords,
    and nearly impossible if password strength was required as is usual in a
    domain (this was joined to SBS03 after all.)

    I also tend not to share such methods as, if someone *is* posting under
    false pretenses, the last thing I want to do is encourage illegal behavior.
    Either way, just not good...

    -Cliff


    "jj jammer" <jj@jam.com> wrote in message news:C7AFF031.1B28%jj@jam.com...
    > This isn't really a windows security question but more of a hacking
    > question. Depending on the client what you need to understand is that the
    > cached password is stored in the following location
    >
    > HKEY_LOCAL_MACHINE\SECURITY\CACHE\NL$1 through NL$10 as a hash.
    >
    > You will need a tool like cachedump (google it) to retrieve the hashes
    > then
    > you can use a tool like "Johntheripper" again goggle it to crack the hash.
    >
    > Hopefully this helps.
    >
    >
    >
    >
    > On 27/02/2010 15:46, in article
    > _cKdnRLWtqP_oxTWnZ2dnUVZ_gWdnZ2d@speakeasy.net, "Bill Kearney"
    > <wkearney99@hotmail.com> wrote:
    >
    >>
    >> "Don" <donald7.44@gmail.com> wrote in message
    >> news:eu9s$krtKHA.4492@TK2MSFTNGP05.phx.gbl...
    >>> Hello, I have a client that has a company laptop, and he has forgotten
    >>> his
    >>> password. Now the laptop was part of an old business with a domain that
    >>> no
    >>> longer exists. What can I do to recover the password. I have access to
    >>> the
    >>> local admin account, but not the domain admin account on the laptop.

    >>
    >> You may want to ask this in the active_directory newsgroup.
    >>
    >> There are tools that will let you edit the various permissions involved.
    >> There are a lot of Access Control Lists (ACLs) involved. I believe there
    >> are some automated tools to help with this process. Otherwise it's a
    >> long
    >> slog through a lot of files cleaning things up.
    >>
    >> One suggestion, totally back up the drive before mucking about with it.
    >> I
    >> seem to recall a couple of points where mistakes became an even greater
    >> hassle to clean up.
    >>
    >> -Bill Kearney
    >>

    >
     

Share This Page