Weirdo 7 reset user/password by itself


  1. Posts : 34
    windows 7 Professional x64
       #1

    Weirdo 7 reset user/password by itself


    Hi, I have a terminal installed at a hotel that somehow resets itself!

    Its a Windows 7 PosReady embedded


    Its a custom image-build thats deployed in hundreds of devices, maybe thousands around for years without issues and all from same image.

    For some time ago, the staff called me and asked about password for windows.
    (It has no password prompt at login at all...)

    The windows image is build with a "administrator" account and auto-logon.

    I suspect and found some data in the windows log that they had a power failure so two computers had entries with abnormal shutdown. But the XP version was OK, but this Win7 suddenly had logged out at next boot.

    This is Background of Event A


    1. Instead the suggested user at welcome/login screen was "user"

    (administrator not even listed!)

    2. no such password worked


    3. So the Windows 7 machine could not boot in safe mode, last config or anything.
    And because its a image no such local restoration partition exists. I couldnt do shit.

    The login-screen just starred with the weird "user" and prompted for a password.

    4. The machine did reply ping thou from LAN.

    5. But could not browse it from computer2 through SMB catalog:

    \\computer
    \\computer\c$



    6. I then did some attempts with the psexec from the xp-machine in the same network.
    Maybe I didnt manage the tool but all sort of attempts failed:

    psexec \\computer -u remote\administrator

    All sort of commands was either not working , or not allowed.

    7. But the xp-machine could run a payment application that runs on the machine (!).
    the database (MYSQL) somehow worked, because the xp-machine is just a slave and connects to the master ip adress. And mysql allows this at port 1433




    no luck. Maybe if I had some VNC_server running on the machine it could be intresting.
    Like what is acctually running? telnet...but at this point I was so locked out.

    Not even the powerful psexec.tool could alter it





    8. Then I had to do the utilman_trick and no time for fooling around.

    So I accessed cmd at the login screen, and typed
    net users
    net user administrator *


    And got back in. A new password was set.



    --------------------------- now a few months later, The same thing happend-------Event B

    So I did utilman password_hack again.
    This time I also had to choose another user, and type administrator + the password.

    Login.
    Go to control panel/users/del password.



    But wtf is this?
    Why does this happen?
    How can I stop this from happen?
    Is there any logfiles or traces?
    Virus?

    (it has a local AV, and its a pretty closed network)
      My Computer


  2. Posts : 176
    Win 7 Home Prem x64 SP1
       #2

    Spöken i maskinen?
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 17:30.
Find Us