Old IBM Thinkpad that's admin protected

  • Thread starter Thread starter Michael Wilcox
  • Start date Start date
M

Michael Wilcox

I have an old, but working, IBM ThinkPad I got from a company that went
bankrupt. It runs Microsoft NT 4.0, has a modem, a working floppy drive, and
runs very well. The only problem is since it was a company's computer, it
has been protect with their passwords. I want access to some of the Control
Panels, including Modems and Printers. I can access the MS-DOS prompt, if
that helps. Can the passwords be removed?
 
Michael Wilcox said:
I have an old, but working, IBM ThinkPad I got from a company that went
bankrupt. It runs Microsoft NT 4.0, has a modem, a working floppy drive, and
runs very well. The only problem is since it was a company's computer, it
has been protect with their passwords. I want access to some of the Control
Panels, including Modems and Printers. I can access the MS-DOS prompt, if
that helps. Can the passwords be removed?
Click to expand...

The easiest way I can think of is to reinstall the operating system.
 
Rename c:\winnt\system32\config\sam to something else. You
can then log on as Administrator with a blank password.
 
You've gotta be kidding me about this, would this really work?
Rename c:\winnt\system32\config\sam to something else. You
can then log on as Administrator with a blank password.
Click to expand...
 
If you can gain physical access to a Windows machine then
you can gain access to its files. There are several ways of
achieving this, the SAM file being one of them.


Thomas Florkiewicz said:
You've gotta be kidding me about this, would this really work?
Click to expand...
 
Pegasus (MVP) said:
Rename c:\winnt\system32\config\sam to something else. You
can then log on as Administrator with a blank password.
Click to expand...
Even the Administrator cannot manipulate the SAM file.
The only way to do it is to make that particular installation inactive i.e.
boot from another instance of NT4.0 (its quite easy to install a second copy
of NT4.0 on the same partition) or by booting from Linux based floppies with
NTFS capability:
http://home.eunet.no/~pnordahl/ntpasswd/
http://home.eunet.no/~pnordahl/ntpasswd/bootdisk.html
 
Alien Zord said:
Even the Administrator cannot manipulate the SAM file.
The only way to do it is to make that particular installation inactive i.e.
boot from another instance of NT4.0 (its quite easy to install a second copy
of NT4.0 on the same partition) or by booting from Linux based floppies with
NTFS capability:
http://home.eunet.no/~pnordahl/ntpasswd/
http://home.eunet.no/~pnordahl/ntpasswd/bootdisk.html
Click to expand...

The OP said that he can access the machine with a
DOS prompt. I assume that he means "DOS" when
he says "DOS", i.e. that he can boot the machine
with a Win98 disk and that the WinNT is installed
on a FAT partition.

If this is correct then there is nothing to stop him
from renaming the SAM file.

On the other hand, if he meant "Command Prompt",
not DOS, then the SAM is locked and cannot be
manipulated. If so then he would need to use the
methods you propose. Alternatively he could install
his disk as a slave disk in some other WinNT
machine and rename the SAM from there.
 
taking another look at the OP, i think he means the DOS prompt, or the
command line from win nt. in this case, the second part of pegasus's
post would apply. try to access the hdd by putting it as slave in
another computer. if you only have a w98 machine to do this on, then use
a program such as readntfs or something like that to access the ntfs
partition.
 
Thomas Florkiewicz said:
taking another look at the OP, i think he means the DOS prompt, or the
command line from win nt. in this case, the second part of pegasus's
post would apply. try to access the hdd by putting it as slave in
another computer. if you only have a w98 machine to do this on, then use
a program such as readntfs or something like that to access the ntfs
partition.
Click to expand...

I'm afraid the part of your post that refers to Win98 is somewhat
misleading. With the tool "readntfs" you probably mean "ntfsdos.exe"
from www.sysinternals.com. The free version of this program will
give you read-only access to an ntfs partition under Win98. It is
therefore quite unsuitable for renaming SAM. The read/write version
could do it but is quite expensive.
 
Pegasus said:
If you can gain physical access to a Windows machine then
you can gain access to its files. There are several ways of
achieving this, the SAM file being one of them.
Click to expand...

LOL and they call that security?
 
stacey said:
LOL and they call that security?
Click to expand...

I don't know - how do non-windows operating systems fare in
this regard? If you don't know the su password, can you still
gain access to a Unix box?
 
Pegasus said:
I don't know - how do non-windows operating systems fare in
this regard? If you don't know the su password, can you still
gain access to a Unix box?
Click to expand...

Not without removing the drive from the box.
 
stacey said:
LOL and they call that security?
Click to expand...

I'm far from a Microsoft security apologist by any stretch, but you're
barking up the wrong tree using this statement to dig against
Redmond.

I'd challenge you to name a piece of hardware that, given physical
access to the device, you can't gain access to its contents.

Best Regards,
 
Pegasus \(MVP\) said:
I don't know - how do non-windows operating systems fare in
this regard? If you don't know the su password, can you still
gain access to a Unix box?
Click to expand...

Yout certainly can. Boot to single user mode, boot to a floppy disk
and use its drivers to access the filesystems...etc.
 
I have an old, but working, IBM ThinkPad I got from a company that went
bankrupt. It runs Microsoft NT 4.0, has a modem, a working floppy drive,
and runs very well. The only problem is since it was a company's computer,
it has been protect with their passwords. I want access to some of the
Control Panels, including Modems and Printers. I can access the MS-DOS
prompt, if that helps. Can the passwords be removed?
Click to expand...


See the chntpw project for changing NT/2k/XP passwords:

http://freshmeat.net/projects/chntpw/
http://home.eunet.no/~pnordahl/ntpasswd/

You can download a boot disk, which will boot linux and the utility
(completely self contained on the floppy). Skim thru any docs you can
find first, as there might be some gotchas with your particular
setup. But I have successfully used this utility on NT and 2k, for
several years here and there, and generally the older the easier so I bet
it will do the trick for you. If you you want to be safe then make a
backup image of your hard drive first. BTW if you don't have a floppy
drive you should be able to burn it to a bootable CD.


If you find your BIOS supervisor password is set on the thinkpad you will
not get off so easy. The lower level passwds can be reset easy enough,
but the super is not. There is "Joe" who publishes plans to build a
device, and some closed source software, which will extract the necessary
data from the thinkpad... but it encrypts it in a file that is useless
unless you send it to him with $ to crack. Not that it is a bad business
model for a service that is certainly useful. ;)

http://www.ja.axxs.net/unlock/


Anyhow, let us know what you do and how it worked out for you.


~Jeremy Salivar
____________________________________________________________________
Please remove your windows partition when replying by email
 
The former isn't prompted for you use your own boot floppy. The point
remains that if you have physical access to the machine, you're gonna get
where ya wanna go no matter what OS is on it.

The latter has nothing to do with any particular OS. Bios passwords are
more difficult to overcome if they are properly designed...but typically
can be bypassed too if you jumper to reset the bios...proving once again
that physical access can nearly always bypass any logical access controls
you put in front of an attacker.
Click to expand...

This is true for the most part.

Sure you could use encryption so that without a password it will be
impossible (or hard) to access anything on the drive.

Actually some thinkpads I believe allow you to encrypt the drive, so that
without the BIOS passwd it is unusable if you swap it into another PC.
The thinkpad BIOS supervisor passwd is tough itself...see my other post in
this thread.

~Jeremy

____________________________________________________________________
Please remove your windows partition when replying by email
 
Todd said:
Yout certainly can. Boot to single user mode, boot to a floppy disk
and use its drivers to access the filesystems...etc.
Click to expand...

Lilo password and bios password. Next?
 
Todd said:
I'm far from a Microsoft security apologist by any stretch, but you're
barking up the wrong tree using this statement to dig against
Redmond.
Click to expand...


I was under the impression from his post that anyone could just delete that
file from within windows and remove any password protection. Given many MS
machines are auto logged on as admin with no password (isn't that the
default?) security isn't it's strong point.
 
stacey said:
Lilo password and bios password. Next?
Click to expand...

The former isn't prompted for you use your own boot floppy. The point
remains that if you have physical access to the machine, you're gonna
get where ya wanna go no matter what OS is on it.

The latter has nothing to do with any particular OS. Bios passwords
are more difficult to overcome if they are properly designed...but
typically can be bypassed too if you jumper to reset the
bios...proving once again that physical access can nearly always
bypass any logical access controls you put in front of an attacker.
 
Back
Top