Archive for category Security

How to reset the Administrator password in Windows

Forgot your Administrator password? Or locked it out due to trying the wrong one too many times? This is the place for you.

I worked for a client recently that made a classic personnel mistake. After parting ways with a disgruntled employee they failed to change the Administrator password on their production server. This server is available publicly via remote desktop. As I was working on a issue for them one day I stopped being able to log in. It turns out their disgruntled employee had logged on and re-set their password, Oops!

If you find yourself in such a conundrum here is how I got them back into their machine. There is a great (free) app called PogoStick that you download as an ISO and burn to a CD, it’s available here: http://pogostick.net/~pnh/ntpasswd/. Just download it, burn it to a CD and then insert into the affected machine. Couple of notes here:
1) Be sure the machine your fixing is set up to boot from your CD rom first. This is done by going into your bios and finding the section related to boot devices. Every bios is different so that’s as specific of instructions as I can give.
2) Read through the screens. The app can do a number of things but many of them are experimental and some only work on certain versions of Windows. Play it safe and only reset the password to blank, setting it to a value didn’t work for me. Also be sure to unsuspend the id if it’s not already.
3) This one is important, and not so obvious in my opinion. After you’ve fixed the id you’re not done. You have to exit using the menu. It will eventually ask if you want to commit the changes to which you’ll answer (y)es.

That’s it. In case you’re not paying enough attention, you can now re-set the Administrator password from blank to some useful value in Windows itself. No need to use a command line app as I’ve heard some people have.

NOTE: If you need to reset an admin id on a domain controller that is an entirely different beast. The solution above works for local machine accounts only! If you want more info, or want to try to fix a account for a domain controller these look like useful websites. Caveat emptor though, it is possible to make the situation worse with some of these suggestions.
How to reset the Domain Admin Password under Windows 2003 Server
Unlocking Windows NT/2000/2003 Domain Controllers
Forgot your Windows password? No problems : Password resetting and recovering techniques

Advertisements

Leave a comment

Internet Explorer – is it really as insecure as people think?

Firstly, I have to say I don’t think IE is at all insecure.  That’s not because it’s never had a virus, but because browsers can’t have feelings.  Insecure just makes a good catchphrase I think, even though I used the word incorrectly.

I stumbled on this blog post today Internet Explorer 8 Still the Best at Staying Safe While Browsing the Web.  IE added a feature a while back that checks the website being requested (the URL / URI) against a known database before it loads that in the browser.  According to the website above that feature caused 560 million blocks last year or 3 million blocks a day, so it prevents people from getting a virus 3 million times a day.  That’s pretty impressive.

Now, that’s not exactly the cure I have to say.  Blocking websites that gives IE virus’ is not a patch to permanently prevent a virus.  The cure is to fix their code, however being realistic, the site blocking feature is just another layer of security.  You can’t catch all the bugs all the time and a feature like this adequately allows the IE team time to develop a fix and still prevent any given site from causing the entire internet turning into a botnet.

Kudos to you MS for providing such a feature, though do be sure to keep the patches coming.

Leave a comment