Alexleonardme acquired a used PC but doesn't have an administrator password. He asked the forum for help.There are a number of ways to gain access to a password-protected administrator account.
I'll offer two.The first one is quick and easy, but only works in XP. If the used PC runs Vista or Windows 7, skip the next three paragraphs.XP contains a backdoor entrance to administrator control. The following will only work if the previous owner didn't know enough to close the backdoor.First, boot into Safe Mode: Start your PC, and press F5 before the Windows logo appears.
(It may take a few tries to get the timing right.) From the resulting Boot menu, select Safe Mode. When the logon screen appears, it will probably contain a user you've never seen before, Administrator, that does not have a password. Thus, you can enter Windows as an administrator-level user.Once inside Windows, you can use Control Panel's User Accounts applet to change the password on the other administrator account or create a new one for yourself.
And while you're there, you might also want to add a password to the Administrator account in order to close the backdoor. But that's probably the case.If you're using Vista or Windows 7, or if someone closed that backdoor already, you can remove the administrator password with Ubuntu Linux.
This gets a little complicated, so follow it closely.If you don't already have a live Ubuntu Linux CD, download the. Double-click the just-downloaded.iso file. Windows might start a program that burns your Ubuntu CD.
If it doesn't, download and install, then try again. Simply copying the.iso file to a CD won't work.The instructions below are based on Ubuntu version 10.04.1 LTS-the most current version as I write this.Once you've created the disc, boot off the CD. When asked, click the Try Ubuntu button.You'll first need to install the software: From the menus in the top-right corner of the screen, select System, Administration, Software Sources.In the resulting window, check the two options not yet checked: Community-maintained Open Source software (universe) and Softrware restricted by copyright or legal issues (multiverse). Click Close, then Reload.After the program is done processing, select System, Administration, and Synaptic Package Manager from the top-right corner menus.In the resulting window's Search field, enter chntpw. A program with that name should appear in the list of packages below.
Click it and select Mark for installation. Click the Apply toolbar icon. Click Apply, and wait until the installation is complete.Now mount your drive: From the top menus, select Places, then your internal hard drive or Windows partition.
When it's mounted, a File Browser window (much like Windows Explorer) will appear.By double-clicking the folder icons, go to the Windows drive's Windowssystem32config folder. Leave this window up.Now you can remove the password.From the top menus, select Applications, Accessories, Terminal. This brings up a black window similar to Windows' command line (or the DOS box for you old-timers).Arrange these two windows so that you can see the top section of the File Browser window behind the Terminal window.In the Terminal command line window, type cd /media/ (note the SPACE after cd) and the path to your config folder, using the folder names at the top as a guide.
I wish I could simply tell you to type 'cd /media/windows/system32/config', but unlike the Windows command line, Ubuntu's Terminal is case sensitive. Depending on what version of Windows you're trying to reclaim, it may be windows/system32 or Windows/System32, and Ubuntu won't see it if you get the case wrong.When it's typed, press ENTER.Now type sudo chntpw -u logon SAM, where logon is the logon name for the administrator account. For instance, if you're trying to take over my account, you'd enter sudo chntpw -u Lincoln SAM. Remember, everything here is case sensitive, including the logon name.After you hit ENTER, a lot of text will scroll up very quickly.
If you entered the text correctly, the last section will begin '. User Edit Menu:'Now press 1 (the number, not lower-case L), then ENTER.At the resulting question, press y.When the program is done, click the power button logo in the upper-right corner and reboot into Windows. The account in question will no longer require a password.Read the original.Add your comments to this article below. If you have other tech questions, email them to me at, or post them to a community of helpful folks on the.
AFAIK COMPATLAYER=RUNASINVOKER does not give admin rights it just prevents the UA prompt. It will not let you install for instance drivers.My guess; steam etc is installed in the user directory or another place (not in 'program files') that does not need admin rights to write to. Not much that can be done about that, unless you want to restrict the user for only allowing him/her to run certain apps, that can be done with policies or reg editsYou can install anything anywhere with this.bat file. Seems pretty sloppy to me; there's no way you can do that on a secured Mac, for instance. You can install anything anywhere with this.bat file. Seems pretty sloppy to me; there's no way you can do that on a secured Mac, for instance.You don't need the bat file for that, nor can you install drivers or AV programs for instance. Nor uninstall them.
(or anything installed in c:program files or similar)Run the installer for Chrome for instance as a normal user. It asks for admin rights, cancel it and it then asks to install in the user directory.Pretty much, only programs that don't need access to windows files/kernel space/drivers/etc can be installed.Look at it this way, now you don't have to go over to your family just to install whatever program they want. They can do it without causing damage to the OS.
At worse they damage the user profile.How is it difference then say anything from? You don't need the bat file for that, nor can you install drivers or AV programs for instance. Nor uninstall them. (or anything installed in c:program files or similar)Run the installer for Chrome for instance as a normal user. It asks for admin rights, cancel it and it then asks to install in the user directory.Pretty much, only programs that don't need access to windows files/kernel space/drivers/etc can be installed.Look at it this way, now you don't have to go over to your family just to install whatever program they want.
They can do it without causing damage to the OS. At worse they damage the user profile.How is it difference then say anything from?Oh, I was just curious.
The kid's perfectly capable of installing anything he needs. I just brought the Windows 10 licence.I just tried it though and you can install apps on the C: drive.
How do companies keep their Windows PCs clean? What if you don't want users to install things? There surely is a way to impede this, right? How do companies keep their Windows PCs clean? What if you don't want users to install things? There surely is a way to impede this, right?Yes, by setting policies mostly.
We used to set it that only apps we approved could run. Took a lot off effort tho, esp if new programs were needed that were a bit more complex. What harm does it really do if they install chrome or notepadd.A lot of paranoia really.
We used to restrict access to internet as well. For what purpose? So people don't surf the web under the boss his time? Good luck these days with everybody having a smart phone. For preventing viruses? Non admin users are pretty safe from that, and blocking access doesnt prevent infection either (found that out the 'hard' way).These days we just don't bother. As long as users are not admins they cannot harm the machine.
It is not allowed to install software off course so if needed we can point that out to users and in a worse case their manager.As said, they can't install stuff that is harmful to the pc, nor remove programs or disable services for that matter.And really, if they want to do something illegal (or something that can harm the company) restricting them is not going to stop them, esp with 'bring your own device' mantra becoming a bigger thing slowly. Code: cmd /min /C 'set COMPATLAYER=RUNASINVOKER && start ' '%1'He drags whatever.exe that requires admin rights and this basically circumvents authentication.I had no idea it was so easy to bypass security. How does one impede others from installing unwanted software on e.g.
Public computers or whatever? Not that I will ever make use of such functions, but I'm just curious.Here's what Microsoft has to say about that:Actually, RunAsInvoker is a secret, even lower UAC setting.What RunAsInvoker does is to ignore any elevation request in the application's manifest and treat the manifest as if it had saidwhich is the default behavior.
The program simply runs with the same privileges as the code that launched it. There is no attempt to elevate.This means that if you run the program from an elevated command prompt, then the program stays elevated.
If you run the program from a non-elevated command prompt, then the program stays non-elevated.Try it. Make sure RegEdit is not already running, then open a non-elevated command prompt and set COMPATLAYER=RunAsInvoker, and then run regedit from that command prompt. The resulting copy of RegEdit is running without administrator privileges. You can see this by trying to edit something in HKLM.While it's true that RunAsInvoker suppresses UAC prompts, that's true because RunAsInvoker doesn't perform any elevation. If you aren't performing any elevation, then naturally you don't need an elevation prompt.
If the resulting process is elevated, then it means that the calling process was already elevated. You were already on the other side of the airtight hatchway.So no elevation done here, although it's hard to restrict someone with physical access to the machine from getting there.
Now try uninstalling a program that is installed by an admin.Yes, by setting policies mostly. We used to set it that only apps we approved could run. Took a lot off effort tho, esp if new programs were needed that were a bit more complex. What harm does it really do if they install chrome or notepadd.A lot of paranoia really. We used to restrict access to internet as well. For what purpose? So people don't surf the web under the boss his time?
Good luck these days with everybody having a smart phone. For preventing viruses? Non admin users are pretty safe from that, and blocking access doesnt prevent infection either (found that out the 'hard' way).These days we just don't bother. As long as users are not admins they cannot harm the machine.
It is not allowed to install software off course so if needed we can point that out to users and in a worse case their manager.As said, they can't install stuff that is harmful to the pc, nor remove programs or disable services for that matter.And really, if they want to do something illegal (or something that can harm the company) restricting them is not going to stop them, esp with 'bring your own device' mantra becoming a bigger thing slowly.You make very good points. It just doesn't make any sense that you can't easily impede regular users to do stuff like installing applications without spending a week on setting up policies. Well, it could be 'easily' done by blocking programs named install or setup etc. However, if it is only name based, renaming them circumvents it. Best would be hash based but you would need every installer hash to be known, and update for every new version.
Good luck with thatAnd sometimes you want users to be able to run (a) setup program(s). Some installed programs run a setup when the user starts it for the first time, or logon.To be honest, it has been a 'problem' since developers noticed you can install in c:documents and settings or c:users (mostly used I guess is appdata) and portable apps became a thing. Setting up rights on those directories could be a way to prevent it, and/or setting registry rights, even for HKCU.
But then you run into things like Virtual Appliances as well.But if you look at it, most programs don't even need to be installed anyway. (Look at WoW, just copy the game folder from one PC to another and it works).Blocking installers is just not going to stop people from running programs. Programs that don't work like that either copy DLL files to places they shouldn't in the first place or set up registry keys (WoW does as well but does not rely on those).The biggest problem really tho is programs with big license costs, but those, afaik, only allow to be installed in c:program files. The biggest problem really tho is programs with big license costs, but those, afaik, only allow to be installed in c:program files.You can install anything (except drivers and apps that actually require admin rights) in c:program files with invoker rights though.I would probably just set everyone up with admin rights and have the pc load up a fresh image every time it's turned on. This is what they used to do at the VU. It's funny that Mac manages to do things so easily where Windows struggles.
You can install anything (except drivers and apps that actually require admin rights) in c:program files with invoker rights though.That's something new then, users should not have write/modify rights on c:program files. Or something is wrong with the setup.Anyway, I don't think the OSX is safe here either. There is no difference in installing an app then running it, opposed to running portable apps or a Virtual Appliance. So being able to install something is pretty much a non issue these days. That's something new then, users should not have write/modify rights on c:program files. Or something is wrong with the setup.Anyway, I don't think the OSX is safe here either. There is no difference in installing an app then running it, opposed to running portable apps or a Virtual Appliance.
Bypass Admin Download
So being able to install something is pretty much a non issue these days.Well, I'm not an expert. I'm just the physician that calls IT whenever he can't get in his mailOn a more serious note; I like to fiddle around as a hobby, but have very shallow OS knowledge especially when it boils down to security or advanced administration. I don't get past gpedit.mscThanks for your insight mate!