Renaming "SAM" didn't let me break into my Win2000 PC

From: Michel Merlin (michel.merlin@laposte.net)
Date: 02/10/03 

From: "Michel Merlin" <michel.merlin@laposte.net>
Date: Mon, 10 Feb 2003 07:05:35 +0100

I tried your fix (renaming "SAM"), but it didn't work in my
case.

To help find an actual fix, I report exactly hereafter what
happenned in my case, in chronological order:

A - The previous situation.
~~~~~~~~~~~~~~~~~
- In Jul 1999 I bought my Notebook ("SAGER", K6-3/350, 64 MB,
   6GB, ATI RAGE LT PRO);
- I transferred on it all my OS, programs and stuff (Windows 98
   Second Edition FR, WordPerfect, and ~50 other apps);
- Since then, this PC has worked about 24/7, just rebooting
   twice a day for commuting between my Home and Office LANs
   (using NetSwitcher);
- In Sep 2000 I upgraded it to Windows 2000 US from W98SE FR
   (this is why Windows is in "C:\WINDOWS", not in "C:\WINNT");
- I also upgraded RAM and HD (now 192MB, 12 GB) and installed
   Office 2K and Visual Studio 6 Enterprise, and plenty new
   apps;
- since I upgraded to W2K, my PC told me every 14 days:
   "your PWD will expire in ... days, will you change it now?";
- every time I accepted immediately to re-enter my PWD (without
   changing that PWD); Windows 2000 then said the PWD had been
  "changed successfully".
- That way, my User name (say "Ali Baba") and PWD (say "Sesame")
   always kept unchanged;
- That system, a Notebook, is never used by anyone else, and has
   no other User.

B - How W2K disabled my PWD
~~~~~~~~~~~~~~~~~~~~~~~
- While traveling (25 Jan-7 Feb, in Vietnam), I used it everyday
   (connecting to my children, saving photos), until in one of
   the flights my PC was mistakenly carried in baggage hold
   (instead of in cabin);
- When rebooting, the screen was dead, so I didn't try to use it
   any more for several days;
- Back in Paris, when I tried to reboot, here is what happenned:

1) The "Log On to Windows" window is inactive and greyed:

 _________________________________________________
| Log On to Windows
|_________________________________________________
| Windows Professional [etc.....]
|_________________________________________________
|
| User name: |Ali Baba_____________________|
| Password: |******______________________|
| |_| Log on using dial-up connection
| | OK | | Cancel | | Shut down... | | Options << |
|_________________________________________________

Notice that:
- in "User name" there is my actual User name;
- in "Password" there is the right number of "*" for my actual
   PWD

2) The active window is:
 ________________________________________________
| Logon Message
|________________________________________________
|
| / \ The system could not log you on. Make sure your
| /_!_\ User name and domain are correct, then type your
| password again. Letters in passwords must be
| using the correct case. Make sure that Caps Lock
| is not accidentally on.
| | OK |
|________________________________________________

3) When I click "OK", the "Log On to Windows" window becomes
active, I can then try to enter a password, but anything I try
brings me back to the same "Logon Message", be it my actual PWD
or a blank one or whatever.

C - Renaming "SAM" fails to fix the problem
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In C:\WINDOWS\SYSTEM32\CONFIG (that system came to Windows 2000
by upgrading from W98SE), I have not one, but two files named
"SAM":

    "SAM", 28,672 bytes
    "SAM.LOG", 1,024 bytes

I did rename the 1st one as "SAM.BAD", which changed nothing to
the problem.

 I then renamed the new "SAM" (20.0 KB) file into
"SAM1.BAD", and this time I also renamed "SAM.LOG" into
"SAM_LOG.BAD".

This also failed, exactly the same way as before, that I
reported exactly above to help find an actual fix:

Paris (France), Mon 10 Feb 2003 07:05:35 +0100

----- Parent Message -----
From: "James Raaymakers MCSE" <jamesraa@pacbell.net>
Newsgroup:
news://msnews.microsoft.com/microsoft.public.win2000.security
Message: news:01ef01c2cc74$79b5deb0$d2f82ecf@TK2MSFTNGXA09
Sent: Tue 4 Feb 2003 09:40:15 -0800
Subject: Simple Solution...How do I break into a Win2000 PC

Here is a simple solution...

Remove the hard drive from the computer. Slave it on another
Windows 2000 or NT computer. Browse to the
C:\WINNT\SYSTEM32\CONFIG and rename the SAM file located there.
Rename it, do not delete it. Return the hard drive back to
original computer. Start it up. Windows 2000 will generate a new
SAM file resetting the administrators password to null. This
also removes any user accounts that were created locally on the
machine. This is normally not an issue in a Domain environment
and there are no local accounts setup accept the ones built in
which will not be effected by this proceedure. Only user
accounts and groups that were created. But it is alot simpler
than a rebuild.
Hope this helps.

-----Parent Message-----

From: "Stacey" <sbrown@truwest.org>
Newsgroup:
news://msnews.microsoft.com/microsoft.public.win2000.security
Message: news:042401c2cc67$9d673640$8ef82ecf@TK2MSFTNGXA04
Sent: Tue 4 Feb 2003 08:08:11 -0800
Subject: How do I break into a Win2000 PC

Good morning all.

We have a user who moved over to our area. She had come from
another network. I checked to see if the PC had our local admin
account in Groups/Administrators, it appeared there. Dummy me
didn't re-enter the password taking it on faith that it was our
normal admin password. SO... I took it off the users old domain
and put it into a workgroup. Upon trying to login w/our local
admin password it did not work. Now, no password will work and I
cannot get into the PC. Of course, this user needs what is on
that hard drive, which is why we were going to add it to our
domain.

If anyone knows of a way I can get in thru a back door I would
be most appreciative.

Thank you,
Stacey

Relevant Pages

  • taskmgr.exe
    ... I need to delete taskmgr.exe from Windows XP to prevent ... users from running taskmanager. ... I will rename taskmgr.exe ... had the fix. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Terminating Application
    ... In one of the greater disasters I was involved in, and had to fix at great expense, ... Windows by changing it to ExitWindowswhich exited ... The disasters you describe ensued. ... went back to my client and we ditched the product. ...
    (microsoft.public.vc.mfc)
  • Re: Error Message when trying to open Word 2000
    ... "John B." ... - I am using Windows ME so I do not have Compatibility ... :>However if you want to rename the old key back then I ... :>add-ins, Normal.dot, Registry, etc. ...
    (microsoft.public.word.application.errors)
  • Re: Windows wont start properly--get message in dos mode
    ... thred but I relly need help to fix my machine. ... Microsoft MVP [Windows] ... ethernet cable and phone cable from the modem. ...
    (microsoft.public.windowsxp.perform_maintain)
  • Re: Lost document When I Changed Its Name Please Help!
    ... those with a file extension associated with Word. ... > rename the document in Windows Explorer. ... >>to open it by double-clicking in an Exploring window. ...
    (microsoft.public.word.application.errors)
Loading