On 21 Jul 2010 at 12:39, David Elebute wrote: > Thank you everyone that responded, just getting back to this now. > we dont know anything about the servers yet, but wanted to make sure i > arrived with the tools to do what ever is required. I should have also > stated reset the password, i really dont think that we need to crack it, but > it will depend on hte "client" and how they want to handle it. > > i am going to try the http://pogostick.net/~pnh/ntpasswd/ link first and see > how this one works. i have used lopthcrack years ago too, but most AV's see > it as virus or malware.
Here are three other pages you might want to read: Forgot the Administrator Password - Alternate Method - The LOGON.SCR trick http://www.petri.co.il/forgot_administrator_password_alternate_logon_trick.htm Basically you boot the system somehow (you don't need to install an alternate OS as in the article if you can boot from BartPE or the Linux-based System Rescue CD* and see the C: drive), rename %systemroot%\system32\LOGON.SCR to LOGON.SAV and copy %systemroot%\system32\CMD.EXE to %systemroot%\system32\LOGON.SCR. Boot the original OS and wait for the screen saver to kick in. In the CMD window that opens, type "net user administrator 123456". According to the article, "This will reset the local administrator (or domain admin if you are doing this trick on a DC) password to 123456." Not sure if the "ntpasswd" utility will change the Domain Admin password on a server. There are two other articles at Petri about changing the DA password: Forgot the Administrator´s Password? - Change Domain Admin Password in Windows Server 2003 AD http://www.petri.co.il/reset_domain_admin_password_in_windows_server_2003_ad.htm Forgot the Administrator´s Password? - Change Domain Admin Password in Windows 2000 AD http://www.petri.co.il/reset_domain_admin_password_in_windows_2000_ad.htm HTH Angus * My copy of SysRescueCD has both the ability to boot the "ntpasswd" utility and "Norton Commander"-like tools that run under Linux that you can use to browse any mounted NTFS drive. http://www.sysresccd.org/ ... -- Angus Scott-Fleming GeoApps, Tucson, Arizona 1-520-290-5038 Security Blog: http://geoapps.com/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
