Implementing PC Security

Name
Score / / 10
Update Value

Implementing PC Security

150-151

Clearing Administrator Passwords

10 points

Overview

Users frequently forget their passwords. If the forgotten password is the only Administrator password on Windows computer, the computer is rendered useless. This lab will show you how to clear the Administrator password (or any other Windows user password) so that the operating system can be accessed. Note: this can also help recover computers when employees leave but forget to clear their password. Remember as a student of MSTC you are held accountable for the Core Abilities which includes Act with Integrity.

This lab is Windows 8 compatible.

Using a Password Clearing Tool

1.  First, ensure your main user name is designated as an administrator and that a password is assigned.

a.  Start and login to your virtual machine as you normally do.

b.  Select the Add or remove user accounts option from the Control Panel.

c.  Click on the icon for your account.

d.  If your account already has a password (Remove the password option appears), skip to step 2 below.

e.  If the Create a password option appears click it.

f.  Enter a password of your choice (I recommend password or student) and confirm it.

2.  We will use a program called Offline NT Password & Registry Editor (referred to as ONPE from now on). ONPE is used to create a boot CD. If you boot your computer with this CD in the drive, and your BIOS is configured correctly, your computer will boot from the CD instead of Windows (hard drive). Instead of creating a physical CD to test this program, we’ll use and virtual CD (ISO file) to run this lab. You can get a copy of ONPE and instructions from this site. Alternatively, you can get a copy from my website.
See the end of this lab for a list of other programs that can be used to clear passwords.

3.  I recommend you store the ISO file on your Desktop, but this is not required. Get a copy of the ONPE iso file from the website. If you downloaded ONPE from the website above (not mine), unzip the file you downloaded. The unzipped version should be a single, .iso file (name will probably vary as time goes on).

4.  This .iso file is the virtual CD you will be inserting into your virtual machine.

5.  Most VMware machines are not set up to boot from a CD, so the first thing we’ll have to do is configure the virtual machine BIOS to boot from a CD (a good skill to have regardless).
Tip: review ALL the steps (a-f) below before starting.

a.  If your virtual machine is running, turn it off.

b.  To access the BIOS of the virtual machine, we’ll first have to slow down the boot process so there’s enough time for us to press the magic, F2 key.
VMWare Fusion Instructions

¨  (On your host machine) Open a copy of Notepad

¨  Drag your virtual machine’s .vmx file into Notepad

¨  At the end of the file add: bios.bootDelay="3000"

¨  Save and close Notepad

¨  After you’re done with this lab, you can delete this line, so your virtual machine boots as quickly as possible again.

c.  Start your virtual machine

d.  As soon as the VMware logo appears, click in the virtual machine window to give it focus and then press the F2 key to access the BIOS.

If you fail or are too slow, Windows will start. After Windows is loaded, use the Start button to restart Windows. Wait for the logo and press Esc.

e.  The virtual machine BIOS window is a simplified version of the BIOS screen you might see on the host computer

¨  The BIOS does not respond to the mouse. Press the arrow keys to move around the BIOS window.

f.  Press the right arrow key until Boot is highlighted and press the Enter key.

g.  Press the down arrow to select the CD-ROM option

h.  Press the plus sign until the CD-ROM appears at the top of the list.

i.  Press F10 to save the BIOS changes and restart the virtual machine.

6.  Login to ensure the password works.

7.  Next, we’ll insert the virtual CD-ROM into the virtual machine.

a.  (In VMware) Select VM from the menu, Removable Devices, CD/DVD, Settings

b.  In the CD/DVD dialog box that appears, choose Use ISO image file.

c.  Click the Browse button and locate the ONPE iso file.

d.  Ensure the Connected check box is checked.

e.  Click OK

8.  Restart the virtual machine using the Windows Start menu.

9.  The virtual machine should boot using the CD (image). A DOS-like Linux menu and command prompt (boot:)will appear.
Note: because the virtual machine booted from the CD, the VM extensions are not available. Press Alt-Ctrl to release the mouse from the virtual machine and use it on your host.

10.  Press Enter to start the process.
Note: ONPE analyzes your computer and provides default options for prompts. In most cases the default options are appropriate and all you have to do is press Enter. Read the instructions below carefully.

11.  When the file decompression finishes, you’ll first have to select the partition Windows resides on. This is a confusing menu—there’s really no prompt. The menu is titled Candidate Windows partitions found but there are additional (confusing) menu items underneath. Select the partition (1 on my virtual machine) that has the large hard drive. The other partition is likely a VMWare component. If you haven’t done so already, press the appropriate number and press Enter

12.  As the screen says, be patient and wait for the next prompt. Press Enter to accept the default Registry location (system32/config)
If you see --More-- at the bottom of the screen, simply press Enter.

13.  Press Enter to select option 1 on the menu: Password reset

14.  Press Enter to select option 1 on the Loaded Hives menu: Edit user data and passwords.
If this option doesn’t appear, select the other partition and start step 12 again.

15.  A list of usernames appears. Enter the username whose password you wish to change.
CAUTION: Linux is case-sensitive

16.  Clear the password for the account by entering 1.
Note the other options available on this menu.

17.  Password cleared! should appear in the window.

18.  Enter “!” to quit

19.  Enter “q” to Quit using ONPE

20.  Enter “y” to save the password changes (write files back). Note if you just press Enter here, you’re designating No, and the changes are not saved.

21.  Press Enter to completely exit ONPE. Note, if needed, you can go back and remove other passwords.

22.  When ONPE ends, the prompt simply changes to #

23.  Now that ONPE has stopped, remove the CD or, if you’re using the ISO file, disconnect the ISO file (Alt-Ctrl, VM menu).

24.  Restart the virtual machine (VM menu, send Ctrl-Alt-Delete)

25.  If you only have one user account, you just cleared the password for that account, so Windows starts automatically. If you have more than one account, select the account you cleared the password for. Note you are no longer prompted for a password.

26.  Verify that you were actually able to log in and the password has been cleared. Select User Accounts in the Control Panel. Take a screen snapshot of the account icon that shows it is no longer password protected, cropping out all but the icon and its associated text.
Paste the screen snap below this line.

27.  Another way you can gain access to a locked computer is to enable the hidden Administrator account (the account’s name is actually Administrator). When enabled, this account has full rights to the computer.

28.  Use ONPE (insert the CD and reboot) to gain access to the Administrator account. Read the question below before going through the process so you’ll recognize the answer when you come upon it.
Which option would you use to enable the Administrator account? Click here to enter text.

Take a screenshot that shows your selection. Crop the snapshot appropriately.
Paste the screen snap below this line.

29.  Note, by default the Administrator account has no password. Complete the ONPE process, then login as the Administrator. Access Add or Remove User Accounts.
Take a screenshot that shows the Administrator account is available. Crop the snapshot appropriately.
Paste the screen snap below this line.

30.  In your virtual machine (User Accounts), RENAME the Administrator account to hiddenAdmin and add the password password.
Use ONPE to (attempt to) clear the Administrator password. Read the question below before going through the process so you’ll recognize the answer when you come upon it.
What do you see that is odd about this account in ONPE? Click here to enter text.
Take a screenshot showing the ONPE hiddenAdmin settings. Crop the snapshot appropriately.
Paste the screen snap below this line.

31.  Consider restoring your virtual machine a previous snapshot. This will remove the bios.BootDelay command and reset the machine’s BIOS to its original boot settings.

32.  Submit this document to your instructor.

(continued)

Other Password Removal Tools

EBCD: You can download this program from this location.

PC Login Now: www.pcloginnow.com and get tips on using the program from this site.

VMWare Fusion Instructions for booting from CD/DVD

1. Virtual Machine 8Settings (from VM menu)
2. Startup Disk
3. Set to CD/DVD
4. Continue with Step 7 above. No need to F2.