Recovering Administrator Password

[RhinoCan]

I've just started as a volunteer at a local community group, working as the IT guy. It seems I've walked into a place that is in some disarray, at least with regards to its IT setup.

My immediate problem is that their main server has two administrator IDs as well as one regular user account but only the password of the regular user account - which does NOT have administrator privileges - has a known password. Although there are passwords written down for the two administrator IDs, they do not work. The director of the organization strongly suspects that the previous IT person, who "didn't work out", has changed the passwords on her way out the door; apparently the passwords did work recently.

I'm trying to figure out how to recover or change the password on the administrator IDs. I've done some Googling and found instructions that say to reboot into Safe Mode, then change the Administrator passwords from there. Unfortunately, when I do that, the first thing I see after entering Safe Mode is a panel showing the two Administrator IDs and insisting on the password for either ID. Since I know neither ID, I am at a loss as to how to proceed.

Other googling has revealed a bunch of suggestions for dealing with this problem, all involving using freeware or paid services that are supposed to hack the administrator passwords. Each of these suggestions comes endorsed by someone who says the solution worked perfectly for them but each seems to be followed by denunciations that the technique didn't work for them or even damaged their systems. Each person making these claims swears to be disinterested and not an employee or agent of the company providing the solution but I'm not sure I believe them.

I'm also concerned about some of the dire warnings I'm seeing about these various solutions. For example, some of the solutions seem to put encrypted files at risk of being lost. I am the ONLY IT person involved with the organization now and the other people apparently don't know if there are any encrypted files on the system. Unfortunately, I'm in somewhat over my head on this. My strengths are in programming, database, and web design, not Windows administration, so I really don't know how to determine if there are encrypted files on the server. If there aren't, maybe the risk of using one of these hack-solutions is not so grave, in which case I might try some of the free solutions first and then move on to the paid solutions if the free ones don't work.

I'd really appreciate some advice here from people that are more knowledgeable about Windows.

For what it's worth, the computers at the organization, which is a non-profit, are a mix of Windows XP and 7 machines. The main server, which is the one I'm trying to access, is running Windows XP Professional Version 2002 SP3. (I suppose I should be asking this on an XP forum but I'm hoping someone here will remember the techniques of XP administration well enough to help with this.)

I expect to ask several more questions as I get oriented to this new job but this is probably the most critical one right now. Any help you can offer would be greatly appreciated!

 

[Anak]

Hi RhinoCan, welcome to 7F!

I didn't read through your whole post, but from what I got, this tutorial may help, but, with servers involved I'm not sure how much: http://www.sevenforums.com/tutorials/65207-password-reset-using-system-restore-windows-7-a.html

Notice the bold underline.

   Information

This will show you how to use System Restore to reset the passwords of users to what they were for the date of the restore point in Windows 7.

This is helpful for the following reasons:

• You set a new password for the Administrator account and no longer remember it.
• You enter the correct password but because of system corruption it is not accepted.
• You delete a protected Administrator account and are no longer able to log on to another account.
• You change a protected Administrator account to a standard user account and are unable to log on to another Administrator account.

For more information, see: Microsoft Help and Support: KB940765

Now, your job is to find out when the previous IT Person relinquished her duties and use a restore point before that point in time, let us just hope she wasn't savvy enough to delete all the previous points.

If you can't see any try the CMD's here: ITs Amazing: Restore Points doesn't exist in Windows 2008 , after running them see if there are any under the "System Protection" tab:

(1) Right Click your "Computer" on Win 2K8, open "Properties", "Advanced Settings" and there you'll find "System Protection" tab.

I have chores to do, but I'll check back. In the meantime, go here: http://www.sevenforums.com/tutorials/257-windows-7-tutorial-index.html#post2397115, and put 'bout 3backward pulls on your scroll wheel to get down to the start of the password tutorials, there may be something else in there that may help.


More:
What to do if you forget your Windows password - Windows Help

Thought's:
What Server version is the community group running?

 

[Tookeri]

About encrypted files, I only use EFS myself and not BitLocker.

You can run this command to list all encrypted files: cipher /U /N

This will tell if EFS is used. If you have EFS encrypted files and you set a new password for the account that has encrypted the files, then you won't be able to access those files anymore.
For BitLocker: How to Determine if BitLocker Drive Encryption is Enabled - TechNet Articles - United States (English) - TechNet Wiki

Edit: I don't use Bitlocker so I hope someone else can fill in on that.

 

[Berton]

Could be one of the tools that would work for you would be Spotmau's PowerSuite, is bootable and has a feature for removing Windows passwords. I've used it for several years and has saved me a lot of headaches when the owners couldn't provide the correct login password, well worth the money. Has other useful features.
Spotmau Powersuite: Boot Up Any Crashed Windows Computer, 5 Star Award PC Tool

 

[Anak]

Thanks Tookeri, and Berton for pitchin' in, this might be a sticky wicket....and I appreciate the help.

RC....I have seen some horror stories about/with encrypted files. See how the other fella's tips can help. Then get back to us, okay?

When in doubt, cancel out.

 

[Berton]

You're welcome.

 

[Anak]

You bet, Berton, I believe we'll get this one figured out......

 

[UsernameIssues]

The main server, which is the one I'm trying to access, is running Windows XP Professional Version 2002 SP3.

Please see option 5 in this tutorial:
http://www.sevenforums.com/tutorials/238737-user-account-reset-password-windows-7-a.html

I carry this free tool around with me. I've used it on XP. I only use it to remove the existing admin password. The tool will not work if the entire OS hard drive has been encrypted since the tool will not be able to get to the OS files to work on the passwords.

As far as encrypted user files go: yes, removing (or changing) the admin (or any other account) password should render encrypted files useless. That is as it should be.


Perhaps someone in this thread knows how to boot to a Live CD and search for encrypted user files that way. If a Live CD cannot mount the Windows OS hard drive, then perhaps the entire drive is encrypted.