1
Ok, here's the situation.
Update: I have solved the situation
My machine is set to log me in automatically after startup, then lock the workstation with a registry entry.
If you must know, the entire registry entry is
C:\WINDOWS\system32\rundll32.exe user32.dll,LockWorkStation
From there I usually use the fingerprint reader and software from Lenovo to log on if it comes up any quicker than typing my password would take.
Sometime between my last startup+login (~6 days ago) and the last 12 hours before I made this posting, my windows account password went poof. Vanished. Was removed somehow and set to a blank password.
I learned this when I swiped my thumb and was told by the thinkvantage branded software for my fingerprint reader that my windows password was incorrect.
Swiping another finger came up with the same result. Clicking my user icon to type in my password simply logged me back in. When I checked my account settings in the control panel, I found the option to add a password to my account, rather than changing the one I formerly had set.
What I want to know is how can I find out what ate my password, and when?
To my memory I haven't installed any software in the past week, busy as it's been.
Play with command line tools in a well rested state.
Troubleshoot computer problems in a well rested state.
Sleep deprivation is not your friend.
The system is a Windows 7 SP1 64 bit installation, kept reasonably up to date and has drivers+basic software from Lenovo installed. Software is pretty boring, a heavily abused install of firefox, some cygwin bits, skype.
Nothing that's likely to be relevant, though I can come back with a listing if I absolutely must.
cygwin, as it turns out, was the culprit.
to cut things short,
passwd
will interact with your windows password.
I did take a brief glance at the windows event logs, but honestly have only the vaguest clue as to what I'm looking for, nevermind which logs I should be checking.
PowerLuser
Posted 2016-06-01T11:04:08.097
Reputation: 113
Is this on a domain or a stand-alone PC? – DavidPostill – 2016-06-01T11:07:35.467
It's a stand-alone PC, a humble Thinkpad laptop. – PowerLuser – 2016-06-01T11:08:43.777
1
Have you checked Due to which reason might a windows 7 password been reset to empty?
– DavidPostill – 2016-06-01T11:10:18.2301
See also 4724: An attempt was made to reset an accounts password and 4738: A user account was changed
– DavidPostill – 2016-06-01T11:15:11.457Just read that, useful tip, but my windows security event log is clear of events ID'd 627 and 628 – PowerLuser – 2016-06-01T11:16:59.073
14723: An attempt was made to change an account's password – DavidPostill – 2016-06-01T11:18:03.177
Your second link however has a couple hits! There's two events ID'd 4724 corresponding nearly a full 24-hours before I found my password wiped clean, followed by a single 4723 corresponding to putting a password back onto my account immediately after I found it gone. There's also 2 ID'd 4738 both directly preceding the pair of 4724s from yesterday morning. Thanks for those links. Now to figure out how this happened. – PowerLuser – 2016-06-01T11:28:28.213