Wow i just did something stupid..

[MasterSamwise]

This was amazingly stupid.

I disabled the administrator account. And managed to delete the only other account set up with admin privleges on my windows xp install. Oops! Now wondering how to get my documents back .. I get an Access Denied (xp's file protection from other users acess)

Any ideas?

I don't think there was anything to vital.. there outta be something I can do .. Not that I really deserve it. I think that is up there in stupid along with deleting the registry.

MS

 

[Lord Evermore]

Recovery Console from booting to the XP CD should allow you to re-enable the account I think. You may need to look up exactly how to use it.

 

[HaroldW]

First off, try "last known good" configuration. There is a slight chance that it might take you back. I don't think the recovery console is going to help you, I "believe" the only time I used it it asked for the administrator password (definitely try it anyway.) Other things you can do to get data or access:

1. Set the drive up as a slave on another Windows 2000 or XP system. This should allow you to access the drive completely. Also, I've been told that if you get access to the drive on another system to: "Look for the file C:\WINNT\system32\config\SAM. Delete the SAM file. Your admin password will now be blank." It may also be enabled again. No matter what happens you could then access you data and copy it off to another drive as necessary. If the drive is formatted FAT32 you may be able to use a Windows 98 boot floppy and try the preceeding procedures.

2. Another alternative would be a fresh install of XP to another directory (other than the default directory or the one XP was originally installed in.) This would get you access to your data but would require a complete reinstall of XP and your programs.

 

[pitupepito2000]

Hey,

Here's what I would do. First burn a copy of knoppix. Knoppix is able to run an entire operating system from the cd without installing anything in your hard drive. Once you use this bootable cd, you can access all your windows File. It doesn't matter if they were Files from the administratror or a regular user. I have done it before. You can only read NTFS partitions with Knoppix, but you can read and write to FAT partitions.

I hope this helps,
pitupepito

If you need more help with knoppix, just post your problem in the forum.

 

[Lord Evermore]

Well, being able to ACCESS the data isn't the same as being able to re-enable the account. Disabling an account doesn't erase the password, so when he uses the Recovery Console and it asks for the admin password, it should still accept the existing password. Deleting the SAM might or might not re-enable the account, I don't know if it stores the disable/enable marker in that file. I would hope that the recovery console has the capability to enable an account or rebuild the admin account.

 

[stash]

Disabling an account doesn't erase the password, so when he uses the Recovery Console and it asks for the admin password, it should still accept the existing password

Perhaps, but I'm pretty sure that the Recovery Console will see the admin account as disabled as well. And even if it didnt, and you could log in, there are no commands in the RC for user account management.

 

[MasterSamwise]

What about mounting my NTFS partition under RH9?

Only prob is it's not supported by the basic kernel. I guess i'll give knoppix a shot... Tomorrow now it's time for bed.

Thanks

MS

 

[MasterSamwise]

Another possibility I think would be to do a repair install? Does that over write user dir (my docs)? That's all I really need I was gettin ready to format this partion anyway and was just backing up files.

Got my mp3's but none of my office docs = problem.

 

[Lord Evermore]

If you just want to delete the SAM file, you can use a Linux password recovery boot disk I think. Or if the Recovery Console does accept the admin password, then you can use that to delete it.

If the RC definitely doesn't have any ability to change a user account, well that's something I didn't know and was suggesting to try it because it might. Even if it sees the admin account disabled though, I'd expect it to still use the password for the admin account, because it's not actually logging into anything, it's just verifying you have the right to work with it.

I wonder why MS made it possible to disable built-in accounts in XP, when it isn't possible in 2k.

 

[stash]

Originally posted by: Lord Evermore
If the RC definitely doesn't have any ability to change a user account, well that's something I didn't know and was suggesting to try it because it might. Even if it sees the admin account disabled though, I'd expect it to still use the password for the admin account, because it's not actually logging into anything, it's just verifying you have the right to work with it.

You're missing my point. When you type a password to get into the RC, it's the same SAM file that it used when you log in normally. So if the account is disabled while you are in Windows, then nothing will have changed when you boot into the RC. The SAM will still show that account as disabled. So it *is* logging you into something, that something being the RC.

 

[Abzstrak]

if you didn't encrypt anything, why dont you just pull the harddrive and stick it in another system?

 

[Lord Evermore]

Sigh. I didn't miss any point. My point was that it might not CARE that the account is disabled, since you're NOT logging into the system, you're logging into the Recovery Console which is not Windows and you CAN'T have the admin account disabled in the RC, otherwise it wouldn't even work, so it may simply read the SAM to get the password and ignore everything else in it. We don't even know that the fact that the account is disabled is actually stored in the SAM in the first place.

Abzstrak: he could easily recover the files and format the hard drive, but reinstalling Windows is something that most people would like to avoid.

 

[MasterSamwise]

Yeah avoid if possible, although it only take a half hour to reload on my system... The programs. Reloading all of those.. ugh. I'll try pulling out the RC see if I can't find out for my self. I'll report back on my finiding so Lord Evermore can find truth in the RC Debate.

 

[MasterSamwise]

Debate is over.

RC will not let you log into an account that has been deactivated. "The password you have entered is not valid" is the error message you will recieve. So it seems as if it's time to do some windows reloading.

Grr... Cause myself trouble by trying to make my system more secure... geez maybe I should read the man pages .

It's more secure now.. Like an internet workstation at a truckdrivers restop.

LOL
MS

 

[stash]

Sigh. I didn't miss any point. My point was that it might not CARE that the account is disabled, since you're NOT logging into the system, you're logging into the Recovery Console which is not Windows and you CAN'T have the admin account disabled in the RC, otherwise it wouldn't even work, so it may simply read the SAM to get the password and ignore everything else in it. We don't even know that the fact that the account is disabled is actually stored in the SAM in the first place

The RC is Windows in the sense that you use the SAM file to log in. It is the same mechanism used when you log into the machine normally.

I don't understand why you don't think the RC is Windows. Once you are logged in, you see the same file structure, services, etc that you see when you log in normally. That's the whole point of having you log in. Otherwise, anyone could just pop a CD in and start the RC and start disabling services.

And yes, we did know for a fact (before MasterSamwise proved it) that ALL account information, including whether or not the account is disabled, is stored in the SAM.

 

[MasterSamwise]

Funny thread this. Oh well time to kill the HD.

ah heck my RH9 install is going to make this a little harder.. oh well.

 

[MasterSamwise]

Back up and running nothing hosed.. Thanks everyone. That was fun!

Back over to RH9 now. I'll have to reinstall the lilo bootloader not a problem though.

ms

 

[Lord Evermore]

The RC is limited to certain directories being viewable, and can't see any user files and has a limited command set. It's no more "logging in" to Windows than putting in a Linux boot disk with the password file being located on the hard drive is logging into Windows. It's booting into a separate basic OS, which happens to have the password file located on the hard drive which is also used by Windows. There is nothing that technically specifies that the RC must be able to tell whether the admin account is disabled, as long as the SAM still has the password for the account stored in it. IF disabling the account actually modifies the SAM to specify that it's disabled (which nobody has said for sure that it does) then the RC MIGHT also look at that while checking the password. It MIGHT also not look at that, it might only read the password for the account and nothing else, ignoring any limits on the account. Since it isn't Windows, it does not necessarily follow the same process to log in that Windows does.

 

[stash]

All account attributes, including whether the account is disabled, are stored in the SAM, on a workstation or stand-alone/member server. I suppose you could be right that maybe the RC doesn't look at all the account attributes, just the password. I don't really know.

But in anycase, MasterSamwise was not allowed into the RC. This means that either the RC does look to see if the account is disabled, or that the RC thinks that the SAM is corrupted.

 

[Lord Evermore]

Dang. I missed that post that he'd actually found the answer. :_)

 

[stash]