[Dshield] Windows Startup Password?

Evans, TJ tjevans at kpmg.com
Thu May 9 17:01:49 GMT 2002


Possible workarounds:
	Use LinNT to get around it .. IIRC you can actually modifyt the
syskey setting with this :)
	Boot off of OS CD and install a second (and functional :)) instance?

Or you could contact terminated user and ask if he happens to have set a PW
and failed to mention it ... the details of his termination may not
facilitate tho'!.


Thanks!
TJ


-----Original Message-----
From: Powers, James L. [mailto:JLPowers at cmhmetro.net] 
Sent: Thursday, May 09, 2002 12:11 PM
To: 'list at dshield.org'
Subject: RE: [Dshield] Windows Startup Password?


Sound like it was SYSKEY'd at some time.

http://support.microsoft.com/default.aspx?scid=kb;EN-US;q143475

"Windows NT will prompt for the System Key password when the system is
in the initial startup sequence, but before the system is available for
users to logon. The System Key password is not stored anywhere on the
system. An MD5 digest of the password is used as the master key to
protect the password encryption key."

> -----Original Message-----
> From: Wayne Beckham [mailto:wbeckham at co.riverside.ca.us]
> Sent: Thursday, May 09, 2002 11:22 AM
> To: list at dshield.org
> Subject: [Dshield] Windows Startup Password?
> 
> 
> Has anyone run across this and, if so, have any suggestions?
> 
> After an employee was terminated a particular server was 
> found to sprout a "windows startup password."  This is before 
> reaching the UserId/Password and after Win2K loads.  The 
> operation appears similar to Blackboard Software's "WinLock" program.
> 
> None of the Network services load and the machine is not 
> accessible from the network.
> 
> The machine is an older box, but has critical data for a 
> particular department.  Normally, I'd grab the drives and 
> recover them in another PC, but this is a REALLY old machine 
> and we don't have spare servers laying around.
> 
> Any assistance at all would be greatly appreciated.
> 
> - Wayne
> 
> Wayne Beckham
> LAN Administrator
> Riverside County
> 
> _______________________________________________
> Dshield mailing list
> Dshield at dshield.org
> To change your subscription options (or unsubscribe), see: 
> http://www.dshield.org/mailman/listinfo/list
> 
*****************************************************************************
The information in this email is confidential and may be legally privileged.
It is intended solely for the addressee. Access to this email by anyone else
is unauthorized. 

If you are not the intended recipient, any disclosure, copying, distribution
or any action taken or omitted to be taken in reliance on it, is prohibited
and may be unlawful. When addressed to our clients any opinions or advice
contained in this email are subject to the terms and conditions expressed in
the governing KPMG client engagement letter.         
*****************************************************************************




More information about the list mailing list