Offline NT Password & Registry Editor

  • Thread starter Thread starter Tomas
  • Start date Start date
T

Tomas

Hi!

One of my co-workers came to me with this little nifty
program, which can reset or change a password on a local
account within minutes.
My general wondering is, do Microsoft know about this, and
are they doing something about it?

If you want to check it out, here's the link to the page,
and form your own opinion.

http://home.eunet.no/~pnordahl/ntpasswd/

I think Microsoft should adress this pretty fast, since
this program makes it virtually pointless to use, and come
up with good passwords.

Regards
/Tomas
 
There is no security when a user has physcial access to the machine

Agreed. Microsoft explicitly mentions preventing physical access as a key
security action.
It cannot be used to reset a domain password.

I used it last week to recover from a lost domain administrator password.

Dajo
 
Hi/2

There is no security when a user has physcial access to the machine
(obviously less of a problem for servers and a huge problem for desktops /
laptops). Prevent user-access or boot access to the floppy drive and CD-ROM.

This utility also can only modify the password of a local account on that
machine - ie stored in the local SAM. It cannot be used to reset a domain
password.

but if run on the PDC - what is "local" then?
 
-----Original Message-----
There is no security when a user has physcial access to the machine
(obviously less of a problem for servers and a huge problem for desktops /
laptops). Prevent user-access or boot access to the floppy drive and CD-ROM.

This utility also can only modify the password of a local account on that
machine - ie stored in the local SAM. It cannot be used to reset a domain
password.

Other utilities such as l0phtcrack have been able to pull NT passwords from
the SAM for years.
I agree with your first point, but still, this program
writes a new password or clears it in no time at all.

With L0phtcrack you had to put some muscle into it, and if
you had nonstandard characters it would take some time.
This one just puts it all to a point where we might as
well give everyone full access to their PC's hence more
work for the poor technicians running around enough as it
is. And another thing is, you had to have some knowledge
of a NT system with L0phtcrack to get hold of the local
SAM. This program will sniff out multiple installations,
ask you what you want to do, and even have it all preset
to blank out the Administrator password.
Almost as easy as 1-2-3.
 
Right! You've changed the password of a domain account then.

No, if you use this on a Win2000 DC you change the password for the "local"
administrator used for directory services restore. This is not a domain
account.

Dajo
 
Also see number three. --- Steve

Ten Immutable Laws of Security

By Scott Culp October 2000
Microsoft Security Response Center

Law 1
If a bad guy can persuade you to run his program on your computer, it's
not your computer anymore.

Law 2
If a bad guy can alter the operating system on your computer, it's not
your computer anymore.

Law 3
If a bad guy has unrestricted physical access to your computer, it's
not your computer anymore.

Law 4
If you allow a bad guy to upload programs to your web site, it's not
your web site any more.

Law 5
Weak passwords trump strong security.

Law 6
A machine is only as secure as the administrator is trustworthy.

Law 7
Encrypted data is only as secure as the decryption key.

Law 8
An out of date virus scanner is only marginally better than no virus
scanner at all.

Law 9
Absolute anonymity isn't practical, in real life or on the web.

Law 10
Technology is not a panacea.


Steven L Umbach said:
I agree. Renaming the sam account has beed used for years - this is
nothing new. Even if the password could not be reset, a user with access
could install the hard drive into another computer or install a parallel
operating system to access files. Resetting a local user account does not
give access to domain resources in a properly configured network [no guest
access/blank passwords allowed]. There are other ways to secure data
including EFS file encryption. If disk has been scrubbed and all EFS private
keys [users and recovery agent] have been exported/deleted, then the data is
safe. --- Steve

Brendon Rogers said:
There is no security when a user has physcial access to the machine
(obviously less of a problem for servers and a huge problem for desktops /
laptops). Prevent user-access or boot access to the floppy drive and CD-ROM.

This utility also can only modify the password of a local account on that
machine - ie stored in the local SAM. It cannot be used to reset a domain
password.

Other utilities such as l0phtcrack have been able to pull NT passwords from
the SAM for years.
 
Did you run this on a PC or on DC?

Dajo Rybski said:
Agreed. Microsoft explicitly mentions preventing physical access as a key
security action.


I used it last week to recover from a lost domain administrator password.

Dajo
 
Me was writing _PDC_, not PDC-Emulator nor DC...

No, if you use this on a Win2000 DC you change the password for the "local"
administrator used for directory services restore. This is not a domain
account.

Dajo
 
Who is this, JarJar Binks? :-)

Harald said:
Me was writing _PDC_, not PDC-Emulator nor DC...

Right! You've changed the password of a domain account then.

No, if you use this on a Win2000 DC you change the password for the
"local" administrator used for directory services restore. This is
not a domain account.

Dajo


Harald Bilke said:
Hi/2

On Wed, 23 Jul 2003 08:38:16 -0400, "Lanwench [MVP - Exchange]"

There's no local SAM on a DC.

Right! You've changed the password of a domain account then.


Harald Bilke wrote:
Hi/2

On Wed, 23 Jul 2003 07:26:44 -0400, "Brendon Rogers"

There is no security when a user has physcial access to the
machine (obviously less of a problem for servers and a huge
problem for desktops / laptops). Prevent user-access or boot
access to the floppy drive and CD-ROM.

This utility also can only modify the password of a local
account on that machine - ie stored in the local SAM. It cannot
be used to reset a domain password.

but if run on the PDC - what is "local" then?



Other utilities such as l0phtcrack have been able to pull NT
passwords from the SAM for years.

Hi!

One of my co-workers came to me with this little nifty
program, which can reset or change a password on a local
account within minutes.
My general wondering is, do Microsoft know about this, and
are they doing something about it?

If you want to check it out, here's the link to the page,
and form your own opinion.

http://home.eunet.no/~pnordahl/ntpasswd/

I think Microsoft should adress this pretty fast, since
this program makes it virtually pointless to use, and come
up with good passwords.

Regards
/Tomas
 
Back
Top