Jump to content











Photo
- - - - -

Had a local administrator account password to reset, Easy2Boot saved the day . . .

easy2boot

  • Please log in to reply
8 replies to this topic

#1 Rootman

Rootman

    Frequent Member

  • Advanced user
  • 382 posts
  • Location:USA

Posted 21 February 2019 - 08:56 PM

First off, I'm not a shill for any software company. I ran across this software and it seems pretty decent. 

 

I had a laptop that someone brought back to me a few months after they left the company.  The dumb a$$ changed the administrator password on me, the laptop had long been removed from the domain and was setting around to be deployed.

 

I booted up my Easy2Boot USB stick and tried to use to use good old PassPass, but it doesn't work on Win 10 1809 64bit. My old copy of KonBoot also failed me.  So I farted around and finally used Easy2Boot with Win 10 PE to backup the sethc.exe file, copy the cmd.exe to sethc.exe on the laptops Windows\System32 folder, rebooted to the OS and stabbed the SHIFT key 5 times at the logon dialog.   The 5 shifts brings up the 'sticky keys' feature, only by swapping the file it brought up a cmd window instead of sticky keys.  I changed the password at the command prompt and Robert's your mother's brother. I had to boot back to PE to swap the correct sethc.exe file afterwards. 

 

I had not had a locked administrator account in a long time, times previous it was still on the domain, so I used my domain admin account to log on and change it, The sticky keys hack works but I really missed the simplicity of PassPass or KonBoot.  While hunting around and seeing what else was out there I came across a program called PCUnlocker.  I hesitated, but it was pretty reasonably priced, especially if you Google up a coupon for it. I got the Enterprise version for less than $30.  And it works great. Boot to it, select the account and click change password. 

 

I put the original ISO file on my Easy2Boot drive.  Then made a .imgPTN file and put it on it too, so I can use it for MBR/Legacy mode and EFI boot both. Supposed to work with server editions too. 



#2 steve6375

steve6375

    Platinum Member

  • Developer
  • 7566 posts
  • Location:UK
  • Interests:computers, programming (masm,vb6,C,vbs), photography,TV,films
  •  
    United Kingdom

Posted 21 February 2019 - 09:00 PM

What version of Win10 did you have? The latest version blocks the sethc.exe hack (at least it blocks the UtilMan hack, so I asssume it also blocks the sethc.exe hack too?).

 

Why not use the automated UtilMan/SetHC hack that is already in E2B :-)

http://www.easy2boot...-files/utilman/



#3 darren rose

darren rose

    Frequent Member

  • Advanced user
  • 455 posts
  • Location:Norwich, Norfolk
  •  
    United Kingdom

Posted 21 February 2019 - 10:27 PM

Another option would be to boot into PE and use one of the many tools for unlocking accounts and changing passwords such as NTPWEDIT or Windows Login Unlocker - both have worked for me numerous times. But was interesting reading your method, would never have thought of that



#4 Rootman

Rootman

    Frequent Member

  • Advanced user
  • 382 posts
  • Location:USA

Posted 22 February 2019 - 02:59 AM

We have Windows 10 Enterprise, this was 1709, I hadn't put 1809 on it.  I didn't know of the automated UtilMan/SetHC hack, I'll have to read up on it.  I used the tool I bought on an 1809 fresh install so I know it works there.  I am gradually upgrading all our PCs to 1809.

 

​I knew there was other stuff available, this util was just so brain dead simple and for $27 for an Enterprise edition it was just worth it.  

 

I've not used other tools in a while and I remember a few of them requiring a bit of messing around.  A few of them are blocked by our AV software as well, so at least getting them ON the PE disk takes some effort to avoid the AV seeing.  Some of them are on blocked sites for our corporate LAN too.  it. What really sold me on the above tool is that it says it can reactivate and expired AD account, which may come in handy. 

 

I've blown more money on bad food at a restaurant meal than this app costs, so I feel pretty good about. I'll get the company to pay for it anyway.  I love free stuff but sometimes it's just worth it to get something for a few bucks.

 

EDIT:  I just tried NTPWEDIT.  Works a treat, does largely what the program I bought does.  I will keep it on hand for use.  Free is always good :)



#5 darren rose

darren rose

    Frequent Member

  • Advanced user
  • 455 posts
  • Location:Norwich, Norfolk
  •  
    United Kingdom

Posted 22 February 2019 - 09:46 PM

Windows Login Unlocker is also worth a look - https://goo.gl/HqB1un



#6 erwan.l

erwan.l

    Platinum Member

  • Developer
  • 3041 posts
  • Location:Nantes - France
  •  
    France

Posted 23 February 2019 - 02:17 PM

NTPWEDIT is definitely my favorite tool for this purpose, by var.

Free and open source ...

For now it has never failed on me.

 

One thing to consider thus, most tools will reset/change the password.

Ok in most situations.

 

But sometimes, you may not what to change/reset the password for whatever reasons (good or bad).

If so, look at this post where you will change a few bytes on the SAM, log in, do your stuff, log out, restore these few bytes.

Incognito mode...



#7 Rootman

Rootman

    Frequent Member

  • Advanced user
  • 382 posts
  • Location:USA

Posted 25 February 2019 - 08:18 PM

But sometimes, you may not what to change/reset the password for whatever reasons (good or bad).

If so, look at this post where you will change a few bytes on the SAM, log in, do your stuff, log out, restore these few bytes.

Incognito mode...

 

Is that what KonBoot does?  I remember KonBoot was so good at doing that, quick in and out and nothing was changed. I used it a a few times to log on to a PC with a manufacturer supplied administrator password that we didn't know.  Log on to local admin without a password, either elevate the other regular users account to admin group or create a new account in the admin group. The unknown password stayed the same and the manufacturer was never the wiser.  Came in handy a lot of times.   

 

The tool I bought also claims to do it but it's didn't work. And neither did my old KonBoot, both failed on Windows 10 1809 64 bit. 



#8 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 16066 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 26 February 2019 - 08:39 AM

Is that what KonBoot does?  I remember KonBoot was so good at doing that, quick in and out and nothing was changed. I used it a a few times to log on to a PC with a manufacturer supplied administrator password that we didn't know.  Log on to local admin without a password, either elevate the other regular users account to admin group or create a new account in the admin group. The unknown password stayed the same and the manufacturer was never the wiser.  Came in handy a lot of times.   

 

The tool I bought also claims to do it but it's didn't work. And neither did my old KonBoot, both failed on Windows 10 1809 64 bit. 

No, AFAIK Konboot changes a few bytes in a "key" windows logon process file.

 

Just like PassPass does (but the difference is that in KonBoot the changes are made on-the-fly) all more or less derived by the by now historical approach by Damian Bakowski.

 

As well AFAIK PassPass would still work IF someone took the time to update the byte sequence for the given Windows version at hand (a "side effect" or rather "collateral damage" of stupid 64 bitness).

 

http://reboot.pro/to...s-the-password/

 

BTW it is also possible that after all these years the good MS guys patched this approach.

 

:duff:

Wonko



#9 alacran

alacran

    Platinum Member

  • .script developer
  • 2710 posts
  •  
    Mexico

Posted 26 February 2019 - 02:10 PM


 

BTW it is also possible that after all these years the good MS guys patched this approach.

 

:duff:

Wonko

 

I don't think, they have been very busy destroying Windows, but not those on Redmond offices, I mean all Windows OS's, with all and every new montly updates.







Also tagged with one or more of these keywords: easy2boot

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users