XP accounts - why does this happen?

Quick question regarding my computer accounts. Recently revisted one of my old comps and forgot the admin password :)

When I boot up I get screen showing John Doe account - no one else, no admin account. Couldn't remember this password.

After a bit of stuffing around, I was able to find out that I have 2 admin rated accounts - one called administrator, one called john doe. (I was using a couple of programs - this was one http://home.eunet.no/pnordahl/ntpasswd/ )

Before I bothered to reset the password I decided to see if I could somehow access the administrator account (funnily, I didn't know this was there, had a VERY weak password on it, and got that using ophcrack - and is the main admin account!) After realizing this - i'm definetly going to rebuild. But I digress.

Booting up normally again, I just get the JOhn doe account option and nothing else. I played around using ctrl alt del and yep the prompt comes up so I can change account name and password. Bingo, in with the old administrator password.

Now at this stage, I don't really care about the accounts since im rebuilding anyway and can get in as admin to easily copy data I want. But the whole exercise has beefed my curiosity of what that forgotten password was - and why the accounts have become skewed (if you will).

1) why did i not have admin option and had to ctrl alt del to get to change accnts ? 2) using pwdump i'm told admin has password but john doe acct does not. IT definetly did have a password on it (More still - it was definetly not the same as the admin account pw). Of course it doesn't matter because I can change it now anyway, but i would like to understand. 3) say I can get pwdump of the accounts, and the password inside is quite strong, do I have any hope of cracking that with free programs available? Previously, i could only get the nt hash of this pw and as I understand that is quite hard to crack. im not sure but i think does the pwdump give both, LM and NT hash?

Feel free to answer any part of this or not (if its not kosher). In 40 or so mins the hdd will be formatted anyway.

Cheers!

thepretender

Posted 2009-11-18T07:59:46.447

Reputation:

Answers

The built-in Administrator account is hidden from Welcome Screen when a user account with Administrator privileges exists and enabled. In Windows XP Home Edition, you can login as built-in Administrator in Safe Mode only. For XP Professional, press CTRL + ALT + DEL twice at the Welcome Screen and input your Administrator password in the classic logon window that appears.

Two ways to 'unhide this account:

1. download and run TweakUI and click "Logon" option in the left pane. Put a checkmark against the option "Show Administrator on Welcome Screen". Click OK to close TweakUI.

2. edit the registry:

Click Start, Run and type Regedit.exe

Navigate to the following key:

HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ SpecialAccounts \ UserList

Use the File, Export option to backup the key

Create a new DWORD Value named Administrator

Double-click Administrator, and set 1 as its data

Exit the Registry Editor.

as for your password woes, the Offline NT Password & Registry Editor will reset any user password in Windows NT/2k/XP/Vista in no time. (it's one of these little 'must have' utilities for techie's toolbox :)

Molly7244

Posted 2009-11-18T07:59:46.447

Reputation:

In Vista there is a hidden administrator account, which you can see and activate via the command:

Net User Administrator /active:yes

Perhaps this is what you are seeing in XP.

Guy Thomas

Posted 2009-11-18T07:59:46.447

Reputation: 3 160