MyComputingArt

Articles about computing. What are you interested in?

.htaccess, android, apache, bloxsom, bluetooth, broadcast, case, chat, client-server, command-line, configuration, cool'n'quiet, cooling, cpu, disk suspension, dsl, error, fan, fan controller, file management, firefox, firewall, freeware, google, google earth, gpg, gps, grub, hardware, heatsink, howto, images, internet, jabber, lapping, linux, measurement, messaging, motherboard, mp3, mysql, network, password, pda, perl, phone, programming, programming , qemu, rdp, regex, router, screen recording, script, security, shell, silencing, software, spreadsheet, spyware, system recover, tools, ubuntu, virtualization, visual basic, VMWare, vnc, vpn, web, windows, wireless, xen, xmpp, xp



Accessing and changing the registry from outside Windows

Problem: I got myself locked out of my pc
Solution: access the registry from outside Windows and change the account lockout settings

After enabling Remote Desktop access to access from my notebook to my pc through my wireless LAN, I was playing around with account locking settings to defend from possible brute force attacks coming through the WLAN (supposing the attacker cracked the WPA-PSK password): I set the lock so that after two failed attempts to login the account would be locked until the administrator (me) unlocks it manually.
I wanted to adopt such a security measure for RDP access only, but unfortunately the account lockout policy is valid for any login attempt, being it local or remote.
Then, as a slight security measure, I also disabled the administrator user (my user is already an administrator and an attacker should also find a valid username).
I mistyped the password twice and I got myself stuck: administrator and guest were disabled and my account was locked.
After rebooting, at the logon screen there were no more users, so that the "To begin, click your username" sentence on the left sounded like a joke, having absolutely nothing on the right.

The solution was obvious:
  1. try to access and change the registry from linux (I have dual boot)
  2. manually restore a previous version of the registry

I solved using Offline NTPassword & Registry Editor, an offline regitry editor on a boot disk; I made the floppy, rebooted and then I started looking in the registry the affecting keys, but it was not necessary: there's a feature to edit the accounts, and that allowed me to enable the administrator.

I also found dumphive, a useful program to dump the registry hives to text files.

Instead on www.beginningtoseethelight.org there's plenty of Windows NT, 2000 and XP low level settings and hacks, I would say "all about the registry": for instance, where and how users and passwords, including account statistics and policies, are stored and encoded in the SAM hive of the registry, and a schematic explanation of the registry structure; and don't miss the other sections of the site, they're enlightening too.
About the second option, there's a Microsoft article that explains how to manually restore the registry to a previous state.


   PDF

Posted by: Z24 | Fri, Apr 20 2007 | Category: /windows | Permanent link | home
Tagged as: , ,


About
About
RSS
rss
Donate
Did I save you time or trouble?

Thanks ;-)
Skin
Categories
Archives
Search
Search MyComputingArt

word word = any word
+word +word = all the words
regexp pattern


Search hardware reviews

Visitors

since August 2006

free counters
since September 2009


Powered by Blosxom
FlagCounter Locations of mycomputingart.com visitors Map

Valid HTML 4.01 Strict    Valid CSS!

http://www.mycomputingart.com/

To contact the webmaster and author write to: info<at>mycomputingart<dot>com
© mycomputingart.com, year(today()).