CHeck out this month's issue of 2600.
Boot win2k CD into recovery console. Then do chkdsk. Then go to \winnt\system32\config one of the files, probably system file is corrupt (zero size?) Copy a backup file, system.sav over it, then reboot.
http://ntpass.blaa.net/bd011022.zip
Shut down machine and insert floppy.
Next comes a list of all found partitions on all disks, followed by a list of what it thinks is NTFS partitions.
At the prompt to select a partition, the first bootable NTFS partition will be the default selection. (First bootable FAT if no NTFS found) You may however select another partition (also a FAT partition) by giving its full name (like/dev/hda1 , or/dev/sda1). SCSI: sdDP -> D=disk a b c d etc, P=parition number 1 2 3 4 etc. IDE: hdDP -> D=a or b (primary IDE), c or d (secondary IDE), P=partition number.
The partition will be mounted, and the type (NTFS or FAT) will be stated.
Then you must select the full path (relative to the partition) of the registry directory. This is usually 'winnt/system32/config', which is the default selection, but it will also automatically recognize windows installed in winnt35 or windows.
Then select files to copy to temp area in ramdisk. For password editing the default is 'sam' (essential, it's the password database), 'system' (contains some info on syskey), and 'security' (additional syskey info in Win2k). If syskey is not active, only 'sam' is changed when editing passwords. If you instead want to edit something in the registry, select the hive you want, 'system' is proper for services, hardware settings etc.
You can then select between:
Password editing (default selection)
Registry editing. (see regedit.txt)
Now it has everything it needs, so the 'chntpw' utility will be started, working on the files in/tmp. There:
Some nice statistics of the registry hive will be displayed.
All usernames in the file will be listed.
A check for SYSKEY is done, if it's found to be enabled (it is by default in Win2k RC-something and up) you will be asked if you wish to disable it. You do not have to disable it unless you have lost the key-floppy or passphrase. It seems pretty safe to disable it on NT4, but will cause trouble in Win2k (see main page or syskey.txt)
You will then be prompted for the user which you want to change the password of. (default selection is administrator, it recognizes admin-account with changed name or localized names, too) It will continue to prompt for a username until '!' is given. Re-list the users with '.'
Some information on the user will be shown (and still with some debug info) before the prompt for new password.
Enter the new password, max 14 chars (it will show on the screen). Or enter nothing to keep unchanged.
Then confirm the change (this is for the change to the file, which at this point is located as a temp file in the ramdisk, writeback comes later)
If the 'chntpw' utility succeeds, you will be prompted to confirm the writeback to the NT disk/filesystem. Only 'y' is accepted for it to commit the changes. (the commit is in 2 steps. First in the editor program, then in the bootfloppy scripts. Your harddisk will only be changed if the last one is confirmed)
After everything is complete, you will get the "# " shell prompt. You may then reset the computer (three-finger-salute).
To get AIM...get acess to a linux/unix shell account...or set one up yourself...on the outside and tunnel aim and whatever naughty http traffic you want to your nmci workstation.
http://www.samag.com/documents/s=1149/sam0106s/010 6s.htm
Slashdot Mirror
CHeck out this month's issue of 2600. Boot win2k CD into recovery console. Then do chkdsk. Then go to \winnt\system32\config one of the files, probably system file is corrupt (zero size?) Copy a backup file, system.sav over it, then reboot. http://ntpass.blaa.net/bd011022.zip Shut down machine and insert floppy. Next comes a list of all found partitions on all disks, followed by a list of what it thinks is NTFS partitions. At the prompt to select a partition, the first bootable NTFS partition will be the default selection. (First bootable FAT if no NTFS found) You may however select another partition (also a FAT partition) by giving its full name (like /dev/hda1 , or /dev/sda1). SCSI: sdDP -> D=disk a b c d etc, P=parition number 1 2 3 4 etc. IDE: hdDP -> D=a or b (primary IDE), c or d (secondary IDE), P=partition number.
The partition will be mounted, and the type (NTFS or FAT) will be stated.
Then you must select the full path (relative to the partition) of the registry directory. This is usually 'winnt/system32/config', which is the default selection, but it will also automatically recognize windows installed in winnt35 or windows.
Then select files to copy to temp area in ramdisk. For password editing the default is 'sam' (essential, it's the password database), 'system' (contains some info on syskey), and 'security' (additional syskey info in Win2k). If syskey is not active, only 'sam' is changed when editing passwords. If you instead want to edit something in the registry, select the hive you want, 'system' is proper for services, hardware settings etc.
You can then select between:
Password editing (default selection)
Registry editing. (see regedit.txt)
Now it has everything it needs, so the 'chntpw' utility will be started, working on the files in /tmp. There:
Some nice statistics of the registry hive will be displayed.
All usernames in the file will be listed.
A check for SYSKEY is done, if it's found to be enabled (it is by default in Win2k RC-something and up) you will be asked if you wish to disable it. You do not have to disable it unless you have lost the key-floppy or passphrase. It seems pretty safe to disable it on NT4, but will cause trouble in Win2k (see main page or syskey.txt)
You will then be prompted for the user which you want to change the password of. (default selection is administrator, it recognizes admin-account with changed name or localized names, too) It will continue to prompt for a username until '!' is given. Re-list the users with '.'
Some information on the user will be shown (and still with some debug info) before the prompt for new password.
Enter the new password, max 14 chars (it will show on the screen). Or enter nothing to keep unchanged.
Then confirm the change (this is for the change to the file, which at this point is located as a temp file in the ramdisk, writeback comes later)
If the 'chntpw' utility succeeds, you will be prompted to confirm the writeback to the NT disk/filesystem. Only 'y' is accepted for it to commit the changes. (the commit is in 2 steps. First in the editor program, then in the bootfloppy scripts. Your harddisk will only be changed if the last one is confirmed)
After everything is complete, you will get the "# " shell prompt. You may then reset the computer (three-finger-salute).
To get AIM...get acess to a linux/unix shell account...or set one up yourself...on the outside and tunnel aim and whatever naughty http traffic you want to your nmci workstation.
http://www.samag.com/documents/s=1149/sam0106s/010 6s.htm