If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
|
Thread Tools | Rate Thread | Display Modes |
#1
|
|||
|
|||
Recovering Built-In Administrator Account Password
When I try to open the built-in administrator account Windows will not
longer accept my password. The prompt is correct and I have the password saved in my password manager so I know I am entering the right password. Is there anyway to reset this password? Windows can drive me nuts. Running Windows 10 Pro 1809; 17763.615. -- Bill Brought to you from Anchorage, Alaska |
Ads |
#2
|
|||
|
|||
Recovering Built-In Administrator Account Password
Bill Bradshaw wrote:
Is there anyway to reset this password? https://pogostick.net/~pnh/ntpasswd |
#3
|
|||
|
|||
Recovering Built-In Administrator Account Password
On Thu, 12 Sep 2019 07:54:54 -0800, "Bill Bradshaw"
wrote: When I try to open the built-in administrator account Windows will not longer accept my password. The prompt is correct and I have the password saved in my password manager so I know I am entering the right password. Is there anyway to reset this password? Windows can drive me nuts. Running Windows 10 Pro 1809; 17763.615. Caps lock? BTDT |
#4
|
|||
|
|||
Recovering Built-In Administrator Account Password
Bill Bradshaw wrote:
When I try to open the built-in administrator account Windows will not longer accept my password. The prompt is correct and I have the password saved in my password manager so I know I am entering the right password. Is there anyway to reset this password? Windows can drive me nuts. Running Windows 10 Pro 1809; 17763.615. Is your normal Windows account also an administrator-level account; that is, is your Windows account in the Administrators security group? If so, use it to change the password on the Administrator account. Of course, if you permit physical access to your computer and don't protect your admin-level Windows accounts (by not using the screen saver, or Win+L when you walk away, or don't require a password to login) then anyone else could also change the password just like you. A policy setting can lockout an account if the number of failed logins exceeds a specified threshold. Has someone else had access to your computer? How many times did you try and fail to login? Once a Windows account is locked out, it will get unlocked after awhile (also a policy setting). I'm not sure about the lockout duration, but I think it is 30 minutes; however, since all policies are registry entries, it is possible that an admin-level user (a person, a tweaker they used, or malware) modified the lockout duration. In an elevated command prompt, run: net accounts That will show the lockout threshold and duration. For me, they are Never and 30 minutes. Although there is a "Maximum password age" setting, it is not honored unless another setting enforces it. The "Lockout observation window" must be equal to or shorter than the "Lockout duration" setting. https://docs.microsoft.com/en-us/win...lockout-policy (That has sections for lockout threshold and duration.) It's also possible the account got disabled. See: https://www.windowscentral.com/how-t...unt-windows-10 Where it shows the disabled setting is also where you the lockout setting. |
#5
|
|||
|
|||
Recovering Built-In Administrator Account Password
Bill Bradshaw wrote:
When I try to open the built-in administrator account Windows will not longer accept my password. The prompt is correct and I have the password saved in my password manager so I know I am entering the right password. Is there anyway to reset this password? Windows can drive me nuts. Running Windows 10 Pro 1809; 17763.615. https://www.howtogeek.com/96630/how-...-the-easy-way/ copy c:\windows\system32\cmd.exe c:\windows\system32\sethc.exe What that does, is substitutes Command Prompt for some other innocuous feature, a feature that works early in a session after the desktop is ready to appear. Another one might be OSK.exe (the on-screen keyboard). https://www.myce.com/news/old-loopho...assword-78066/ "navigate to C:\Windows\System32, rename osk.exe (the onscreen keyboard) to osk.old (placeholder name). The next step is renaming cmd.exe to osk.exe which replaces the onscreen keyboard functionality with the command prompt. The onscreen keyboard can then be selected in the accessibility option in the Windows 10 login screen. " Note that *both* of the above recipes have poor hygiene. You can rename the old executable, so as to not upset the hard link copy in WinSXS. You can copy cmd.exe to take the place of the old executable name. When finishing up later, you delete the hack executable, then rename the original file back to its original name. That way, you won't lose the hard link. The network cable should be pulled, because you don't want Windows Update running when you're half way through the recipe :-/ That would be bad. It would also be fun to use a tool on Kodi, and crack the password, instead of merely replacing it. That's fun if you have a good video card, and you have hours to days to waste. If the password lacks mixed case, punctuation and the like, it might crack rather rapidly. Even without rainbow tables. ******* The above applies to "local accounts". Breaking into Microsoft Accounts (the MSA "email address" style accounts), I don't think these methods are all that helpful. I don't know what to do with those. Being administrator is a pretty good deal - a person who enables the built-in administrator, is just begging for some "Kodi action". You shouldn't be turning that on, in the first place. Having a single MSA account that belongs to the administrator group, sounds just a bit more secure (until a way can be figured to bust the MSA, which would only be possible if a local copy is kept or a token is kept that can be swiped). Replacing a local password "leaves tracks", and someone knows then, that the machine has been breached. Whereas with the careful cracking methods (you don't replace the password, you just know what the password is), nothing is going to look out-of-place when they log in. Part of the Kodi procedure, is getting the encrypted password entry in a standard format, for the cracking tool to munch on. Since the format is compact and post-able to USENET, you could actually give the entry to someone with a "cracker box", and they could feed you a few letters as a hint :-) Paul |
#6
|
|||
|
|||
Recovering Built-In Administrator Account Password
Paul wrote:
Bill Bradshaw wrote: When I try to open the built-in administrator account Windows will not longer accept my password. The prompt is correct and I have the password saved in my password manager so I know I am entering the right password. Is there anyway to reset this password? Windows can drive me nuts. Running Windows 10 Pro 1809; 17763.615. https://www.howtogeek.com/96630/how-...-the-easy-way/ copy c:\windows\system32\cmd.exe c:\windows\system32\sethc.exe What that does, is substitutes Command Prompt for some other innocuous feature, a feature that works early in a session after the desktop is ready to appear. Another one might be OSK.exe (the on-screen keyboard). https://www.myce.com/news/old-loopho...assword-78066/ "navigate to C:\Windows\System32, rename osk.exe (the onscreen keyboard) to osk.old (placeholder name). The next step is renaming cmd.exe to osk.exe which replaces the onscreen keyboard functionality with the command prompt. The onscreen keyboard can then be selected in the accessibility option in the Windows 10 login screen. " Note that *both* of the above recipes have poor hygiene. You can rename the old executable, so as to not upset the hard link copy in WinSXS. You can copy cmd.exe to take the place of the old executable name. When finishing up later, you delete the hack executable, then rename the original file back to its original name. That way, you won't lose the hard link. The network cable should be pulled, because you don't want Windows Update running when you're half way through the recipe :-/ That would be bad. It would also be fun to use a tool on Kodi, and crack the password, instead of merely replacing it. That's fun if you have a good video card, and you have hours to days to waste. If the password lacks mixed case, punctuation and the like, it might crack rather rapidly. Even without rainbow tables. ******* The above applies to "local accounts". Breaking into Microsoft Accounts (the MSA "email address" style accounts), I don't think these methods are all that helpful. I don't know what to do with those. Being administrator is a pretty good deal - a person who enables the built-in administrator, is just begging for some "Kodi action". You shouldn't be turning that on, in the first place. Having a single MSA account that belongs to the administrator group, sounds just a bit more secure (until a way can be figured to bust the MSA, which would only be possible if a local copy is kept or a token is kept that can be swiped). Replacing a local password "leaves tracks", and someone knows then, that the machine has been breached. Whereas with the careful cracking methods (you don't replace the password, you just know what the password is), nothing is going to look out-of-place when they log in. Part of the Kodi procedure, is getting the encrypted password entry in a standard format, for the cracking tool to munch on. Since the format is compact and post-able to USENET, you could actually give the entry to someone with a "cracker box", and they could feed you a few letters as a hint :-) Paul Even though I am replying to Paul this comment is for all. I have 2 accounts. One account is my local account of which I am the administrator. I also have a 2nd account which is labeled Administrator. Is this Administrator account referring to the Windows built-in administrator account? I will probably be asking some basic questions while I try to figure this out. Bill |
#7
|
|||
|
|||
Recovering Built-In Administrator Account Password
Bill Bradshaw wrote:
Paul wrote: Bill Bradshaw wrote: When I try to open the built-in administrator account Windows will not longer accept my password. The prompt is correct and I have the password saved in my password manager so I know I am entering the right password. Is there anyway to reset this password? Windows can drive me nuts. Running Windows 10 Pro 1809; 17763.615. https://www.howtogeek.com/96630/how-...-the-easy-way/ copy c:\windows\system32\cmd.exe c:\windows\system32\sethc.exe What that does, is substitutes Command Prompt for some other innocuous feature, a feature that works early in a session after the desktop is ready to appear. Another one might be OSK.exe (the on-screen keyboard). https://www.myce.com/news/old-loopho...assword-78066/ "navigate to C:\Windows\System32, rename osk.exe (the onscreen keyboard) to osk.old (placeholder name). The next step is renaming cmd.exe to osk.exe which replaces the onscreen keyboard functionality with the command prompt. The onscreen keyboard can then be selected in the accessibility option in the Windows 10 login screen. " Note that *both* of the above recipes have poor hygiene. You can rename the old executable, so as to not upset the hard link copy in WinSXS. You can copy cmd.exe to take the place of the old executable name. When finishing up later, you delete the hack executable, then rename the original file back to its original name. That way, you won't lose the hard link. The network cable should be pulled, because you don't want Windows Update running when you're half way through the recipe :-/ That would be bad. It would also be fun to use a tool on Kodi, and crack the password, instead of merely replacing it. That's fun if you have a good video card, and you have hours to days to waste. If the password lacks mixed case, punctuation and the like, it might crack rather rapidly. Even without rainbow tables. ******* The above applies to "local accounts". Breaking into Microsoft Accounts (the MSA "email address" style accounts), I don't think these methods are all that helpful. I don't know what to do with those. Being administrator is a pretty good deal - a person who enables the built-in administrator, is just begging for some "Kodi action". You shouldn't be turning that on, in the first place. Having a single MSA account that belongs to the administrator group, sounds just a bit more secure (until a way can be figured to bust the MSA, which would only be possible if a local copy is kept or a token is kept that can be swiped). Replacing a local password "leaves tracks", and someone knows then, that the machine has been breached. Whereas with the careful cracking methods (you don't replace the password, you just know what the password is), nothing is going to look out-of-place when they log in. Part of the Kodi procedure, is getting the encrypted password entry in a standard format, for the cracking tool to munch on. Since the format is compact and post-able to USENET, you could actually give the entry to someone with a "cracker box", and they could feed you a few letters as a hint :-) Paul Even though I am replying to Paul this comment is for all. I have 2 accounts. One account is my local account of which I am the administrator. I also have a 2nd account which is labeled Administrator. Is this Administrator account referring to the Windows built-in administrator account? I will probably be asking some basic questions while I try to figure this out. Bill Did you do this ? net user administrator /active:yes That enables the built-in administrator account. ******* Windows doesn't like it when you remove all the administrator capable accounts. Whereas at the moment, you might have two of them. Which is fine. Each can have its own password Bill (initial account, belongs to "administrators group") Admin (built-in account) separate password Jim (limited user, not a member of "administrators group") (This user cannot install programs) Some users run as "Jim", as if you were running Firefox as a "limited user", the chances of machine-wide exploits is slightly reduced. For the rest of us, we'd run as "Bill", as we need to be able to install programs, and it would be a PITA to keep switching between the Jim and Bill accounts, just to install a program once in a while. I presume there is a good reason for enabling the Admin account, but I haven't found a reason yet. The belief on many peoples minds, is that this is Windows 98, and if only a powerful enough account were available, we could smash everything in sight, and fix every problem with immediate authority. Which really is not the case. After a while, the Windows 98 crowd gets bored with Windows 10, because it makes everything "hard to do". So while there is a "natural attraction" to turning on the Admin account, it's about as useful as a wet paper bag. wmic useraccount get name,sid Name SID Administrator S-1-5-21-3768549767-1934788099-1503758287-500 Mere User S-1-5-21-3768549767-1934788099-1503758287-1000 Guest S-1-5-21-3768549767-1934788099-1503758287-501 The real administrator is account 500. The first user is account 1000. I presume Guest is a limited user, but I've not used it for anything. A command such as whoami /user /priv will tell you what level you're at currently. This is useful if you've been running psexec64, RunAsToken, or similar commands, to impersonate another account, and you want to check whether you've been successful You could run such a command from either the "Bill" account, and then from the "Admin" account, and compare the capabilities. On the Bill account, you would use the "Run as Administrator" Command Prompt or Powershell window, as part of the sequence, to see your "full set of magical powers". Impersonation is the most valuable permission (the ability to change accounts and run as the SYSTEM account). In this picture, go to the top and select "Download original image" to get the image in sharper rendition. This compared real admin, to "run as admin" "Bill". https://s18.postimg.cc/wowci9o95/whoami_user_priv.png Paul |
#8
|
|||
|
|||
Recovering Built-In Administrator Account Password
On 9/13/2019 1:31 PM, Paul wrote:
[big snip] Windows doesn't like it when you remove all the administrator capable accounts. Whereas at the moment, you might have two of them. Which is fine. Each can have its own password Â*Â* Bill (initial account, belongs to "administrators group") Â*Â* Admin (built-in account)Â*Â* separate password Â*Â* Jim (limited user, not a member of "administrators group") Â*Â*Â*Â*Â*Â* (This user cannot install programs) Some users run as "Jim", as if you were running Firefox as a "limited user", the chances of machine-wide exploits is slightly reduced. For the rest of us, we'd run as "Bill", as we need to be able to install programs, and it would be a PITA to keep switching between the Jim and Bill accounts, just to install a program once in a while. It isn't necessary to be logged into an administrator account to install programs. One just has to permit changes to the computer by entering the administrative password when prompted. This process has been in place since Vista. -- best regards, Neil |
#9
|
|||
|
|||
Recovering Built-In Administrator Account Password
Neil wrote:
On 9/13/2019 1:31 PM, Paul wrote: [big snip] Windows doesn't like it when you remove all the administrator capable accounts. Whereas at the moment, you might have two of them. Which is fine. Each can have its own password Bill (initial account, belongs to "administrators group") Admin (built-in account) separate password Jim (limited user, not a member of "administrators group") (This user cannot install programs) Some users run as "Jim", as if you were running Firefox as a "limited user", the chances of machine-wide exploits is slightly reduced. For the rest of us, we'd run as "Bill", as we need to be able to install programs, and it would be a PITA to keep switching between the Jim and Bill accounts, just to install a program once in a while. It isn't necessary to be logged into an administrator account to install programs. One just has to permit changes to the computer by entering the administrative password when prompted. This process has been in place since Vista. For a Limited User account, that won't work. If we didn't have that account type, how would Corporate IT be able to annoy users by disabling their ability to "do anything" ? That's what they use in Public School machines, to make it (marginally harder) for the kids to hack the machines. (My sister, a school teacher, had to phone the IT guy to get anything done of that nature. Even she wasn't given anything with admin privileges.) Ask J.P. what he thinks of this, because I think his account at work was locked down like that. The first account you install, after installing Windows 10, belongs to the Administrator Group, and that's where your capabilities stem from. Adding any addition accounts, you have to decide whether they should belong to any groups or not. For example, a user who only does backups for you, can belong to the "Backup Group". And the Backup Group would not have general Administrator capabilities. Since it would be easy for someone to use lusrmgr to modify the groups the accounts use, you could with a bit of effort, remove the administrator group from any and all accounts. And that's why Windows is easy to break into, so it's less difficult for someone to correct a change of that nature. How do you fix a machine that has only an MSA ? Dunno. Not a clue. You could try the sethc or osk hacks, but I don't know whether the password change command can reset a password for an account like that. You would be logged in as some sort of administrator, but I don't know what your best option would be past that point. You might be able to create an account so you could still use the computer. Maybe that much would work. Paul |
#10
|
|||
|
|||
Recovering Built-In Administrator Account Password
Bill Bradshaw wrote:
I have 2 accounts. One account is my local account of which I am the administrator. I also have a 2nd account which is labeled Administrator. Is this Administrator account referring to the Windows built-in administrator account? Yes, Administrator is the default or install-time primary admin-level Windows account. However, it is possible to rename accounts, even the Administrator account, so the Administrator account could get renamed to WannaSuckLemons and a MysteryUser named account could be renamed to Administrator. However, you said you only have 2 account, and presumably your normal admin-level account is not WannaSuckLemons or MysteryUser. https://www.thewindowsclub.com/renam...ccount-windows https://support.microsoft.com/en-us/...dows-server-20 I know some paranoid users have rename Administrator to something else, like LocalAdmin or Yagermeister (Jägermeister), and even the Guest account to deter hacking. I'm not sure that actually helps with security since it's possible to get a list of all Windows account from any admin-level account or even with a quiescent OS by booting with a different OS. You don't even need to know the account's name. The Administrator account has the same SID (Security ID) in every instance of Windows; see: https://www.lifewire.com/what-is-an-sid-number-2626005 https://docs.microsoft.com/en-us/win...ell-known-sids https://support.microsoft.com/en-us/...rating-systems The Administrator account has a SID of S-1-5-21domain-500. That doesn't mean you can see it when inside a running instance of Windows and using regedit.exe to look at the HKU hive, because Windows will hide that key (even after using "net user administrator /active:yes"). That doesn't stop reading the registry files of a quiescent OS (not running nor even loaded) by another OS that you boot instead. Since you ARE able to login to your own admin-level Windows account (i.e., your Windows account is in the Administrators security group), have you even tried to use that account to change the password on the Administrator account? |
#11
|
|||
|
|||
Recovering Built-In Administrator Account Password
VanguardLH wrote:
Since you ARE able to login to your own admin-level Windows account (i.e., your Windows account is in the Administrators security group), have you even tried to use that account to change the password on the Administrator account? Don't bother trying to use the crappy Settings app for user account management. It sucks. Either run "control.exe userpasswords2" or run "control.exe" and navigate to User Accounts - User Accounts - Manage another account, select Administrator, and create a password. Note: You must've already ran "net user administrator /active:yes" in an elevated command shell to have Administrator listed. |
#12
|
|||
|
|||
Recovering Built-In Administrator Account Password
On 9/13/2019 3:12 PM, Paul wrote:
Neil wrote: On 9/13/2019 1:31 PM, Paul wrote: [big snip] Windows doesn't like it when you remove all the administrator capable accounts. Whereas at the moment, you might have two of them. Which is fine. Each can have its own password Â*Â*Â* Bill (initial account, belongs to "administrators group") Â*Â*Â* Admin (built-in account)Â*Â* separate password Â*Â*Â* Jim (limited user, not a member of "administrators group") Â*Â*Â*Â*Â*Â*Â* (This user cannot install programs) Some users run as "Jim", as if you were running Firefox as a "limited user", the chances of machine-wide exploits is slightly reduced. For the rest of us, we'd run as "Bill", as we need to be able to install programs, and it would be a PITA to keep switching between the Jim and Bill accounts, just to install a program once in a while. It isn't necessary to be logged into an administrator account to install programs. One just has to permit changes to the computer by entering the administrative password when prompted. This process has been in place since Vista. For a Limited User account, that won't work. I'm not sure what you are referring to as a "limited user", but it works fine for me when I'm logged in to a non-administrative account, and has done so on every machine I have running Windows since Vista. -- best regards, Neil |
#13
|
|||
|
|||
Recovering Built-In Administrator Account Password
Paul wrote:
Bill Bradshaw wrote: Paul wrote: Bill Bradshaw wrote: When I try to open the built-in administrator account Windows will not longer accept my password. The prompt is correct and I have the password saved in my password manager so I know I am entering the right password. Is there anyway to reset this password? Windows can drive me nuts. Running Windows 10 Pro 1809; 17763.615. https://www.howtogeek.com/96630/how-...-the-easy-way/ copy c:\windows\system32\cmd.exe c:\windows\system32\sethc.exe What that does, is substitutes Command Prompt for some other innocuous feature, a feature that works early in a session after the desktop is ready to appear. Another one might be OSK.exe (the on-screen keyboard). https://www.myce.com/news/old-loopho...assword-78066/ "navigate to C:\Windows\System32, rename osk.exe (the onscreen keyboard) to osk.old (placeholder name). The next step is renaming cmd.exe to osk.exe which replaces the onscreen keyboard functionality with the command prompt. The onscreen keyboard can then be selected in the accessibility option in the Windows 10 login screen. " Note that *both* of the above recipes have poor hygiene. You can rename the old executable, so as to not upset the hard link copy in WinSXS. You can copy cmd.exe to take the place of the old executable name. When finishing up later, you delete the hack executable, then rename the original file back to its original name. That way, you won't lose the hard link. The network cable should be pulled, because you don't want Windows Update running when you're half way through the recipe :-/ That would be bad. It would also be fun to use a tool on Kodi, and crack the password, instead of merely replacing it. That's fun if you have a good video card, and you have hours to days to waste. If the password lacks mixed case, punctuation and the like, it might crack rather rapidly. Even without rainbow tables. ******* The above applies to "local accounts". Breaking into Microsoft Accounts (the MSA "email address" style accounts), I don't think these methods are all that helpful. I don't know what to do with those. Being administrator is a pretty good deal - a person who enables the built-in administrator, is just begging for some "Kodi action". You shouldn't be turning that on, in the first place. Having a single MSA account that belongs to the administrator group, sounds just a bit more secure (until a way can be figured to bust the MSA, which would only be possible if a local copy is kept or a token is kept that can be swiped). Replacing a local password "leaves tracks", and someone knows then, that the machine has been breached. Whereas with the careful cracking methods (you don't replace the password, you just know what the password is), nothing is going to look out-of-place when they log in. Part of the Kodi procedure, is getting the encrypted password entry in a standard format, for the cracking tool to munch on. Since the format is compact and post-able to USENET, you could actually give the entry to someone with a "cracker box", and they could feed you a few letters as a hint :-) Paul Even though I am replying to Paul this comment is for all. I have 2 accounts. One account is my local account of which I am the administrator. I also have a 2nd account which is labeled Administrator. Is this Administrator account referring to the Windows built-in administrator account? I will probably be asking some basic questions while I try to figure this out. Bill Did you do this ? net user administrator /active:yes That enables the built-in administrator account. ******* Windows doesn't like it when you remove all the administrator capable accounts. Whereas at the moment, you might have two of them. Which is fine. Each can have its own password Bill (initial account, belongs to "administrators group") Admin (built-in account) separate password Jim (limited user, not a member of "administrators group") (This user cannot install programs) Some users run as "Jim", as if you were running Firefox as a "limited user", the chances of machine-wide exploits is slightly reduced. For the rest of us, we'd run as "Bill", as we need to be able to install programs, and it would be a PITA to keep switching between the Jim and Bill accounts, just to install a program once in a while. I presume there is a good reason for enabling the Admin account, but I haven't found a reason yet. The belief on many peoples minds, is that this is Windows 98, and if only a powerful enough account were available, we could smash everything in sight, and fix every problem with immediate authority. Which really is not the case. After a while, the Windows 98 crowd gets bored with Windows 10, because it makes everything "hard to do". So while there is a "natural attraction" to turning on the Admin account, it's about as useful as a wet paper bag. wmic useraccount get name,sid Name SID Administrator S-1-5-21-3768549767-1934788099-1503758287-500 Mere User S-1-5-21-3768549767-1934788099-1503758287-1000 Guest S-1-5-21-3768549767-1934788099-1503758287-501 The real administrator is account 500. The first user is account 1000. I presume Guest is a limited user, but I've not used it for anything. A command such as whoami /user /priv will tell you what level you're at currently. This is useful if you've been running psexec64, RunAsToken, or similar commands, to impersonate another account, and you want to check whether you've been successful You could run such a command from either the "Bill" account, and then from the "Admin" account, and compare the capabilities. On the Bill account, you would use the "Run as Administrator" Command Prompt or Powershell window, as part of the sequence, to see your "full set of magical powers". Impersonation is the most valuable permission (the ability to change accounts and run as the SYSTEM account). In this picture, go to the top and select "Download original image" to get the image in sharper rendition. This compared real admin, to "run as admin" "Bill". https://s18.postimg.cc/wowci9o95/whoami_user_priv.png Paul At some point I must of used net user to activate the administor account and then I forgot to deactivate it. So I deactivated and the administrator account disappeared. So the question is when you use "net user administrator /activate:yes" is that activating the built-in administrator? So if you activate this account it shows up in the "Switch user" list. If you select it from the user list it asks for a password. Why would it want a password if you have already activated it using "net user?" My main account is setup as local and does not prompt for a password and is also an adimistrator account. Is the administrator account opened using "net user" also a stored indentity? whoami /user /priv USER INFORMATION ---------------- User Name SID ========================= ============================================== samsung-bill\samsung bill S-1-5-21-1356860141-3189260577-1052793827-1001 PRIVILEGES INFORMATION ---------------------- Privilege Name Description State ========================================= ================================================== ================ ======== SeLockMemoryPrivilege Lock pages in memory Disabled SeIncreaseQuotaPrivilege Adjust memory quotas for a process Disabled SeSecurityPrivilege Manage auditing and security log Disabled SeTakeOwnershipPrivilege Take ownership of files or other objects Disabled SeLoadDriverPrivilege Load and unload device drivers Disabled SeSystemProfilePrivilege Profile system performance Disabled SeSystemtimePrivilege Change the system time Disabled SeProfileSingleProcessPrivilege Profile single process Disabled SeIncreaseBasePriorityPrivilege Increase scheduling priority Disabled SeCreatePagefilePrivilege Create a pagefile Disabled SeBackupPrivilege Back up files and directories Disabled SeRestorePrivilege Restore files and directories Disabled SeShutdownPrivilege Shut down the system Disabled SeDebugPrivilege Debug programs Disabled SeSystemEnvironmentPrivilege Modify firmware environment values Disabled SeChangeNotifyPrivilege Bypass traverse checking Enabled SeRemoteShutdownPrivilege Force shutdown from a remote system Disabled SeUndockPrivilege Remove computer from docking station Disabled SeManageVolumePrivilege Perform volume maintenance tasks Disabled SeImpersonatePrivilege Impersonate a client after authentication Enabled SeCreateGlobalPrivilege Create global objects Enabled SeIncreaseWorkingSetPrivilege Increase a process working set Disabled SeTimeZonePrivilege Change the time zone Disabled SeCreateSymbolicLinkPrivilege Create symbolic links Disabled SeDelegateSessionUserImpersonatePrivilege Obtain an impersonation token for another user in the same session Disabled wmic useraccount get name,sid Name SID Administrator S-1-5-21-1356860141-3189260577-1052793827-500 DefaultAccount S-1-5-21-1356860141-3189260577-1052793827-503 defaultuser0 S-1-5-21-1356860141-3189260577-1052793827-1000 Guest S-1-5-21-1356860141-3189260577-1052793827-501 Samsung Bill S-1-5-21-1356860141-3189260577-1052793827-1001 WDAGUtilityAccount S-1-5-21-1356860141-3189260577-1052793827-504 I am basically to a point where I am trying to understand this. I keep the computer backed up and it works fine. Bill |
#14
|
|||
|
|||
Recovering Built-In Administrator Account Password
VanguardLH wrote:
VanguardLH wrote: Since you ARE able to login to your own admin-level Windows account (i.e., your Windows account is in the Administrators security group), have you even tried to use that account to change the password on the Administrator account? Don't bother trying to use the crappy Settings app for user account management. It sucks. Either run "control.exe userpasswords2" or run "control.exe" and navigate to User Accounts - User Accounts - Manage another account, select Administrator, and create a password. Note: You must've already ran "net user administrator /active:yes" in an elevated command shell to have Administrator listed. I did and when I was done I shoud have run it with "/active:no" and I would not have had all this confusion. Bill |
#15
|
|||
|
|||
Recovering Built-In Administrator Account Password
Bill Bradshaw wrote:
Paul wrote: Bill Bradshaw wrote: Paul wrote: Bill Bradshaw wrote: When I try to open the built-in administrator account Windows will not longer accept my password. The prompt is correct and I have the password saved in my password manager so I know I am entering the right password. Is there anyway to reset this password? Windows can drive me nuts. Running Windows 10 Pro 1809; 17763.615. https://www.howtogeek.com/96630/how-...-the-easy-way/ copy c:\windows\system32\cmd.exe c:\windows\system32\sethc.exe What that does, is substitutes Command Prompt for some other innocuous feature, a feature that works early in a session after the desktop is ready to appear. Another one might be OSK.exe (the on-screen keyboard). https://www.myce.com/news/old-loopho...assword-78066/ "navigate to C:\Windows\System32, rename osk.exe (the onscreen keyboard) to osk.old (placeholder name). The next step is renaming cmd.exe to osk.exe which replaces the onscreen keyboard functionality with the command prompt. The onscreen keyboard can then be selected in the accessibility option in the Windows 10 login screen. " Note that *both* of the above recipes have poor hygiene. You can rename the old executable, so as to not upset the hard link copy in WinSXS. You can copy cmd.exe to take the place of the old executable name. When finishing up later, you delete the hack executable, then rename the original file back to its original name. That way, you won't lose the hard link. The network cable should be pulled, because you don't want Windows Update running when you're half way through the recipe :-/ That would be bad. It would also be fun to use a tool on Kodi, and crack the password, instead of merely replacing it. That's fun if you have a good video card, and you have hours to days to waste. If the password lacks mixed case, punctuation and the like, it might crack rather rapidly. Even without rainbow tables. ******* The above applies to "local accounts". Breaking into Microsoft Accounts (the MSA "email address" style accounts), I don't think these methods are all that helpful. I don't know what to do with those. Being administrator is a pretty good deal - a person who enables the built-in administrator, is just begging for some "Kodi action". You shouldn't be turning that on, in the first place. Having a single MSA account that belongs to the administrator group, sounds just a bit more secure (until a way can be figured to bust the MSA, which would only be possible if a local copy is kept or a token is kept that can be swiped). Replacing a local password "leaves tracks", and someone knows then, that the machine has been breached. Whereas with the careful cracking methods (you don't replace the password, you just know what the password is), nothing is going to look out-of-place when they log in. Part of the Kodi procedure, is getting the encrypted password entry in a standard format, for the cracking tool to munch on. Since the format is compact and post-able to USENET, you could actually give the entry to someone with a "cracker box", and they could feed you a few letters as a hint :-) Paul Even though I am replying to Paul this comment is for all. I have 2 accounts. One account is my local account of which I am the administrator. I also have a 2nd account which is labeled Administrator. Is this Administrator account referring to the Windows built-in administrator account? I will probably be asking some basic questions while I try to figure this out. Bill Did you do this ? net user administrator /active:yes That enables the built-in administrator account. ******* Windows doesn't like it when you remove all the administrator capable accounts. Whereas at the moment, you might have two of them. Which is fine. Each can have its own password Bill (initial account, belongs to "administrators group") Admin (built-in account) separate password Jim (limited user, not a member of "administrators group") (This user cannot install programs) Some users run as "Jim", as if you were running Firefox as a "limited user", the chances of machine-wide exploits is slightly reduced. For the rest of us, we'd run as "Bill", as we need to be able to install programs, and it would be a PITA to keep switching between the Jim and Bill accounts, just to install a program once in a while. I presume there is a good reason for enabling the Admin account, but I haven't found a reason yet. The belief on many peoples minds, is that this is Windows 98, and if only a powerful enough account were available, we could smash everything in sight, and fix every problem with immediate authority. Which really is not the case. After a while, the Windows 98 crowd gets bored with Windows 10, because it makes everything "hard to do". So while there is a "natural attraction" to turning on the Admin account, it's about as useful as a wet paper bag. wmic useraccount get name,sid Name SID Administrator S-1-5-21-3768549767-1934788099-1503758287-500 Mere User S-1-5-21-3768549767-1934788099-1503758287-1000 Guest S-1-5-21-3768549767-1934788099-1503758287-501 The real administrator is account 500. The first user is account 1000. I presume Guest is a limited user, but I've not used it for anything. A command such as whoami /user /priv will tell you what level you're at currently. This is useful if you've been running psexec64, RunAsToken, or similar commands, to impersonate another account, and you want to check whether you've been successful You could run such a command from either the "Bill" account, and then from the "Admin" account, and compare the capabilities. On the Bill account, you would use the "Run as Administrator" Command Prompt or Powershell window, as part of the sequence, to see your "full set of magical powers". Impersonation is the most valuable permission (the ability to change accounts and run as the SYSTEM account). In this picture, go to the top and select "Download original image" to get the image in sharper rendition. This compared real admin, to "run as admin" "Bill". https://s18.postimg.cc/wowci9o95/whoami_user_priv.png Paul At some point I must of used net user to activate the administor account and then I forgot to deactivate it. So I deactivated and the administrator account disappeared. So the question is when you use "net user administrator /activate:yes" is that activating the built-in administrator? So if you activate this account it shows up in the "Switch user" list. If you select it from the user list it asks for a password. Why would it want a password if you have already activated it using "net user?" My main account is setup as local and does not prompt for a password and is also an adimistrator account. Is the administrator account opened using "net user" also a stored indentity? whoami /user /priv USER INFORMATION ---------------- User Name SID ========================= ============================================== samsung-bill\samsung bill S-1-5-21-1356860141-3189260577-1052793827-1001 PRIVILEGES INFORMATION ---------------------- Privilege Name Description State ========================================= ================================================== ================ ======== SeLockMemoryPrivilege Lock pages in memory Disabled SeIncreaseQuotaPrivilege Adjust memory quotas for a process Disabled SeSecurityPrivilege Manage auditing and security log Disabled SeTakeOwnershipPrivilege Take ownership of files or other objects Disabled SeLoadDriverPrivilege Load and unload device drivers Disabled SeSystemProfilePrivilege Profile system performance Disabled SeSystemtimePrivilege Change the system time Disabled SeProfileSingleProcessPrivilege Profile single process Disabled SeIncreaseBasePriorityPrivilege Increase scheduling priority Disabled SeCreatePagefilePrivilege Create a pagefile Disabled SeBackupPrivilege Back up files and directories Disabled SeRestorePrivilege Restore files and directories Disabled SeShutdownPrivilege Shut down the system Disabled SeDebugPrivilege Debug programs Disabled SeSystemEnvironmentPrivilege Modify firmware environment values Disabled SeChangeNotifyPrivilege Bypass traverse checking Enabled SeRemoteShutdownPrivilege Force shutdown from a remote system Disabled SeUndockPrivilege Remove computer from docking station Disabled SeManageVolumePrivilege Perform volume maintenance tasks Disabled SeImpersonatePrivilege Impersonate a client after authentication Enabled SeCreateGlobalPrivilege Create global objects Enabled SeIncreaseWorkingSetPrivilege Increase a process working set Disabled SeTimeZonePrivilege Change the time zone Disabled SeCreateSymbolicLinkPrivilege Create symbolic links Disabled SeDelegateSessionUserImpersonatePrivilege Obtain an impersonation token for another user in the same session Disabled wmic useraccount get name,sid Name SID Administrator S-1-5-21-1356860141-3189260577-1052793827-500 DefaultAccount S-1-5-21-1356860141-3189260577-1052793827-503 defaultuser0 S-1-5-21-1356860141-3189260577-1052793827-1000 Guest S-1-5-21-1356860141-3189260577-1052793827-501 Samsung Bill S-1-5-21-1356860141-3189260577-1052793827-1001 WDAGUtilityAccount S-1-5-21-1356860141-3189260577-1052793827-504 I am basically to a point where I am trying to understand this. I keep the computer backed up and it works fine. Bill It's possible then, that you never assigned a password to the "administrator" account. https://support.microsoft.com/en-ca/...-windows-vista net user administrator /active:yes net user administrator mywhizzynewpassword Disabling administrator, should remove it from the login choices at startup. ******* You'll find all sorts of useless advice on passwords. https://www.lifewire.com/how-do-i-fi...ssword-2626064 At the bottom of the page, I notice one user is wearing a ballcap. That'll need extra tinfoil if he expects to discover the value of the password :-) I don't think the ballcap has sufficient mental concentration powers, to crack the password all by itself. If you just activated the account, the password could still be blank. I wonder how long it would take a tool on Kodi to crack that ? You have two user accounts, 1000 and 1001. You would want to use the Accounts panel to check that at least one of those belongs to the Administrators Group. To activate the administrator account in the first place, probably requires logging in with an account belonging to the Administrator Group. Paul |
|
Thread Tools | |
Display Modes | Rate This Thread |
|
|