The Local Policy of this system does not permit you to log on interactively

[DanMahony]

I have a standalone Notebook that has been submitted for repair, where the user is no longer able to log on.

Regardless of whether we are in normal or safe mode, or whether we use the Administrator or regular user login, we always get a message suggesting that the password is wrong, and ultimately advising "The local policy of this system does not permit you to log on interactively".

As a result, we are locked out, and cannot get into windows to edit any settings to correct this.

We have used Unix/Linux Based Boot Disks that enable us to blank or change the passwords, and enable disabled user accounts, but this does not correct what appears to be the result of someone having hacked into the system and changed login policies.

Is there a unix/linux utility that allows us to edit the login settings, and if so, what do we have to edit ?. Is it a particular registry key, or some other file.

This unit does not belong to a network or domain, but does have a broadbang connection via a wireless ADSL Modem.

Would wlecome any expet advise.

Dan Mahony,

 

[LiLithTecH]

Did you try renaming the SAM file?
Windows \ System32 \ Config

You lose all the accounts settings and will have to import mail to new account
but it should allow access.

 

[corkyg]

If that fails, take it back to whoever repaired it and demand that they make it right. Sounds like a tech's setting that did not get removed.

 

[DanMahony]

Thanks LiLithTecH, the main problem I have is that we cannot access the system to edit anything. We are virtually locked out as none of the login accounts have the ability to log in.

Is there a way I can boot from a CD and have access via a dos like command line, or some otherway I can rename this file, or better still, is it possible to edit the SAM file to correct the setting that is causing this.

regards, and thanks for your interest and input.

Dan Mahony:

 

[DanMahony]

Thanks corkyg, This system was running fine for some months without problems, and suddenly one morning would not let them log on.

It is not the result of any repairer, as it has never been to a repairer since new. and the client is the only one who has worked on it.

We suspect that it has been hacked into as the ADSL Modem the client uses does not have a firewall, and they are dependent on Windows XP Firewall, which may have been breached.

Thanks for your input, if you know how and what to edit from a boot disk or cd, let us know.

Regards

Dan Mahony

 

[gaidin123]

Yes you can use Bart's bootcd or some other utilities to boot into an alternate environment and null out the administrator password. The problem may be, even if you know the password, the machine has been so messed up that none of the accounts can logon.

You should be able to boot up of this CD and at least be able to copy/delete/do whatever you want to his filesystem. Editing the SAM file can be an unsafe thing to do. We've found that nulling out the password is safer than changing it from this method...

Get more info on pebuilder/bart's boot cd here
http://www.nu2.nu/pebuilder/
This guy puts out an a couple of add on packages to the boot cd here:
http://www.ubcd4win.com/
Basically he adds a lot of useful drivers and free/shareware tools to the normal boot CD. No windows tech should ever be without this.

Gaidin

 

[DanMahony]

Thanks gaidin123,

I have taken some earlier advice and renamed the SAM file, but it won't even reach the login screen now, I can rename the original back to sam again, but I may try copying in a SAM file from a known good system, and seeing what happens then,

I appreciate your advise about the bootcd and associated tools, and am currently downloading such.

Thanks for your input

regards

Dan Mahony

 

[IamDavid]

Any chance you just installed a peice of Norton software.. I had this same problm happen.. It came from Norton Ghost Corprate..

 

[rbrandon]

Sounds to me like someone screwed with your local security policy, namely the log on locally setting.. A repair installation will reset this.

 

[ProviaFan]

Originally posted by: rbrandon
Sounds to me like someone screwed with your local security policy, namely the log on locally setting.. A repair installation will reset this.

But the bigger issue is that if the system has been hacked, you don't know what all has changed. Once you restore the system so that you can log in again, it would be a Very Good Idea to back up all non-executable data and do a complete reformat and fresh install.

 

[nweaver]

you might try a remote desktop session.

also, booting from the XP CD and going to recovery console (requires admin password) gives you a CLI.

 

[DanMahony]

We have tried everything that has been suggested to date, but still havent cracked this one.

Upon removing the SAM File, the system will not complete the boot process t the log on screen, I have tried replacing the SAM file wth one from my own notebook, which is a different brand, but on attempting to boot either in normal or safe mode, it advises that the security system has been unable to resolve some hardware issue.

I will get the SAM file from an identical computer and try that this morning.e is a hardware.

It appears that a valid SAM file with local login set correctly is essential, so accordingly, the solution would appear to rely on a means of editing the existing SAM file to reset the user accounts local logon rights settings.

We have tried a repair install, but with no change. Is there a point in the repair process that we can reset these settings that we may have missed.

Alternatively, can any of the modules that would be used within windows to edit these settings be run from the windows repair DOS Like command line prompt, or are there any third party security setting programs available that can be used to edit the settings from a command line prompt.

Any further advise would be appreciated,

Regards and thanks to all for you input.

Dan Mahony.

 

[sykopath79]

The SAM file is one of the five Registry hives. DO NOT copy one from another computer, because it WILL NOT work.

Since it is Windows XP, most likely System Restore is turned on, and there are backups of the Registry. Try looking inside the "C:\System Volume Information\Restore\" folder and look for folders named "RPxx" where xx is a number. Typically you want the last or next-to-last one of these, as that will be the most recent Restore point. You should then see the 5 files that comprise the Registry in there, albeit backup copies with different names (something like REGISTRY_MACHINE_SAM, I can't remember exactly at the moment).

What you want to do is first go into C:\windows\system32\config and find the five Registry hives: SAM, SECURITY, SOFTWARE, SYSTEM, and DEFAULT. Rename each of these files with a .BAK extension so that we have them backed up for later, just in case. Now, copy the five files from the System Restore folder you found earlier into the \system32\config (so you should be copying REGISTRY_MACHINE_SAM, REGISTRY_MACHINE_SECURITY, REGISTRY_MACHINE_SOFTWARE, REGISTRY_MACHINE_SYSTEM, and REGISTRY_MACHINE_.DEFAULT). Rename these files to match the correct names for the Registry hive files (remove the "REGISTRY_MACHINE_" from each file's name, and also remove the "." from the DEFAULT one).

Once you have done all that, reboot the machine and see if you can log on.

 

[KB]

This happened to my wifes Windows XP home machine. The only thing I could think of was that she neglected to activate Windows XP for a long time and maybe it locks you out. I would love to know how you fix it.

For me a repair installation did not even fix it. I had to install from scratch.

 

[dawks]

Originally posted by: ProviaFan

Originally posted by: rbrandon
Sounds to me like someone screwed with your local security policy, namely the log on locally setting.. A repair installation will reset this.

But the bigger issue is that if the system has been hacked, you don't know what all has changed. Once you restore the system so that you can log in again, it would be a Very Good Idea to back up all non-executable data and do a complete reformat and fresh install.

These two posts are the key. :thumbsup:
And as sykopath79 has stated, you cannot use a SAM from a different machine.. If you dont have the original, or it is corrupt beyond repair, you'll need to reinstall the OS as far as I know..