[Dshield] Windows Startup Password?

Wayne Beckham wbeckham at co.riverside.ca.us
Fri May 10 15:30:20 GMT 2002


I'm trying to use the NTPassword disk and tool - I'm hoping that it's going to help me resurrect a server that's been syskey locked by a disgruntled former employee.  

Could I bother you with a question?

The server is an HP Netserver LC2.  When I boot with the Linux disk, everything appears to be running normally until I get to finding the hard drives.  The disk correctly identifies them as Adaptec SCSI (aic:7880: Ultra Single Channel A, SCSI Id=7, 16/255 SCBs), but then when it calls part.rc to select the partition, give this response:

Partitions found on the disks:
     Device Boot     Start     End     Blocks     Id     System
cdrom: open failed

Probable NT Partitions:
Home=/
PS1=#
PS2=>
TERM=linux
BOOT_IMAGE=vmlinuz
PATH=/bin
vga=1
ignoreeof=10
initrd=initrd.gz
IFS=
What partition contains your NT installation?
[]:_

And I don't know what to do next.  How do I answer the question it's asking?

Wayne Beckham

>>> JLPowers at cmhmetro.net 05/09/02 09:50 AM >>>

Sound like it was SYSKEY'd at some time.

http://support.microsoft.com/default.aspx?scid=kb;EN-US;q143475

"Windows NT will prompt for the System Key password when the system is
in the initial startup sequence, but before the system is available for
users to logon. The System Key password is not stored anywhere on the
system. An MD5 digest of the password is used as the master key to
protect the password encryption key."

> -----Original Message-----
> From: Wayne Beckham [mailto:wbeckham at co.riverside.ca.us]
> Sent: Thursday, May 09, 2002 11:22 AM
> To: list at dshield.org
> Subject: [Dshield] Windows Startup Password?
> 
> 
> Has anyone run across this and, if so, have any suggestions?
> 
> After an employee was terinated a particular server was 
> found to sprout a "windows startup password."  This is before 
> reaching the UserId/Password and after Win2K loads.  The 
> operation appears similar to Blackboard Software's "WinLock" program.
> 
> None of the Network services load and the machine is not 
> accessible from the network.
> 
> The machine is an older box, but has critical data for a 
> particular department.  Normally, I'd grab the drives and 
> recover them in another PC, but this is a REALLY old machine 
> and we don't have spare servers laying around.
> 
> Any assistance at all would be greatly appreciated.
> 
> - Wayne
> 
> Wayne Beckham
> LAN Administrator
> Riverside County
> 
> _______________________________________________
> Dshield mailing list
> Dshield at dshield.org
> To change your subscription options (or unsubscribe), see: 
> http://www.dshield.org/mailman/listinfo/list
> 




More information about the list mailing list