How to change Windows machine IP without being an admin?

11

6

In the spirit of this question, I have a windows machine that is a member of an Active Directory network, but the network is unreachable due to mistake in the network configuration that is not yet resolved. However, we can restore connectivity easily if we were able to change IP address.

The problem is, we cannot login except with a cached domain credentials of a non-administrator user that hasn't the privileges to change IP address. Is there anyway in this situation to change the IP address of the machine? Note that:

  • We cannot ship things to the machine or ship the machine back to us, only have it connected to the network.
  • The local user (administrator) is disabled. No other local users were configured.

amyassin

Posted 2015-06-14T12:25:00.893

Reputation: 293

There must be a local administration account, otherwise joining the domain wouldn't have been possible. – Daniel B – 2015-06-14T12:29:46.153

@DanielB OP says the local admin account is disabled, presumably after the computer was joined to the domain. – a CVn – 2015-06-14T12:31:09.483

1yes, it was disabled afterwards... – amyassin – 2015-06-14T12:32:51.003

Ah, missed that. If an account exists, the usual hacking tools can easily enable it and reset its password. – Daniel B – 2015-06-14T12:33:17.010

Is it still disabled even in Safe Mode? – user1686 – 2015-06-14T13:41:21.697

2To attack this from the other side, can't you set up some form of gateway to temporarily make the IP configuration of your target machine valid? – Matthew Steeples – 2015-06-14T16:01:48.170

that would mess up routing for other machines, since the address of the messed up machine is in the range of the remote machines I am accessing it from.. If I changed the gateway, I am locked out... – amyassin – 2015-06-14T16:22:36.580

1Try plugging in a USB network adapter (this requires action by a local user, but it shouldn't require IT staff), by default it will have DHCP enabled, you should then have enough network connectivity to login with domain credentials. – Ben Voigt – 2015-06-14T17:21:57.183

The domain is in a local network and cannot be accessed from outer internet... We have a vpn but requires installation of a client, meaning back again to admin rights... – amyassin – 2015-06-14T18:43:00.547

Answers

9

I've always had success with the "Offline NT password & Registry Editor" found here

No Linux experience required, just follow the instructions to get it onto a CD / USB stick, and go through the prompts (mostly just using the defaults) to re-enable the disabled Admin account and then reset its password.

Triforcer

Posted 2015-06-14T12:25:00.893

Reputation: 116

2

I don't think this is possible without an admin account, reinstalling the OS, or using a live CD of some sort to manually modify the windows config files. However, hope is not lost, since you may be able to boot into the administrator account with some password-bypassing tools like KON-BOOT.

Note0: this method requires you to connect a USB stick to the computer, which may not be allowed by the policy of some organization, in which case - it cannot be used.

Note1: this may require some tweaking of the BIOS in certain cases, so if it is password protected - you'll have to find a way to bypass that too.

Note2: obviously, if you do choose this path, make sure you trust the person who has physical access to the machine, and that he does not mean to use this method to do things he's not supposed to (seeing how he will now have admin access to the machine, if this process works).

Just had another idea:

In the spirit of LiveCD - you could instruct them to take out the harddrive of this machine and connect it to a functional machine (preferrably with network access), giving you, the admin, access to files on the harddrive and possibly allowing you to change the windows configurations.

If you have access to the harddrive, you might be able to modify the hosts file to redirect the wrong IP to wherever you need, or replace\edit the relevant Windows configuration files.

Dev-iL

Posted 2015-06-14T12:25:00.893

Reputation: 1 301

I like that, unfortunately the USB is blocked :\ and the KON-BOOT is not free, we cannot buy tools easily.. P.S. I like the numbering :) – amyassin – 2015-06-14T12:51:05.983

What do you mean by "blocked"? Are there no physical ports available, or are they disabled in BIOS? In the 2nd case you may be able to instruct the users remotely how to access the BIOS and unblock them. Otherwise, this leaves you with a Windows LiveCD option (just googled it - apparently it exists), however I'm not sure about the license aspects of this method, or if you could change the main os' settings using a LiveCD. – Dev-iL – 2015-06-14T12:59:38.410

1@amyassin - I have added another idea to my answer. What do you think? – Dev-iL – 2015-06-14T13:08:10.310

blocked is an AV block, it works if we are out of Windows (or the antivirus reign anyway).. – amyassin – 2015-06-14T13:47:10.370

This means you technically could use the 1st idea, since it "does its magic" before windows boots. – Dev-iL – 2015-06-14T13:48:40.743

the new idea is great.. It is the best shot we have.. I can change the domain to point to other address that is to be forwarded to it.. It indeed is the best shot, hoping I can explain to them how to disconnect and connect HDDs.. – amyassin – 2015-06-14T13:48:50.183

still the program is not free.. We cannot buy software over the internet (country problems).. – amyassin – 2015-06-14T13:49:48.923

@amyassin - There's a free\trial version (1.1) available officialy from the developer. Note that "free version supports only 32-bit windows systems without the Windows 8 support".

– Dev-iL – 2015-06-14T13:59:07.490

downloading it.. looks great :) will feed you back – amyassin – 2015-06-14T14:24:37.340

2

You could try to boot some linux distro (i.e. PartedMagic or Ubuntu Live) and use a tool to reset/unlock/remove password of the local Administrator user account. Then you would be able to login to the local user with blank password by typing .\Admisistrator into the username box.

Please see: How-To Geek

NOTE: Only do this if you are familar with Linux, because using this method you could easily broke your Windows OS!

AirPett

Posted 2015-06-14T12:25:00.893

Reputation: 151

That is indeed interesting, but unfortunately no one is familiar with linux there :\ – amyassin – 2015-06-14T12:48:00.773

1

I shall assume your problem box has these settings:

  • IP = 192.168.10.36, default gateway = 192.168.10.1, DNS = 192.168.10.2 (otherwise adjust the numbers accordingly below).

Now proceed as follows, using two boxes TEMPAD (with ip 192.168.11.100, say) and TEMPDNS (with 192.168.11.200, say):

  1. RDP to TEMPAD and install the AD role on TEMPAD
  2. On TEMPAD set a static route to host(!) 192.168.10.36 via 192.168.11.200
  3. From within your RDP session on TEMPAD, start an RDP session to TEMPAD and install DNS on TEMPDNS. It should serve your AD zone; I'm not sure if it should rather serve a crippled AD zone with all references to the 192.168.10.* AD servers removed, see hints below.
  4. Add secondary IPs 192.168.10.1/24 and 192.168.10.2/24 on TEMPDNS and enable IP forwarding.
  5. Ask a person at the 192.168.11.* site to turn on the problem computer
  6. When the boot has completed, start an RDP session to 192.168.10.36 from within your RDP session to TEMPAD. You can now login as whoever you want.

Note: The fourth step disrupts connectivity from TEMPDNS to your 192.168.10.* LAN, but your remote session is stillworking because it is actually originating from TEMPAD in the 192.168.11.* LAN

In step 6 the following magic happens (I hope): The machine asks its configured DNS server 192.168.10.2 (i.e., TEMPDNS) for the address of an AD server. It gets as a reply your original AD servers in 192.168.10.* and 192.168.11.200 (i.e., TEMPAD). Connection attempts to the 192.168.10.* AD servers fail, so ultimately 192.168.11.200 is tried (as I said, it may be better to avoid the attempts to connect 192.168.10.* by crippling the DNS on TEMPDNS). The connection to 192.168.11.200 succeeds: We have a working forward route 192.168.10.36 -> 192.168.10.1=TEMPDNS -> TEMPAD and backward rout TEMPAD -> 192.168.10.200=TEMPAD -> 192.168.10.36.

Once all repairs have completed, donÄt forget to undo all the crap above.

Hagen von Eitzen

Posted 2015-06-14T12:25:00.893

Reputation: 548

1

If you have the ability to book the computer from a DVD and have access to the Windows Install DVD, then you can easily gain access.

  1. Boot with OS install DVD

  2. Select the option to repair computer, select OS install, and then select the command prompt option

    C:>
CD windows\system32
ren utilman.exe utilman.exe.old
copy cmd.exe utilman.exe

  3. Reboot and load OS as normal

  4. Use the Ease of Access Tools (WindowsKey + U or icon in lower left) to get command prompt a. Perform the admin operations (e.g. PWD reset: net user administrator <new password> and then Log in and rejoin to domain)
  5. Reboot with OS install DVD

  6. Return to command prompt

    Del utilman.exe
Ren utilman.exe.old utilman.exe

What this does is that it replaces the Ease of Access Tools with the command prompt. And as the Ease of Access Tools runs elevated at the login, this therefore gives you an elevated command prompt, allowing you to do any fixes you need. This fix is from the following website: http://www.kieranlane.com/2012/12/12/resetting-administrator-password-windows-2008/

Eric Johnson

Posted 2015-06-14T12:25:00.893

Reputation: 164

Asked: 2015-06-14T12:25:00.893

Viewed: 41 382 times

Active: 2016-03-29T08:04:51.903