Sign in with
Sign up | Sign in
Your question

Administrator gets locked out

Last response: in Windows 2000/NT
Share
Anonymous
December 29, 2004 10:36:41 AM

Archived from groups: microsoft.public.win2000.security (More info?)

I have a Win2000 Pro machine that is allowing the administrator account to
be locked out. I thought that with Win2000, XP, 2003 the administrator
account couldn't be locked out. This comes from MS tech articles. The
user, I guess typed the password incorrect too many times and now we are
unable to login with the administrator account. There are only two accounts
on the system. Administrator and Guest.

How do I unlock or enable the administrator account? I don't mean I do I
recover a password, but how do I disable the account locked out flag that
must be set in the user?

Thanks.

More about : administrator locked

Anonymous
December 30, 2004 6:21:33 PM

Archived from groups: microsoft.public.win2000.security (More info?)

"Ed Gregory" <eg@hotmail.com> wrote in message
news:#PtdOMa7EHA.128@TK2MSFTNGP15.phx.gbl...
> I have a Win2000 Pro machine that is allowing the administrator account to
> be locked out. I thought that with Win2000, XP, 2003 the administrator
> account couldn't be locked out. This comes from MS tech articles. The
> user, I guess typed the password incorrect too many times and now we are
> unable to login with the administrator account. There are only two
accounts
> on the system. Administrator and Guest.

Well, most of us think that it cannot be locked.

Is it possible something CHANGED the password?

> How do I unlock or enable the administrator account? I don't mean I do I
> recover a password, but how do I disable the account locked out flag that
> must be set in the user?

You are basically stuck with trying to hack your own
SAM.

Googling the obvious (or someone will post a link)
will get you help on cracking your own SAM...

Something like (untested): [ "lost password" microsoft: ]

That last term "microsoft:" (with colon) is a Google keyword
for their special web-wide "Microsoft collection".

--
Herb Martin


>
> Thanks.
>
>
December 31, 2004 9:52:31 AM

Archived from groups: microsoft.public.win2000.security (More info?)

My understanding is that the built-in administrator account cannot be
locked out at the console, but can be made to follow lockout policies
for logon attempts over the network. Is this account in fact locked
out at the console?

What's the status of the guest account? It used to be recommended to
rename the administrator account for increase security (very little
benefit).

What's the access to the machine? Could the admin account have been
renamed to something different and a decoy non-admin account given the
name of administrator. In fact, can the guest account be renamed to
administrator (and administrator to guest). Check the status of the
guest account.

The SIDs will tell which is which.

Roger

"Ed Gregory" <eg@hotmail.com> wrote:

>I have a Win2000 Pro machine that is allowing the administrator account to
>be locked out. I thought that with Win2000, XP, 2003 the administrator
>account couldn't be locked out. This comes from MS tech articles. The
>user, I guess typed the password incorrect too many times and now we are
>unable to login with the administrator account. There are only two accounts
>on the system. Administrator and Guest.
>
>How do I unlock or enable the administrator account? I don't mean I do I
>recover a password, but how do I disable the account locked out flag that
>must be set in the user?
>
>Thanks.
>
Related resources
Anonymous
December 31, 2004 9:52:32 AM

Archived from groups: microsoft.public.win2000.security (More info?)

<somebody@compusmart.ab.ca> wrote in message
news:7qs9t09bg0sm91pc83q6bbid0e1b185t0k@4ax.com...
> My understanding is that the built-in administrator account cannot be
> locked out at the console, but can be made to follow lockout policies
> for logon attempts over the network. Is this account in fact locked
> out at the console?

Perhaps he meant network.

It makes no sense (even) to allow lockout from the
console since this could be a denial of service attack
against the admin with no supported way to reset it.


--
Herb Martin


>
> What's the status of the guest account? It used to be recommended to
> rename the administrator account for increase security (very little
> benefit).
>
> What's the access to the machine? Could the admin account have been
> renamed to something different and a decoy non-admin account given the
> name of administrator. In fact, can the guest account be renamed to
> administrator (and administrator to guest). Check the status of the
> guest account.
>
> The SIDs will tell which is which.
>
> Roger
>
> "Ed Gregory" <eg@hotmail.com> wrote:
>
> >I have a Win2000 Pro machine that is allowing the administrator account
to
> >be locked out. I thought that with Win2000, XP, 2003 the administrator
> >account couldn't be locked out. This comes from MS tech articles. The
> >user, I guess typed the password incorrect too many times and now we are
> >unable to login with the administrator account. There are only two
accounts
> >on the system. Administrator and Guest.
> >
> >How do I unlock or enable the administrator account? I don't mean I do I
> >recover a password, but how do I disable the account locked out flag that
> >must be set in the user?
> >
> >Thanks.
> >
>
Anonymous
December 31, 2004 12:38:43 PM

Archived from groups: microsoft.public.win2000.security (More info?)

My understanding agrees with what you two have expressed.
I have however seen before a couple times systems (granted,
all XP) where the built-in had indeed become locked out (not
disabled) and best we could tell it had been by some malware.

--
Roger Abell

"Herb Martin" <news@LearnQuick.com> wrote in message
news:un$5Pyw7EHA.4072@TK2MSFTNGP10.phx.gbl...
> <somebody@compusmart.ab.ca> wrote in message
> news:7qs9t09bg0sm91pc83q6bbid0e1b185t0k@4ax.com...
> > My understanding is that the built-in administrator account cannot be
> > locked out at the console, but can be made to follow lockout policies
> > for logon attempts over the network. Is this account in fact locked
> > out at the console?
>
> Perhaps he meant network.
>
> It makes no sense (even) to allow lockout from the
> console since this could be a denial of service attack
> against the admin with no supported way to reset it.
>
>
> --
> Herb Martin
>
>
> >
> > What's the status of the guest account? It used to be recommended to
> > rename the administrator account for increase security (very little
> > benefit).
> >
> > What's the access to the machine? Could the admin account have been
> > renamed to something different and a decoy non-admin account given the
> > name of administrator. In fact, can the guest account be renamed to
> > administrator (and administrator to guest). Check the status of the
> > guest account.
> >
> > The SIDs will tell which is which.
> >
> > Roger
> >
> > "Ed Gregory" <eg@hotmail.com> wrote:
> >
> > >I have a Win2000 Pro machine that is allowing the administrator account
> to
> > >be locked out. I thought that with Win2000, XP, 2003 the administrator
> > >account couldn't be locked out. This comes from MS tech articles. The
> > >user, I guess typed the password incorrect too many times and now we
are
> > >unable to login with the administrator account. There are only two
> accounts
> > >on the system. Administrator and Guest.
> > >
> > >How do I unlock or enable the administrator account? I don't mean I do
I
> > >recover a password, but how do I disable the account locked out flag
that
> > >must be set in the user?
> > >
> > >Thanks.
> > >
> >
>
>
Anonymous
December 31, 2004 2:43:14 PM

Archived from groups: microsoft.public.win2000.security (More info?)

You might want to take a look at ...
http://www.jsiinc.com/SUBE/tip2000/rh2077.htm -or -
http://www.windowsnetworking.com/kbase/WindowsTips/Wind...

--
Bob McCoy
* This posting is provided "AS IS" with no warranties, and confers no
rights.
* Please note I cannot respond to email questions. Please use these
newsgroups.

"Ed Gregory" <eg@hotmail.com> wrote in message
news:%23PtdOMa7EHA.128@TK2MSFTNGP15.phx.gbl...
>I have a Win2000 Pro machine that is allowing the administrator account to
>be locked out. I thought that with Win2000, XP, 2003 the administrator
>account couldn't be locked out. This comes from MS tech articles. The
>user, I guess typed the password incorrect too many times and now we are
>unable to login with the administrator account. There are only two
>accounts on the system. Administrator and Guest.
>
> How do I unlock or enable the administrator account? I don't mean I do I
> recover a password, but how do I disable the account locked out flag that
> must be set in the user?
>
> Thanks.
>
Anonymous
December 31, 2004 8:55:11 PM

Archived from groups: microsoft.public.win2000.security (More info?)

Scary?? Did you have to reinstall assuming a non domain computer?? ---
Steve


"Roger Abell" <mvpNOSpam@asu.edu> wrote in message
news:erCUQb17EHA.2452@TK2MSFTNGP14.phx.gbl...
> My understanding agrees with what you two have expressed.
> I have however seen before a couple times systems (granted,
> all XP) where the built-in had indeed become locked out (not
> disabled) and best we could tell it had been by some malware.
>
> --
> Roger Abell
>
> "Herb Martin" <news@LearnQuick.com> wrote in message
> news:un$5Pyw7EHA.4072@TK2MSFTNGP10.phx.gbl...
>> <somebody@compusmart.ab.ca> wrote in message
>> news:7qs9t09bg0sm91pc83q6bbid0e1b185t0k@4ax.com...
>> > My understanding is that the built-in administrator account cannot be
>> > locked out at the console, but can be made to follow lockout policies
>> > for logon attempts over the network. Is this account in fact locked
>> > out at the console?
>>
>> Perhaps he meant network.
>>
>> It makes no sense (even) to allow lockout from the
>> console since this could be a denial of service attack
>> against the admin with no supported way to reset it.
>>
>>
>> --
>> Herb Martin
>>
>>
>> >
>> > What's the status of the guest account? It used to be recommended to
>> > rename the administrator account for increase security (very little
>> > benefit).
>> >
>> > What's the access to the machine? Could the admin account have been
>> > renamed to something different and a decoy non-admin account given the
>> > name of administrator. In fact, can the guest account be renamed to
>> > administrator (and administrator to guest). Check the status of the
>> > guest account.
>> >
>> > The SIDs will tell which is which.
>> >
>> > Roger
>> >
>> > "Ed Gregory" <eg@hotmail.com> wrote:
>> >
>> > >I have a Win2000 Pro machine that is allowing the administrator
>> > >account
>> to
>> > >be locked out. I thought that with Win2000, XP, 2003 the
>> > >administrator
>> > >account couldn't be locked out. This comes from MS tech articles.
>> > >The
>> > >user, I guess typed the password incorrect too many times and now we
> are
>> > >unable to login with the administrator account. There are only two
>> accounts
>> > >on the system. Administrator and Guest.
>> > >
>> > >How do I unlock or enable the administrator account? I don't mean I
>> > >do
> I
>> > >recover a password, but how do I disable the account locked out flag
> that
>> > >must be set in the user?
>> > >
>> > >Thanks.
>> > >
>> >
>>
>>
>
>
Anonymous
December 31, 2004 8:55:12 PM

Archived from groups: microsoft.public.win2000.security (More info?)

They pretty much accepted the advice that
a compromised system is a compromised system
perhaps always will be --> format + build
Those systems did not come up clean to industry
anti-malware scans.
--
Roger
"Steven L Umbach" <n9rou@n0-spam-for-me-comcast.net> wrote in message
news:3ogBd.594640$wV.566044@attbi_s54...
> Scary?? Did you have to reinstall assuming a non domain computer?? ---
> Steve
>
>
> "Roger Abell" <mvpNOSpam@asu.edu> wrote in message
> news:erCUQb17EHA.2452@TK2MSFTNGP14.phx.gbl...
> > My understanding agrees with what you two have expressed.
> > I have however seen before a couple times systems (granted,
> > all XP) where the built-in had indeed become locked out (not
> > disabled) and best we could tell it had been by some malware.
> >
> > --
> > Roger Abell
> >
> > "Herb Martin" <news@LearnQuick.com> wrote in message
> > news:un$5Pyw7EHA.4072@TK2MSFTNGP10.phx.gbl...
> >> <somebody@compusmart.ab.ca> wrote in message
> >> news:7qs9t09bg0sm91pc83q6bbid0e1b185t0k@4ax.com...
> >> > My understanding is that the built-in administrator account cannot be
> >> > locked out at the console, but can be made to follow lockout policies
> >> > for logon attempts over the network. Is this account in fact locked
> >> > out at the console?
> >>
> >> Perhaps he meant network.
> >>
> >> It makes no sense (even) to allow lockout from the
> >> console since this could be a denial of service attack
> >> against the admin with no supported way to reset it.
> >>
> >>
> >> --
> >> Herb Martin
> >>
> >>
> >> >
> >> > What's the status of the guest account? It used to be recommended to
> >> > rename the administrator account for increase security (very little
> >> > benefit).
> >> >
> >> > What's the access to the machine? Could the admin account have been
> >> > renamed to something different and a decoy non-admin account given
the
> >> > name of administrator. In fact, can the guest account be renamed to
> >> > administrator (and administrator to guest). Check the status of the
> >> > guest account.
> >> >
> >> > The SIDs will tell which is which.
> >> >
> >> > Roger
> >> >
> >> > "Ed Gregory" <eg@hotmail.com> wrote:
> >> >
> >> > >I have a Win2000 Pro machine that is allowing the administrator
> >> > >account
> >> to
> >> > >be locked out. I thought that with Win2000, XP, 2003 the
> >> > >administrator
> >> > >account couldn't be locked out. This comes from MS tech articles.
> >> > >The
> >> > >user, I guess typed the password incorrect too many times and now we
> > are
> >> > >unable to login with the administrator account. There are only two
> >> accounts
> >> > >on the system. Administrator and Guest.
> >> > >
> >> > >How do I unlock or enable the administrator account? I don't mean I
> >> > >do
> > I
> >> > >recover a password, but how do I disable the account locked out flag
> > that
> >> > >must be set in the user?
> >> > >
> >> > >Thanks.
> >> > >
> >> >
> >>
> >>
> >
> >
>
>
Anonymous
January 1, 2005 12:02:53 PM

Archived from groups: microsoft.public.win2000.security (More info?)

OK. I was not sure if malware had been detected or if it was assumed. That
free password reset disk that is common on the internet will enumerate the
user accounts on a computer and show if an account is locked out/disabled. A
renamed built in administrator account will show as the new name but the ID
01F4 by a user name will indicate the built in administrator account which
may help someone if they are unsure which account is the built in
administrator account. I have found that going to the \winnt\repair folder
and copying the sam and security file to \winnt\system32\config folder
[after backing up/renaming the old] while not running in the operating
system that you are copying the sam/security file to can return the sam to
the state of an account not being locked out. Of course if the System State
has never been backed up that sam will only contain the built in
administrator account [with original password] and the guest account but it
could possibly be a way to "unlock" the administrator account, though I
certainly am not suggesting that is a better solution than rebuilding a
compromised computer. --- Steve


"Roger Abell" <mvpNOSpam@asu.edu> wrote in message
news:%23IgWJI47EHA.1408@TK2MSFTNGP10.phx.gbl...
> They pretty much accepted the advice that
> a compromised system is a compromised system
> perhaps always will be --> format + build
> Those systems did not come up clean to industry
> anti-malware scans.
> --
> Roger
> "Steven L Umbach" <n9rou@n0-spam-for-me-comcast.net> wrote in message
> news:3ogBd.594640$wV.566044@attbi_s54...
>> Scary?? Did you have to reinstall assuming a non domain computer?? ---
>> Steve
>>
>>
>> "Roger Abell" <mvpNOSpam@asu.edu> wrote in message
>> news:erCUQb17EHA.2452@TK2MSFTNGP14.phx.gbl...
>> > My understanding agrees with what you two have expressed.
>> > I have however seen before a couple times systems (granted,
>> > all XP) where the built-in had indeed become locked out (not
>> > disabled) and best we could tell it had been by some malware.
>> >
>> > --
>> > Roger Abell
>> >
>> > "Herb Martin" <news@LearnQuick.com> wrote in message
>> > news:un$5Pyw7EHA.4072@TK2MSFTNGP10.phx.gbl...
>> >> <somebody@compusmart.ab.ca> wrote in message
>> >> news:7qs9t09bg0sm91pc83q6bbid0e1b185t0k@4ax.com...
>> >> > My understanding is that the built-in administrator account cannot
>> >> > be
>> >> > locked out at the console, but can be made to follow lockout
>> >> > policies
>> >> > for logon attempts over the network. Is this account in fact locked
>> >> > out at the console?
>> >>
>> >> Perhaps he meant network.
>> >>
>> >> It makes no sense (even) to allow lockout from the
>> >> console since this could be a denial of service attack
>> >> against the admin with no supported way to reset it.
>> >>
>> >>
>> >> --
>> >> Herb Martin
>> >>
>> >>
>> >> >
>> >> > What's the status of the guest account? It used to be recommended
>> >> > to
>> >> > rename the administrator account for increase security (very little
>> >> > benefit).
>> >> >
>> >> > What's the access to the machine? Could the admin account have been
>> >> > renamed to something different and a decoy non-admin account given
> the
>> >> > name of administrator. In fact, can the guest account be renamed to
>> >> > administrator (and administrator to guest). Check the status of
>> >> > the
>> >> > guest account.
>> >> >
>> >> > The SIDs will tell which is which.
>> >> >
>> >> > Roger
>> >> >
>> >> > "Ed Gregory" <eg@hotmail.com> wrote:
>> >> >
>> >> > >I have a Win2000 Pro machine that is allowing the administrator
>> >> > >account
>> >> to
>> >> > >be locked out. I thought that with Win2000, XP, 2003 the
>> >> > >administrator
>> >> > >account couldn't be locked out. This comes from MS tech articles.
>> >> > >The
>> >> > >user, I guess typed the password incorrect too many times and now
>> >> > >we
>> > are
>> >> > >unable to login with the administrator account. There are only two
>> >> accounts
>> >> > >on the system. Administrator and Guest.
>> >> > >
>> >> > >How do I unlock or enable the administrator account? I don't mean
>> >> > >I
>> >> > >do
>> > I
>> >> > >recover a password, but how do I disable the account locked out
>> >> > >flag
>> > that
>> >> > >must be set in the user?
>> >> > >
>> >> > >Thanks.
>> >> > >
>> >> >
>> >>
>> >>
>> >
>> >
>>
>>
>
>
Anonymous
January 1, 2005 12:02:54 PM

Archived from groups: microsoft.public.win2000.security (More info?)

Right on, on the use of the reg copies in Repair dir,
as the copy into active use is precisely part of a ERD
repair, or OS CD boot to repair, and does reset box
to point of last System State bkup.
I have to assume that the binaries are coded to protect
against the built-in from having its bits set to disabled,
but the bits are there and if set are obeyed by the other
binaries (IOW, the binary protect against setting rather
than against enforcement) - - - just speculation.

--
Roger
"Steven L Umbach" <n9rou@n0-spam-for-me-comcast.net> wrote in message
news:1HtBd.52891$k25.29610@attbi_s53...
> OK. I was not sure if malware had been detected or if it was assumed. That
> free password reset disk that is common on the internet will enumerate the
> user accounts on a computer and show if an account is locked out/disabled.
A
> renamed built in administrator account will show as the new name but the
ID
> 01F4 by a user name will indicate the built in administrator account which
> may help someone if they are unsure which account is the built in
> administrator account. I have found that going to the \winnt\repair folder
> and copying the sam and security file to \winnt\system32\config folder
> [after backing up/renaming the old] while not running in the operating
> system that you are copying the sam/security file to can return the sam to
> the state of an account not being locked out. Of course if the System
State
> has never been backed up that sam will only contain the built in
> administrator account [with original password] and the guest account but
it
> could possibly be a way to "unlock" the administrator account, though I
> certainly am not suggesting that is a better solution than rebuilding a
> compromised computer. --- Steve
>
>
> "Roger Abell" <mvpNOSpam@asu.edu> wrote in message
> news:%23IgWJI47EHA.1408@TK2MSFTNGP10.phx.gbl...
> > They pretty much accepted the advice that
> > a compromised system is a compromised system
> > perhaps always will be --> format + build
> > Those systems did not come up clean to industry
> > anti-malware scans.
> > --
> > Roger
> > "Steven L Umbach" <n9rou@n0-spam-for-me-comcast.net> wrote in message
> > news:3ogBd.594640$wV.566044@attbi_s54...
> >> Scary?? Did you have to reinstall assuming a non domain computer?? ---
> >> Steve
> >>
> >>
> >> "Roger Abell" <mvpNOSpam@asu.edu> wrote in message
> >> news:erCUQb17EHA.2452@TK2MSFTNGP14.phx.gbl...
> >> > My understanding agrees with what you two have expressed.
> >> > I have however seen before a couple times systems (granted,
> >> > all XP) where the built-in had indeed become locked out (not
> >> > disabled) and best we could tell it had been by some malware.
> >> >
> >> > --
> >> > Roger Abell
> >> >
> >> > "Herb Martin" <news@LearnQuick.com> wrote in message
> >> > news:un$5Pyw7EHA.4072@TK2MSFTNGP10.phx.gbl...
> >> >> <somebody@compusmart.ab.ca> wrote in message
> >> >> news:7qs9t09bg0sm91pc83q6bbid0e1b185t0k@4ax.com...
> >> >> > My understanding is that the built-in administrator account cannot
> >> >> > be
> >> >> > locked out at the console, but can be made to follow lockout
> >> >> > policies
> >> >> > for logon attempts over the network. Is this account in fact
locked
> >> >> > out at the console?
> >> >>
> >> >> Perhaps he meant network.
> >> >>
> >> >> It makes no sense (even) to allow lockout from the
> >> >> console since this could be a denial of service attack
> >> >> against the admin with no supported way to reset it.
> >> >>
> >> >>
> >> >> --
> >> >> Herb Martin
> >> >>
> >> >>
> >> >> >
> >> >> > What's the status of the guest account? It used to be recommended
> >> >> > to
> >> >> > rename the administrator account for increase security (very
little
> >> >> > benefit).
> >> >> >
> >> >> > What's the access to the machine? Could the admin account have
been
> >> >> > renamed to something different and a decoy non-admin account given
> > the
> >> >> > name of administrator. In fact, can the guest account be renamed
to
> >> >> > administrator (and administrator to guest). Check the status of
> >> >> > the
> >> >> > guest account.
> >> >> >
> >> >> > The SIDs will tell which is which.
> >> >> >
> >> >> > Roger
> >> >> >
> >> >> > "Ed Gregory" <eg@hotmail.com> wrote:
> >> >> >
> >> >> > >I have a Win2000 Pro machine that is allowing the administrator
> >> >> > >account
> >> >> to
> >> >> > >be locked out. I thought that with Win2000, XP, 2003 the
> >> >> > >administrator
> >> >> > >account couldn't be locked out. This comes from MS tech
articles.
> >> >> > >The
> >> >> > >user, I guess typed the password incorrect too many times and now
> >> >> > >we
> >> > are
> >> >> > >unable to login with the administrator account. There are only
two
> >> >> accounts
> >> >> > >on the system. Administrator and Guest.
> >> >> > >
> >> >> > >How do I unlock or enable the administrator account? I don't
mean
> >> >> > >I
> >> >> > >do
> >> > I
> >> >> > >recover a password, but how do I disable the account locked out
> >> >> > >flag
> >> > that
> >> >> > >must be set in the user?
> >> >> > >
> >> >> > >Thanks.
> >> >> > >
> >> >> >
> >> >>
> >> >>
> >> >
> >> >
> >>
> >>
> >
> >
>
>
!