Win2000 forgotting the comprehensive solution when administrator password
I have already passed many times when I have forgotten the administrator password, some are what I found, some are sorted out according to the methods issued by netizens on the Internet.
The purpose of this post is to have a place to check in the future. Forget the administrator password what to do: o & o Software Forgot the administrator password how to do the second stroke: input method vulnerability Forget the third stroke of the administrator password: screen saver forgets the fourth stroke of the administrator password: start the script
Forgot the first thing for administrator passwords: O & O software uses O & O BlueCon2000 to change the Windows2000 local administrator password (no need to know the original password) Title: To change the Windows2000 local administrator password with O & O Bluecon2000 (no need to know the original password)
Content: O & O Bluecon 2000 is a tool software developed by Germans, which makes it easy to repair damaged
Windows NT / 2000 system, similar to the Windows 2000 recovery console, the only difference is that it does not need you to enter a password
It is possible to enter the system. The most common function of this tool may modify the local administrator's password. The steps to modify the local administrator password using the O & O Bluecon 2000 are as follows: 1. Production tool disc. (1) Production four windows2000 installation startup The disk, the production method is used to see the Winnt / 2000 important floppy disk production of this station. (2) Start the "O & O Bootwizard" of O & O Bluecon 2000 software, modify the installation floppy disk we have made (only modified
1st and 4th), a total of four steps. (3) First steps Select Boot Device Ask which way you use the boot system, it is FLOPPY (ie four installation floppy disk)
Or CD-ROM, we choose FLOPPY (4 Disk Required) here, press Next; (4) Step 2 SELECT OPTIONS Ask We create a Windows2000 installation boot disk, because we just created
Therefore, it is not selected, press the next step; (5) The third steps of Patch Disk 1 and Patch Disk 4 will prompt you to insert the first and 4th to modify the operation.
Press the screen prompt to complete the tool disc production. II. Modify the local administrator password The tool is the same as the tool for the modified administrator password I introduced earlier, and can only modify the local administrator password in the SAM. Use O & O Modify local management Before the password, let's introduce the command of O & O support, a total of 28, you can prompt in "A: />"
Use "?" Or "Help" command to view. This 28 commands are more important: Backup: Backup Registry Device: Displaying a hardware configuration of a single operating system EDLIN: a text editing tool passwd: Modify password command Reboot: Restart Machine Command Regedit: Edit Registry Command Service: Display / Start / Disable Service Command SCOPY or SCP: File Copy Command, you can copy the security property of the file User: Display a user VMAP: display the current volume Information The parameters of these commands are obtained by using the "command /?" Method. The specific modification of the local user is as follows: (1) Insert the first soft disk into the floppy drive, restart the machine, boot the system with floppy disk, press The screen prompt is inserted into these 4 plates, finished
Installation interface, finally, the system will prompt: O & O Bluecon 2000 V2.0 Build 256 - English Keyboard (C) 2000 O & O Software GmbH. Allright reserved. A: /> (2) Use the passwd command to modify the password of the SAM database account, The use of the Passwd command is as follows: passwd [] passwd command is optional, if you don't enter the password of the account, the password of the account will be emptied
(Not recommended). If you want to modify the password of the administrator to 123456, you can use: A: /> Passwd Administrator 123456 If you have multiple operating systems in your current system, the system will prompt you to Modify which operating system's administrator password. Similar prompts are as follows: please choose a system to logon 1. "Microsoft Windows 2000 Server" / FastDetect 2. "Microsoft Windows XP Professional" / FastDetect 3. "Microsoft Windows 2000 Recovery Core" / cmdcons Choose a suitable operating system to modify, we choose 1, that is, modify the administrator password for Windows2000 Server.
After a while, if the system prompts "Password Was Success,", it means that the password in the management is successful.
If your O & O software is not a complete version, it is just an unregistered version. The system will prompt the administrator's password to read only, and cannot be modified. (3) Remove the floppy disk from the floppy drive, restart the system, enter the directory recovery mode, We can use the new administrator password to enter
The system is _______________________________________________________________________________________________________________________________________________________
Forget the second trick for forgetting the administrator password: input method vulnerability
Topic: Use the input method vulnerability to establish an administrator account method to organize
Content: Input method vulnerability can be said to be the first fatal vulnerability after the Chinese Windows2000 is launched, and we can do a lot through it.
Including the establishment of users. I will put some online about how to build users through this vulnerability, and the administrator friends are required.
First, use the file type editor to create an administrator user boot to the login interface 1. Turn out the input method, all the metrics -> Help -> Operation Guide, Jump out the input method guide Help file 2. Right click "Option" button, select " Jump to URL "3. Add" C: / "to the URL, others can also. 4. The right side of the help will enter C: / 5. Press the" Option "button on the help. 6. Select" Internet " Option. The file type editing box will be started. 7. Create a file type, such as a You file type, add "You" in the skip file suffix. OK. 8. Select the "You" file type in the File Type box, click The following "Advanced Buttons" will appear file action dialog. 9. New file operation, operand, such as "PPP" 10. The command executed by this operation is as follows: c: /winnt/system32/cmd.exe / C Net User Aboutnt 123456 / Add & C: / WinNT / System32 /
After cmd.exe / c net localgroup administrators aboutNT / add is completed 11. Change the C: / file, such as "PPP.TXT", "PPP.txt.you", then double-click to open this file. 12. Usually this The file is not open, there is no prompt for a while, but we have added users AboutNT.
The permissions are administrators. 13. Return, re-log in with the AboutNT user. Second, use shortcuts to create administrator users 1-4 step with the first one. 5. Right-click on any file or folder in C: /, such as right-click the Winnt folder, create its shortcut: "Shortcut Winnt". 6. Right-click "Shortcut Winnt" file -> "Properties" -> "Shortcut" tag, modify the target to "C: / Winnt / System32 /
Net.exe User ABOUTNT 123456 / Add ", the starting position is modified to" C: / WinNT / System32 ". OK to exit." Quick
The icon of the WINNT file will turn it by a folder into a DOS window. 7. Right-click "Shortcut Winnt", run it, create "about" users 8. Repeat 6 steps, modify the target to "C: / Winnt /system32/net.exe localgroup administrators aboutnt / add ", the starting position is modified to" C: / WinNT / System32 ". OK to exit. 9. Right-click" Shortcut Winnt ", run it, join" AboutNT "users local administrators group 10. delete "shortcut WINNT" file, return to a user logs on to aboutnt can ___________________________________________________________ PS:. this vulnerability has been fixed in W2k SP2 forgotten how to do the administrator password third measure: Screensaver The program screen saver sometimes is very big, using it to restore the forgotten administrator password is an example. If you use the screen saver, everyone knows, usually (note, no absolute), if the system starts to log in Invitation box
After 15 minutes, Win2000 will start the screen saver logon.scr, located in C: / Winnt / System32, one
The win2000 flag will be full. I made a hand feet on this logon.scr, because logon.scr is an executable file, so I will first logon.scr
Changed to Logon.zqs, then copy the cost.exe under C: / Winnt to C: / WinNT / System32, renamed
Logon.scr, this step requires us to remove the hard drive to other machines, of course, there is other ways. Restart the machine, do not log in after the login dialog, wait 15 minutes, screen saver start, one resource manager
The target is positioned in C: / Next, the following operation is simple, and the method of using the input hole can be used. No more details.
Forget the fourth trick of the administrator password: Start the script This fourth method is the second, third method, which is the most feasible, maybe a hundred Chinese. :) Please look
The last application of startup scripts. Deeper Win2000 computer launch / shutdown script. Introduction Win2000 computer start / shutdown script (startup / shutdown scripts) is a new feature of Win2000. Startup
This is the batch file that invites the user before logging in, its function is similar to the automatic execution batch file in Win9x and DOS.
AutoExec.bat; shutdown script is a batch file running before the computer shutdown. Compared with the Win2000 user login / logout script (Logon / Logoff Scripts), the main difference between them is: computer
Start / shutdown scripts run when the computer is started and turned off, the script is only running once, usually in the startup script is completed.
Then, the invitation user login dialog is present; the user login / logout script will appear after the dialog box inviting the user login, the user
Run when logging in to the system or log out of the system, the number of runs is determined by the number of times the user logs in / logout, each login / logout system once,
The script is running once. II. I am assigned before the computer start / shutdown script must be assigned. Assign computer start / shutdown script needs to pass group policy MMC
(Management Console) The management unit is performed, and the specific operations are as follows: 1. Click "Start" menu -> "Run", enter "MMC" in the open box, open the Microsoft Management Console (Microsoft
Management Console, MMC). 2. Click Console Menu -> Add / Delete Administration ... ", click on the Add / Remove Management Unit dialog box
Add a Independent Management Unit. 3. Select "Group Policy" in the "Available Independent Management Unit" list of "Add Independent Management Unit" dialog box, press below
"Add" button. 4. When the system is asked which group policy object is used, if you want to assign a local computer, only in the local computer
Row start / shutdown script, select the default "local computer" group policy object; if you want to assign the Win2000 domain, start / shut down scripts performed on all computers in the domain, then click "Select Group Policy Object" conversation "Browse" in the box..
"Button, select the Group Policy Objects that can be applied to the entire domain in the Browse Group Policy dialog box, here" default domain
Policy "Time, it is the Win2000 domain default domain policy object 5. After the completion, close the dialog boxes back to the management console, and now there is a corresponding group policy object on the management console.
Tree 6. In the console tree pane on the left side of the management console, expand Group Policy Objects -> "Computer Configuration" -> "Windows
Set the "->" script (start / close) "node, double-click the" Start "or" Shutdown "item in the right detail pane.
The script used when the computer is started or turned off (Figure 3) (T3.GIF) (the setting party of the Win2000 computer starts and the shutdown script)
The same, the following operations are in the startup script as an example). 7. Double-click the "Start" item in the detail pane on the right, click the "Add" button in the "Start Properties" dialog box, add
A new computer startup script. 8. A startup script entry includes two aspects: script name and script parameters (Figure 4) (T4.gif). If the feet is not included
File path, such as the script file name in the figure is just "scripta.vbs", the system will launch the script path to the default computer
Look for this script file. The parameters of the script are optional, can be filld, and the actual situation is fixed, the boot script in the figure is used.
Run parameter "start". 9. The default path of the local computer script is usually "% systemroot% / system32 / grouppolicy / machine /
Scripts, such as "C: / Winnt / System32 / GroupPolicy / Machine / Scripts". Applying to a domain computer
The default path of the script is usually "/// sysvol // policies // machine / scripts", such as "// mydc1 / sysvol
/Mydom.com/policies/{ 31b2f340-016d-11d2-832f-00c04fb873f9 }/machine/scripts ".
Starting the script file stores in the "Startup" subfolder, the shutdown script file is stored in the "SHUTDOWN" subfolder. 10. We can repeat the "Add" button in the "Start Properties" dialog box as needed, for your computer Add multiple
Start the script (Figure 5) (T5.GIF). 11. After setting, save the group policy MMC management unit after saving. After the group policy is refreshed, these scripts will start and
turn off
Machine works. III. Deepen 1. We have saved the Win2000 hidden with the Win2000 in a hidden match with Scripts.ini.
In the file, this file is located in the "C: / WinNT / System32 / GroupPolicy / Machine / Scripts" directory, which can make
Edited by any file editing software such as Notepad. Scripts.ini file content usually contains two data segments: [startup] and [shutdown], [startup] data segment is enabled
The script configuration, the [shutdown] data segment is a shutdown script configuration. Each script entry is divided into feet and the script parameter two
Partial storage, the script name is saved under the XCMDline keyword, the parameters are saved under the XParameters keyword, where the x represents
The script serial number starting from 0 to distinguish between multiple scripts and flags of each script. The following is a simple
Scripts.ini file example: [Startup] 0cmdline = d: /start/ss.bat 0Parameters = 1cmdline = Scriptsa.vbs 1Parameters = start [shutdown] 0cmdline = shut.vbs 0Parameters = From the example we can see, total setup Two computers start scripts: ss.bat and scripta.vbs.ss.bat are located in the D: / Start directory, no parameters; Scriptsa.vbs is located in the default startup script directory C: / Winnt / System32
Under the grouppolicy / machine / scripts / startup, the parameter "start" is used. The order of execution of the two scripts is first
After executing SS.BAT, execute Scriptsa.vbs. Set a shutdown script shut. VBS, no parameters, the script is located
Default shutdown script directory C: / winnt / system32 / grouppolicy / machine / scripts / shutdown. 2. Start / shut down the operation of the script, contain whether it is synchronously run, whether it is displayed, the longest waiting time, etc.
It can be fine-tuning in group strategies. The specific operations are as follows: (1) - (5) Stepping 1-5 in the same way; (6) in the console tree pane on the left side of the management console , Select the Group Policy Object -> "Computer Configuration" -> "Management Template
"->" Login "node, the content displayed in the right detail pane is related to the start / shutdown script (Figure 6) (T6.gif)
: Non-synchronous running start scripts, display the running status of the startup script, display the running status of the shutdown script, group policy script
The longest waiting time. (7) Non-synchronous running start script is default (not configured, the same below), the system should wait for each startup script to run
A startup script. If this policy is enabled, the system will not coordinate the running order of the startup script. The startup script can run at the same time. If this policy is deactivated, each startup script is to run after the last script is running. It is recommended not to be configured. The registry value corresponding to this policy is "HKEY_LOCAL_MACHINE / SOFTWARE / Microsoft / WINDOWS /
CurrentVersion / Policies / System / RunStartupscriptsync ", this is a REG_DWORD value, 0 means enabled,
1 Represents disabled. (8) Display the running status of the start / shutdown script In the default, the system does not display instructions in the startup script. If this policy is enabled, the system will display when the script is running.
Each directive, the instruction will appear in the command window, or display the interfacial interface. This feature is mainly designed for advanced users
If you deactivate or do not configure this policy, the instruction will not be displayed. It is recommended not to configure. For example, suppose you have a command in the startup script is "c: /winnt/explorer.exe c: / winnt", if Enabled
This policy allows the starting state of the startup script, then when the computer is started, the resource manager window will jump out, the desktop is opened, and the system logs in to the computer as the SYSTEM user, which is not very far-renowned. Input method vulnerability! It can be seen that the operation of opening the start / shutdown script is sometimes very dangerous. These two group strategic entries correspond to the registry value of "hkey_local_machine / Software / Microsoft / Windows
/ CurrentVersion / Policies / SYSTEM
/ Hidestartupscripts "and" HKEY_LOCAL_MACHINE / SOFTWARE / Microsoft / Windows / CurrentVersion
/ policies / system / hideshutdownscripts, all of which are REG_DWORD values, 0 indicates enabled, 1 indicates disabled. (9) The longest waiting time for Group Policy scripts limit the policy to complete the running login, start and close scripts required by Group Policy All time. If the specified time has exceeded
But the script has not been running, the system will stop scripting and record an error event. By default, the system allows mergers
The script set runs 600 seconds (10 minutes). To use this policy, type the number from 1 to 32000 in the second box to determine the time you want the system to wait for the script, the unit is second. To make the system Wait until the run script is, if you wait for a long time, type 0 (Figure 7) (T7.GIF)
But not suggesting, if your script is very poor, then the consequences will be unimaginable! If other system tasks must wait for script to complete, this interval is very critical. In the default,
After each startup script is completed, you can run the next one, you can also use the "Non-Synchronous Running Start Script" policy to wait until the system
After starting the script, the invitation to the dialog box is invited. The interval can delay the system and make the user inconvenient, if the interval is too
Short, the required task cannot complete the system will be too early, resulting in problems. The registry value corresponding to this group policy entry is "HKEY_LOCAL_MACHINE / SOFTWARE / Microsoft / Windows / CurrentVersion / Policies / System
/ Maxgposcriptwait ", is also a REG_DWORD value, its value indicates the time of waiting, the unit is second. IV. There are many uses of application computer start / shutdown scripts. The following is three more typical examples: 1. Computer startup and shutdown time audit (1) Write a script logtime.vbs that can record time, as follows: '================================ ================ Dim Argobj, STR, Strtmp set argobj = wscript.Arguments if argobj.count <1 Then Strtmp = "No parameter operation!" Else SELECT CASE Argobj.Item 0) Case "Startup" stratmp = "server started." Case "shutdown" stratmp = "server is turned off." Case Else strMp = "Unknown action! Parameters:" argobj.Item (0) end select end if set fso = createObject ("Scripting.filesystemObject") SET TMP = fso.opentextfile ("D: /Log/logtime.txt", 8, true) str = "[" CSTR (now ()) "]" strtmp chr ( 13) CHR (10) tmp.write str tmp.close set tmp = Nothing set fso = nothing '============================ ====================== This script has two parameters: startup and shutdown. When used as a startup script, use "startup" parameters; When the script is used, use the "shutdown" parameter. In addition, the FileSystemObject object is used in the script. Before using this script, make sure this object already exists on your computer. (2) Set the script to set the script in the previous method. Or shut down, this script will run and start the computer or shut down the time (actually time when this script is running, but the two should be different) recorded in a text file.
The child is "D: /Log / Logtime.txt", which can be changed as needed. 2. Delete some special shared in Win2000, due to computer management, user login, etc., the system will establish many special sharing, such as C $, D $, Admin $, IPC $, Netlogon, etc., but these shares are not all computers. Use "Computer Management" MMC or NET Share commands, etc., it is only a method of notification. They will reappear after the computer is restarted. For security, we sometimes want to completely delete these shares. Now remove this special sharing method, such as editing the registry, then provide a use Start the script to delete these special shared methods. (1) Write a batch file with a special sharing DELSHARE.BAT, the content is as follows: NET Share C $ / delete net Share D $ / delete net Share IPC $ / delete net Share Netlogon / delete (2) Set the script to start the script, restart your computer. OK, everything is clean. :) 3. Restore administrator password or new administrator account lost administrator password is very headache Things, but maybe it will encounter. In an emergency, how to restore administrator passwords and create a new administrator account, now there are many mature technologies, such as classic login screen saver, using O & O software Wait. In fact, use startup scripts is also a quite good choice. (1) If the faulty computer uses the FAT / FAT32 file system, then you can use the WIN98 boot disk. If you use the NTFS file system, you can use the hard disk on the fault computer. Remove to hill from the disk mode to other WIN2000 computers. The following operations are subject to the next case, assuming that the system partition (usually C :) currently in the new computer is partition E:. ( 2) Write a batch file admin.bat that can restore administrator passwords. The content only requires a "net user" command. As follows: Net user administrator 12345678 We assume that the current administrator is administrator, restore its password recovery To "12345678". Save the file admin.bat to "E: / WinNT / System32 / GroupPolicy / Machine / Scripts / Startup", that is, the original "C: / WinNT / System32 / GroupPolicy / Machine / Scripts /" ST "Under. (3) Write a start / shutdown script configuration file Scripts.ini, this file name is fixed, cannot be changed. The content is as follows: [startup] 0cmdline = admin.bat 0Parameters = Save file Scripts.ini to" E: / Winnt / System32 / GroupPolicy / Machine / Scripts "Under the" C: / WinNT / System32 / GroupPolicy / Machine / Scripts "of the faulty computer. (4) Restore the hard disk to the primary disk, pick up the original Computer, restart, wait launch script run. Startup script runs the password of the administrator Administrator is restored to "12345678". (5) If you want to create a new administrator account, the content of the admin.bat file can be modified to: Net User Admin 12345678 / Add Net localgroup Administrators Admin / Add This administrator account called "admin", password is "12345678". This method can not only restore the local administrator password on the standalone server, but also recover Win2000 domain. Sino-domain administrator password
