Stolen computer recovered but has password

[Guest]

Hi;

Earlier this week, I had a computer stolen from my classroom by a couple of
students who came into the building late in the afternoon. While the computer
was recovered and returned to me the next day (seems as though the students
had a guilty conscience and fessed up to a parent), I now have a problem...

The students deleted the existing user account that I had (which had no
password enabled on it) and replaced it with their own, password protected
account (called "Alpha"). Now when the computer is turned on and Windows XP
starts, it brings me to the main login page, which I cannot get past. When
asked for the password by the police, the students who took the computer
eventually gave him a word, but it does not work (I even tried variations in
spelling including misspellings). The only way I can use the computer now is
by logging in as "Guest"

My question is how can I remove this account, or at the very least, remove
the password so that the computer is usable again?

Thanks for your help (in advance).

Mark M.

 

[Steven L Umbach]

What you want to do is to format the whole hard drive and the reinstall the
operating system to a pristine state after backing up your data files [and
decrypting any EFS files if used] to external media such as cdrom/dvd and
being sure to scan your data files for malware before restoring to your
computer. Who knows what they did to your computer. Anyhow to access it as
it is now see the link below on how to download a program that you can boot
from a floppy or cdrom to reset the built in administrator password and if
it is XP Home try booting into Safe Mode to logon as built in administrator
which may have a blank password. -- Steve

http://www.petri.co.il/forgot_administrator_password.htm

 

[Guest]

Hi Steven;

Thank you for your reply. Can you give me a quick explanation of how I go
about formatting my hard drive. I'm good with using computers, but not that
good with fixing them.

Much appreciated.

Mark

What you want to do is to format the whole hard drive and the reinstall the
operating system to a pristine state after backing up your data files [and
decrypting any EFS files if used] to external media such as cdrom/dvd and
being sure to scan your data files for malware before restoring to your
computer. Who knows what they did to your computer. Anyhow to access it as
it is now see the link below on how to download a program that you can boot
from a floppy or cdrom to reset the built in administrator password and if
it is XP Home try booting into Safe Mode to logon as built in administrator
which may have a blank password. -- Steve

http://www.petri.co.il/forgot_administrator_password.htm

Hi;

Earlier this week, I had a computer stolen from my classroom by a couple
of
students who came into the building late in the afternoon. While the
computer
was recovered and returned to me the next day (seems as though the
students
had a guilty conscience and fessed up to a parent), I now have a
problem...

The students deleted the existing user account that I had (which had no
password enabled on it) and replaced it with their own, password protected
account (called "Alpha"). Now when the computer is turned on and Windows
XP
starts, it brings me to the main login page, which I cannot get past.
When
asked for the password by the police, the students who took the computer
eventually gave him a word, but it does not work (I even tried variations
in
spelling including misspellings). The only way I can use the computer now
is
by logging in as "Guest"

My question is how can I remove this account, or at the very least, remove
the password so that the computer is usable again?

Thanks for your help (in advance).

Mark M.

 

[Juan]

Installing Windows XP
http://www.windowsnetworking.com/j_helmig/wxpinstl.htm

----------------------------

Hi Steven;

Thank you for your reply. Can you give me a quick explanation of how I go
about formatting my hard drive. I'm good with using computers, but not that
good with fixing them.

Much appreciated.

Mark

What you want to do is to format the whole hard drive and the reinstall the
operating system to a pristine state after backing up your data files [and
decrypting any EFS files if used] to external media such as cdrom/dvd and
being sure to scan your data files for malware before restoring to your
computer. Who knows what they did to your computer. Anyhow to access it as
it is now see the link below on how to download a program that you can boot
from a floppy or cdrom to reset the built in administrator password and if
it is XP Home try booting into Safe Mode to logon as built in administrator
which may have a blank password. -- Steve

http://www.petri.co.il/forgot_administrator_password.htm

Hi;

Earlier this week, I had a computer stolen from my classroom by a couple
of
students who came into the building late in the afternoon. While the
computer
was recovered and returned to me the next day (seems as though the
students
had a guilty conscience and fessed up to a parent), I now have a
problem...

The students deleted the existing user account that I had (which had no
password enabled on it) and replaced it with their own, password protected
account (called "Alpha"). Now when the computer is turned on and Windows
XP
starts, it brings me to the main login page, which I cannot get past.
When
asked for the password by the police, the students who took the computer
eventually gave him a word, but it does not work (I even tried variations
in
spelling including misspellings). The only way I can use the computer now
is
by logging in as "Guest"

My question is how can I remove this account, or at the very least, remove
the password so that the computer is usable again?

Thanks for your help (in advance).

Mark M.

 

[Will]

Being somewhat cynical, it seems to me that a possible intent was never to
steal the computer, but instead to plant spyware on it so that they could
get at the information on that computer on an ongoing basis. They may have
originally intended to just let the computer show up mysteriously with you
being unaware of software changes to it. I would backup the data by
mounting that drive onto a different computer, then scan it for viruses and
spyware. Re-install Windows XP from scratch after formatting the drive.
Recover data but do not recover programs.

Microsoft makes it way too difficult to secure a computer properly. There
is unfortunately a long checklist of things you must do to a default install
to have it become anything approaching secure. Among these things, some of
the more important ones are:

- Turn off the Quick Switch and Welcome Screen features and instead use the
more secure ctrl+alt+del login.

- Get a USB fingerprint authentication scanner. It's a great way to secure
the computer login without having to memorize long passwords, which are also
subject to be stolen by Trojan Horse software.

- Create a quite long (14+ characters) and quite complex (numbers and !@#$%
characters in addition to spaces and alphabetic characters) password for the
administrator account and your personal account

- Use NTFS for the file system. At the root I would give Full Control to
Administrators and SYSTEM and only Read Only access to your personal
account. Make sure that same template is inherited by Program Files and
Windows subdirectories, and Windows\SYSTEM32. Make sure that Users do not
have any access at all to c:\windows\system32\config. Once they can read
that file it is game over because the SAM contains userids and passwords and
they will copy those files to another computer and then run programs to
break the passwords over a few days time. Finally, think through exactly
which directories your personal user account will need to have read-write
access to, and restrict such access to just those directories.

The above have many special cases and in general you want a computer
security expert to do the work to set up the computer for you. I am
constantly frustrated at how easy it is to break a Windows computer, even
after you have gone to great efforts to secure it. I feel your pain.

 

[Will]

I didn't say this explicitly, and it's perhaps the most important point:
REMOVE YOUR PERSONAL ACCOUNT FROM THE ADMINISTRATOR'S GROUP.
Unfortunately, when you do this it may stop some programs from working, and
fixing those is something that can take a lot of expertise to do.
Administering the machine and installing new applications from that point on
will require a new discipline on your part that can be very difficult to
self-teach: when you need to run a program with the privileges of
administrator, you will need to depress the left Shift key and also right
click on it and execute Run As near the top of the menu. Specify the
administrator account and supply its (long) password.

Yes, it's a pain. And it can involve subtle issues about when you should
and should not run as administrator. To avoid some error message you get
on a web site, you might find yourself running Internet Explorer as
Administrator. That is almost always a huge mistake on an unknown web
site, as you can then end up installing trojans on your computer.

 

[Steven L Umbach]

The link Juan provided was a good one. Just be sure to backup your data and
configuration settings first such as for tcp/ip [use ipconfig /all to see
settings] and email/newsgroup accounts. Most users also want to backup their
emails, address book, and internet favorites. --- Steve

Hi Steven;

Thank you for your reply. Can you give me a quick explanation of how I go
about formatting my hard drive. I'm good with using computers, but not
that
good with fixing them.

Much appreciated.

Mark

What you want to do is to format the whole hard drive and the reinstall
the
operating system to a pristine state after backing up your data files
[and
decrypting any EFS files if used] to external media such as cdrom/dvd and
being sure to scan your data files for malware before restoring to your
computer. Who knows what they did to your computer. Anyhow to access it
as
it is now see the link below on how to download a program that you can
boot
from a floppy or cdrom to reset the built in administrator password and
if
it is XP Home try booting into Safe Mode to logon as built in
administrator
which may have a blank password. -- Steve

http://www.petri.co.il/forgot_administrator_password.htm

Hi;

Earlier this week, I had a computer stolen from my classroom by a
couple
of
students who came into the building late in the afternoon. While the
computer
was recovered and returned to me the next day (seems as though the
students
had a guilty conscience and fessed up to a parent), I now have a
problem...

The students deleted the existing user account that I had (which had no
password enabled on it) and replaced it with their own, password
protected
account (called "Alpha"). Now when the computer is turned on and
Windows
XP
starts, it brings me to the main login page, which I cannot get past.
When
asked for the password by the police, the students who took the
computer
eventually gave him a word, but it does not work (I even tried
variations
in
spelling including misspellings). The only way I can use the computer
now
is
by logging in as "Guest"

My question is how can I remove this account, or at the very least,
remove
the password so that the computer is usable again?

Thanks for your help (in advance).

Mark M.

 

[Leythos]

Hi;

Earlier this week, I had a computer stolen from my classroom by a couple of
students who came into the building late in the afternoon. While the computer
was recovered and returned to me the next day (seems as though the students
had a guilty conscience and fessed up to a parent), I now have a problem...

The students deleted the existing user account that I had (which had no
password enabled on it) and replaced it with their own, password protected
account (called "Alpha"). Now when the computer is turned on and Windows XP
starts, it brings me to the main login page, which I cannot get past. When
asked for the password by the police, the students who took the computer
eventually gave him a word, but it does not work (I even tried variations in
spelling including misspellings). The only way I can use the computer now is
by logging in as "Guest"

My question is how can I remove this account, or at the very least, remove
the password so that the computer is usable again?

Thanks for your help (in advance).

Since you have no idea what the kids have done/installed on the computer
you need to WIPE/REINSTALL IT FROM SCRATCH.

They could have installed key-loggers, malware, etc... anything you do
on the computer could be compromised.

Take your recovery/reinstall/Windows XP CD and wipe the drive and
reinstall it from scratch.

 

[coal_brona]

Greetings,

I recommend you using Active@ password changer utility to reset
password. This is a small yet easy to use tool that can quickly reset
forgotten or lost XP password. It did helped me before so you can
really try it out.

http://www.password-changer.com/