Password question

  • Thread starter Thread starter Chris Hall
  • Start date Start date
C

Chris Hall

We have an employee that is no longer with the company. He deleted the local
administrator account and his pc is not joined to the domain. He also has
two Word docs that are password protected. I need to be able to access his
computer and these documents. Any suggestions? Tools/utilities?
 
The only way he could have deleted the Admin account would have been to
be logged on as an Administrator. In other words there is still an
administrator account on the machine. Try this:

http://home.eunet.no/~pnordahl/ntpasswd/

As for the Word docs try asking in the Office group or search the net
for password crackers for Word docs. These ones might be hard to crack.
You can also slave the drive in another machine if you just want to
retrieve files then wipe the drive and reinstall the operating system.

Now, I don't want to lecture you, and I know that the user might have
had a valid reason to be an Administrator or that he could have used a
password utility to gain access to the Administrator account. But if
none of these apply you will have to review the security measures in
your organization. NO users should have Administrator privileges unless
absolutely necessary!

John
 
Thanks, John. I had found the link you referred to, but had no luck. I'm
going to try one more time...I coulda done something wrong. After that, I'll
probably go with a commercial solution. The user that is no longer with us
was the IT Manager. I'll check the office group as you suggested...
 
Other things to do or try:

Do a parallel installation of Windows 2000 or install to a different
drive/partition on the machine. That will allow you to retrieve the files.

From reading your posts I take it that the former employee left on not
very good terms, or that he had a grudge. If the employee left on
reasonably good terms and if you can contact him try to persuade him to
give you the passwords. If he left on bad terms and if you know how to
contact him, a letter from an attorney explaining to him that he
willfully damaged company property and that you demand that he supply
these passwords or you will take legal action might be enough to
convince him to give up. The letter from the attorney shouldn't cost
more than $100. Taking legal action would cost a lot of money so it
would probably not be worth it unless these documents are deemed to be
worth more. But even if you don't intent to pursue it any farther the
$100 letter might yield the results you want.

Good luck,

John
 
Last I heard you can't delete the builtin admin ID, possibly you don't know the
ID name as he may have changed it. If you can establish an anonymous connection
to the machine over the network you can determine the admin IDs by looking at
the admin group or enumerating the builtin admin SID. The easiest way to do this
would be to

net user x: \\machinename\ipc$ /user:"" ""

lg \\machinename\administrators

You can get lg from my website (www.joeware.net)

The password protected Word docs can probably be accessed but it will require
you to purchase software to crack them.
 
Thanks Joe & John!

Ended up purchasing a couple pieces of software--ERD Commander and some word
cracking util. As it turned out, the word documents were nothing more than
dribble.

Merry Christmas,
C
 
You're welcome. Lol, curiosity gets the best of us all! Or most of us
anyway, all for naught in the end. ;-)

After Richard posted I said to myself duh! How could I forget my NT 101
so easily...

John
 
Back
Top