My Identity stollen

I

Ilyaz

I'm the Administrator/User1 of my computer running Win XP Home. There were
no other users until a day ago, when I inadvertently, while in the Safe Mode
at the Security Tab, granted a Full access to <user1.YOUR-xxxx>.
Now I have a new <System> folder for <User1.YOUR-xxx> in the Documents and
Settings. Every time on a start up, machine signs on automatically to this
folder. As a result, I cannot get an easy access to all my old files stored
in the <User1> folder. Outlook Express 6 "does not see" the old mailboxes
and messages, the Address book is empty and so on. The <User1.YOURxxx>
folder cannot be deleted because it is a system folder (that what the
message says when I try do delete it!).
So, here are my questions: How do I get my <User1> identity back? How to
delete the <User1.YOUR-xxx> folder?
But this is not the only problem I'm heaving now. In the past, on a start up
in the Safe Mode, there was an option to continue as Administrator or as
User1. Not any more... Looks like I still have the Admin privileges, but
without this option on the start up.
Question: How to get back the start up options for Admin or User in the Safe
mode?
TIA
 
D

davetest

I'm the Administrator/User1 of my computer running Win XP Home. There were
no other users until a day ago, when I inadvertently, while in the Safe Mode
at the Security Tab, granted a Full access to <user1.YOUR-xxxx>.
Now I have a new <System> folder for <User1.YOUR-xxx> in the Documents and
Settings. Every time on a start up, machine signs on automatically to this
folder. As a result, I cannot get an easy access to all my old files stored
in the <User1> folder. Outlook Express 6 "does not see" the old mailboxes
and messages, the Address book is empty and so on. The <User1.YOURxxx>
folder cannot be deleted because it is a system folder (that what the
message says when I try do delete it!).
So, here are my questions: How do I get my <User1> identity back? How to
delete the <User1.YOUR-xxx> folder?
But this is not the only problem I'm heaving now. In the past, on a start up
in the Safe Mode, there was an option to continue as Administrator or as
User1. Not any more... Looks like I still have the Admin privileges, but
without this option on the start up.
Question: How to get back the start up options for Admin or User in the Safe
mode?
TIA
Click to expand...
Use system restore to restore to a time prior to this change.

Dave
 
I

Ilyaz

Dave,
I tried it first, but for some reason it did not help. Somehow, I think, I
have to clean all the possible other identities there might be on my machine
and restore the only one, the Administrator/User1.
Any other ideas?
Ilya
 
D

davetest

Dave,
I tried it first, but for some reason it did not help. Somehow, I think, I
have to clean all the possible other identities there might be on my machine
and restore the only one, the Administrator/User1.
Any other ideas?
Ilya
Click to expand...
LOGON in safemode to the Adminstrator account.
Control panel(classic view)/user accounts/
change the ways users logon or off.
select "use welcome screen"

save and logoff.
reboot and logon to your main account make sure it's working
OK.
control panel/adminstrative tools/computer management/
Local user and groups/users
delete or disable the account you don't need.

If you delete it, also delete the associated folder in
"documents and settings" (this may be automatic - not sure)

Dave
 
I

Ilyaz

Dave, sorry to bother you again, but I'm having a problem following your
advice.
First, when I booted in the Safe Mode, I got no choice of Admin or User1.
The desktop just opened after I clicked OK for the safe mode. Nevertheless,
I went to user accounts and noticed that "use welcome screen" was checked
(but, as I mentioned it, there was no welcome screen at booting).
Second, when I returned to the Normal mode and went to the Control Panel/
Admin tools/ comp management/ - there were no Local user and groups... So, I
was unable to delete or disable any account
Now what? Looks like I'm in a deeeeep trouble.
Ilya
 
D

davetest

Dave, sorry to bother you again, but I'm having a problem following your
advice.
First, when I booted in the Safe Mode, I got no choice of Admin or User1.
The desktop just opened after I clicked OK for the safe mode. Nevertheless,
I went to user accounts and noticed that "use welcome screen" was checked
(but, as I mentioned it, there was no welcome screen at booting).
Second, when I returned to the Normal mode and went to the Control Panel/
Admin tools/ comp management/ - there were no Local user and groups... So, I
was unable to delete or disable any account
Now what? Looks like I'm in a deeeeep trouble.
Ilya
Click to expand...
Ilya,

I have xp pro and I've been looking at this, I thought that home and
pro were the same in these area's. - maybe not?
If you enter lusrmgr.msc directly from the RUN box, this is a
shortcut to the user manager. Does it work?
Also
Can you go to control panel/user accounts
what is listed? Is it what you expect? For example, on mine I have
"guest" and user accounts for myself and my wife.
Dave
 
I

Ilyaz

Dave,
the lusrmgr.msc shortcut did not work. I got a warning that said this is a
Home edition and I should use User accounts from Control Panel. There, I
found that only my User1/Admin account is on. The guest is off. No other
accounts are there.
So, apparently, there is no <user1.YOUR-xxx> account. However, somewhere in
the Security tab (in the Safe mode) there must be this
<user1.YOUR-xxx>sitting somewhere. Any idea where to look for it and how to
get rid off it?
Tanks a lot for your time and assistance.
Ilya
 
D

davetest

Dave,
the lusrmgr.msc shortcut did not work. I got a warning that said this is a
Home edition and I should use User accounts from Control Panel. There, I
found that only my User1/Admin account is on. The guest is off. No other
accounts are there.
So, apparently, there is no <user1.YOUR-xxx> account. However, somewhere in
the Security tab (in the Safe mode) there must be this
<user1.YOUR-xxx>sitting somewhere. Any idea where to look for it and how to
get rid off it?
Tanks a lot for your time and assistance.
Ilya
Click to expand...
Hi Ilya,
I'm beginning to wonder if this is because you have turned off simple
file sharing (because of the security tab) and this is a permissions
issue somewhere?
I guess you could always re-enable simple file sharing and see what
happens -

I took a look in the registry (using regedit) and found some items of
interest -
hklm\software\microsoft\windows\currentversion\explorer\docfolderpaths
confirms the "documents and settings paths"

HKLM\software\microsoft\windowsNT\currentversion\profilelist\xxxxxxxxxx\
Where xxxxxxxxx is the long name that looks like this
s-1-5-21-16144665754-157789937-31234243. These profile numbers can be
tied directly to the keys in Hkey_users. Within these keys you'll
find ProfileimagePath which gives the corresponding friendly name
(your userid)
You may be able to fix it here, if all else fails.

Good luck
Dave
 
I

Ilyaz

Dave,
in the XP Home, there is no simple file sharing, so I could not touch it.
And it's getting too complicated for me (Registry etc.). I'm going to sleep
on it tonight and we'll see what the next morning will bring up...
Thanks a lot for your suggestions.
Ilya
 
I

Ilyaz

Alex,
thanks for the article. Unfortunately, it didn't work on <system file> I
wanted to delete.
Ilya
 
D

davetest

Dave,
in the XP Home, there is no simple file sharing, so I could not touch it.
Click to expand...
Oops, sorry. I see this is like win2k in that respect.
And it's getting too complicated for me (Registry etc.). I'm going to sleep
on it tonight and we'll see what the next morning will bring up...
Click to expand...
I understand. It's much easier to look and see than it is to
describe. I re-read you original post and you mentioned the security
tab and granting full access to this new user. What precisely did you
do? It sounds as if you're talking about the security tab at the
file/folder level, but what file/ folder?

I fixed a *very* similar problem in Windows NT4.0 about 5 years ago
and all I remember is that the fix involved the registry.

If you look at
HKLM\software\microsoft\windowsNT\currentversion\profilelist\
you'll see 5 or 6 entries. In mine, I see administrator, mine,
my wife's, network service, local service and systemprofile.

You may have just the pointer to your new xxx userid or they may both
be there. It may be possible to point the profileimagepath back to
the old "documents and settings". At least you'll get your old
environment back. You can then figure out what to do about the
administrator later.
Take a look here:
http://home.comcast.net/~davehassan/regedit2.JPG

you see the profileimagepath on the right? It points back
to the proper documents and settings folder.
Another place to look for clues is:
control panel/system/advanced/user profiles.

Dave
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Red X's on Mapped Network Drives 1
Multiple Profiles in Admin tool, 0 on drive 2
MBSA Reporting an Unknown Third Administrator Account 1
Getting Rid of Multiple Administrators 8
Login problem with original Administrator account 1
Permission Issue 3
Administrator as Only User ? 1
Changing profile settings 1

Top