First, of course as long as there is physical access, there is always a way to get at the data. It may be difficult if encrypted etc but there is always a possibility. So for that reason that article was not a big thing, but nice to know anyway.
So. This is how Recovery Console works: (goes for XP and 2k)
When it starts, it tries to find your windows system.If it finds several (on different partitions for instance), you are promped to which one to log into.
Then it tries to read the relevant registry files for the installation. This is the sam file for user accounts/password, and at least the software hive, which is where it's settings are stored, the settings in the security policy that tells if it should prompt for admin password and also if it should allow full access to the drive and floppies etc. More on that later. It also need the system hive to make use of the commands which allow changing the list of services to start at boot.
But.. here's the point:
If it can't read the registry (especially the sam file) because it's either corrupt or not there, it will simply go right ahead, since it can't verify any password. This is probably by design.
Now, MS changed the registry file format between 2k and XP! Just a little, in XP they use "real" hashes for the key lookup tables, instead of just the first 4 letters of the name as in 2k. (it took me some time to find out this when making support for XP on the ntpasswd tool) Thus.. 2k recovery console (and 2k istelf for that matter) CANNOT READ THE XP REGISTRY at all! And it then falls back to no-password mode. You also cannot change service start parameters with 2k console on XP because of it being unable to read the registry, but NTFS is apparently compatible enough so you can read the files off the disk.
MS has always had inadequate(sp?) recovery options in their OS, "reinstall" is the usual answer when things won't boot properly. I think the recovery console is pretty OK, not quite there yet, but it's better than nothing (like in NT4). And, yes, IMHO, using the physical access explanation when people pester them about getting to much access on the recovery tools is quite appropriate.
Slashdot Mirror
First, of course as long as there is physical access, there is always a way to get at the data. It may be difficult if encrypted etc but there is always a possibility. So for that reason that article was not a big thing, but nice to know anyway.
So. This is how Recovery Console works:
(goes for XP and 2k)
When it starts, it tries to find your windows system.If it finds several (on different partitions for instance), you are promped to which one to log into.
Then it tries to read the relevant registry files for the installation. This is the sam file for user accounts/password, and at least the software hive, which is where it's settings are stored, the settings in the security policy that tells if it should prompt for admin password and also if it should allow full access to the drive and floppies etc. More on that later.
It also need the system hive to make use of the commands which allow changing the list of services to start at boot.
But.. here's the point:
If it can't read the registry (especially the sam file) because it's either corrupt or not there, it will simply go right ahead, since it can't verify any password. This is probably by design.
Now, MS changed the registry file format between 2k and XP! Just a little, in XP they use "real" hashes for the key lookup tables, instead of just the first 4 letters of the name as in 2k.
(it took me some time to find out this when making support for XP on the ntpasswd tool)
Thus.. 2k recovery console (and 2k istelf for that matter) CANNOT READ THE XP REGISTRY at all! And it then falls back to no-password mode. You also cannot change service start parameters with 2k console on XP because of it being unable to read the registry, but NTFS is apparently compatible enough so you can read the files off the disk.
MS has always had inadequate(sp?) recovery options in their OS, "reinstall" is the usual answer when things won't boot properly. I think the recovery console is pretty OK, not quite there yet, but it's better than nothing (like in NT4).
And, yes, IMHO, using the physical access explanation when people pester them about getting to much access on the recovery tools is quite appropriate.