0
For some reason the domain is not detected by the PC, other computers in the network work fine, the account is not disabled but the previous logons got deleted.
Is there a way to access this PC or do I need to format it?
Thanks
lbedwell
Posted 2018-10-12T14:35:49.040
Reputation: 1
0
Is the computer using disk-encryption ? If yes it is next to impossible. Re-installing will be the best option.
If there is no disk-encryption you can break into the system fairly easily: Instructions are all over the internet (Google "utilman.exe cmd.exe"), but it basically comes down to:
Boot from a USB or DVD install medium.
On the first screen press Shift-F10 to start a CMD prompt.
From this prompt you can access the harddisk.
Find the utilman.exe utility and rename it. Then copy cmd.exe to utilman.exe
Not boot the computer as usual. At the login prompt invoke the "accessibility options" (normally this is utilman.exe) which will launch cmd.exe instead.
In CMD (which now runs at SYSTEM privilege) you can create a new local user or re-enable the Administrator account and reset its password.
Then you can login to the system and start troubleshooting your domain issue. First things to check are if the computers clock isn't way off compared to the domain and if the computer has a correct ip-address on the LAN.
Tonny
Posted 2018-10-12T14:35:49.040
Reputation: 19 919
https://4sysops.com/archives/reset-a-windows-10-password/ – harrymc – 2018-10-12T15:03:11.840
I believe these 'holes' have been patched. At least with sethc.exe and osk.exe (On Screen Keyboard). If so, then when run you may not see anything happening because there's no place to put the error (msg), but if you try to run these 'fake' programs in the proper context (when running the fakes in the logged on environment), you'll see that some error message comes up. I can have a look to be specific. – reben – 2018-10-12T15:14:25.433
@reben I'm fairly sure the (ab)use of utilman.exe is still valid for Windows 7 and 8. I never actually had a need to try it on Windows 10, so I'm not a 100% sure it still works on 10. – Tonny – 2018-10-12T15:21:44.507
@Tonny I'm not sure why I assumed Windows 10 for this case. You are probably correct when it comes to Win 7 and 8. Do you know what Windows version is in question? I cannot seem to see this stated anywhere. – reben – 2018-10-12T15:25:37.640
@reben The question has a "windows-10" tag. But it isn't mentioned in the actual question. I did some Googling and most guides still say the utilman trick also works for Windows 10. – Tonny – 2018-10-12T15:32:42.747
@Tonny This is interesting. I could attempt to do this now. I might even provide the error you may see if this is patched. – reben – 2018-10-12T15:41:16.927
@Tonny Exploit is patched in Win10. Running cmd.exe disguised; At logon screen; some error sounds-no place to put out error msgs. "It just doesn't work.." - When in the system (proper context & logged in); Running any of those disguised exe's gives; 'The system cannot execute the specified program.' Plus a notification window; 'Virus & Threat Protection...' Goes for both utilman & others. In Windows Defender; Trojan:Win32/AccessibilityEscalation.A Alert level: Severe Status: Active Date: 12.10.2018 ... Affected items: ... file: C:\Windows\System32\utilman.exe – reben – 2018-10-12T16:55:37.713
@Tonny You'll need to use another exploit. One that isn't public knowledge. "I have an idea, but I cannot tell.." :-) The previous comment got terse because of length limitations but I reckon the information was understandable anyway. It's now classified as a threat/virus. You even have to fight harder with file access permisssions/ownership than before. – reben – 2018-10-12T17:28:06.760
Can you login with the (last used) useraccount if the computer is NOT attached to the network ? – Tonny – 2018-10-12T14:38:26.853
No =/ , unfortunately this didn't work. Also looks like there is no local account available either. – lbedwell – 2018-10-12T14:41:03.813