Re: XP account passwords change spontaniously

You could hard reboot the computer using the reboot button on the front of
the computer case, *** it down, or trying control-alt-delete and selecting
shutdown. When it restarts you should be back to normal logon mode. ---
Steve


"Carlotta" <Carlotta @discussions.microsoft.com> wrote in message
news:2B5EF48A-92D8-499E-9380-342CE1C61F47@xxxxxxxxxxxxxxxx
> New computer, only one user, set as administrator.
> I was downloading a large QuickBooks/Peachtree conversion program,
> computer went in hibernation while I was "away"
> Will not recognize my password to get back into system.
>
> I guess I'll have to call my brother ... again ... unless someone has a
> user-friendly idea on how a un-learned computer user can fix this.
> So far Microsoft Tech support hasn't come thru ...
> Thanks
>
>
>
>
> "Steven L Umbach" wrote:
>
>> It is very hard to say what is going on offhand. It sounds like someone
>> or
>> some process running as administrator/system is changing your passwords.
>> I
>> know you said that you scanned for malware and spyware but I would also
>> use
>> Process Explorer, TCPView, and Autoruns from SysInternals to take a
>> closer
>> look at what processes are running on your computer and scrutinize them
>> to
>> see if they all look legitimate or not. Process Explorer will show the
>> publisher of the executable that maps to a process which may help in
>> identifying processes and a process mapped to an executable without a
>> publisher name is always very suspect. Even the publisher name is not 100
>> percent proof of authenticity unless the publisher has been verified in
>> the
>> general page of the process properties due to the executable being
>> digitally
>> signed but I have yet to see a process trying to use a legitimate
>> publisher's name. While malware and spyware detection and removal tools
>> do
>> what they do well they can not detect a "hacked" computer where another
>> malicious user may have gained control at some point in time and maybe
>> installed a backdoor program that may also log keyboard activity and/or
>> installed some scripts.
>>
>> http://www.sysinternals.com/Utilities/ProcessExplorer.html --- Process
>> Explorer
>> http://www.sysinternals.com/Utilities/Autoruns.html --- Autoruns
>> http://www.sysinternals.com/Utilities/TcpView.html --- TcpView
>>
>> Another thing you want to do is to enable auditing of account management
>> for
>> success and failure and logon events for success and failure in Local
>> Security Policy of the XP Pro computer. Then you should see an event
>> recorded when password changes, the day/time, and by what user. If it
>> shows
>> system for user then it is not by a specific user but by the operating
>> system which could be a startup/shutdown script or a task scheduled by
>> the
>> AT command. Also look at the system and application logs for anything
>> that
>> may be suspicious. Autoruns will try and show where any process is being
>> started up by startup/logon and I believe will also try to show any
>> startup/shutdown scripts or Scheduled Tasks. You should manually check
>> for
>> the existence of ant Group Policy scripts, AT command tasks [type AT at
>> the
>> command prompt], and Scheduled Tasks and the history of Scheduled Tasks
>> by
>> looking in the log in advanced - view log for Control Panel/Scheduled
>> Tasks.
>> The link below shows where to check for Group Policy scripts assuming the
>> computer only has local Group Policy applied to it. Use gpedit.msc to
>> open
>> local Group Policy. You can also use rsop.msc on the XP Pro computer to
>> see
>> effective Group Policy settings for computer and user.
>>
>> http://support.microsoft.com/kb/198642
>>
>> As far as your troubles in accessing shares then you need to make sure
>> that
>> the user accounts have the same password on both the client and server
>> computer [again assuming no AD domain and that the XP Pro computer has
>> simple file sharing disabled] and that the user has the proper
>> permissions
>> to the share. Keep in mind that XP Pro can use stored credentials so it
>> could be possible that a user that has changed their password is still
>> trying to access the share with stored credentials with the old password.
>> Again look in the security log of the server [computer with the share] to
>> see if a failed logon exists and the reason why and monitor for password
>> changes. Also I would be sure to change the administrator passwords on
>> all
>> your computers for any user in the local administrators group and disable
>> the administrator account in XP Pro which will only allow it to be logged
>> onto in Safe Mode. Be sure to use strong passwords. --- Steve
>>
>>
>> <sithlord70@xxxxxxxxx> wrote in message
>> news:1135888413.246400.124590@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
>> > To start off normally I do not turn off or restart my XP Pro machine.
>> > The other day I had restarted it for something and when I went to log
>> > into my user account which has admin rights it said my password was
>> > incorrect. I tried two other admin level accounts that were set up on
>> > the machine. One was the built-in Administrator account that actually
>> > has the same password set that my user account did and it to no longer
>> > accepts it either. Another account I had set also a member of
>> > Administrators also told me the password was incorrect. The only one
>> > that worked was my wife account that does not have a password set and
>> > is only a member of Users. But of course because of her limited rights,
>> > from her desktop I had no access to the User Account settings so her
>> > account was useless to reset anything. Basically I was locked out. I
>> > downloaded a program that runs off a floppy to reset passwords in the
>> > SAM file. I've used this before on customers machines and its always
>> > worked. When I tried to do it, it claimed that the password change had
>> > worked but when I rebooted the system and tried to get in again I had
>> > same issue. I wound up booting to a 2000 server CD and getting to the
>> > recovery console. For some reason if I boot using a 2000 server CD on a
>> > machine running XP it does not ask me for the Administrator password to
>> > get to the the C prompt. Thank God for that. Well anyway, I was then
>> > able to copy a backup copy of the SAM file that Windows stores in
>> > C:\Windows\Repair over to the System32/Config folder. After doing this
>> > I was able to log in and everything seemed to be fine. This was a about
>> > 2 weeks ago. Today I happen to reboot the machine again and the same
>> > thing happened. Of course I did the SAM file copy again and got back
>> > in. I keep thinking something or someone got into the network but I run
>> > all the machines behind a router/firewall and run MS Antispyware as
>> > well as Norton and both programs are up to date but found NOTHING. The
>> > other part to this is this and the other 2 machines I run, one running
>> > 2000 server and the other running XP Home all are being denied access
>> > to each other when trying to access shares I have set. They all have
>> > the same user accounts configured so they should be allowed. This
>> > problem is may be related to my SAM file issue on my XP Pro machine
>> > though those to machines have not had the SAM file issue at this point.
>> > But network rights seem to be affected all around. Any ideas before I
>> > have to resort to reformatting and reloading all the machines?
>> >
>> > Thanks in advance,
>> > Adam
>> >
>>
>>
>>


.