Wednesday, February 14, 2018

Unlocking Windows Local Accounts using a Linux LiveCD

So, here was my predicament: One of my users complained about getting an error message when trying to log in.  I have been finding these for the last few weeks at the new job.

"The security database on the server does not have a computer account for this workstation trust relationship."

Windows Domain Issues
This is a fairly common issue with Windows 7 computers that somehow have corrupted domain settings.  On occasion, this can be cause by a zealous Server Administrator who has deleted a computer Domain Account.

The first thing you do is check the Active Directory to make sure the Account for the computer is present and active.  It is possible to disable the account or through whatever Group Policy your Server Administrator has enacted, the computer was disabled during an audit of Computers that may be Out of Compliance.

I have also run across the occasional issue where the account has become corrupt on the server and will not properly activate.  When this happened the computer account must be disabled and deleted to make way for a new account.

In ether case, the results for your end user are that the machine is no longer on the domain and you will need to fix this.

Now, the long way around is to log onto the local machine using a local administrator account.  Remove the machine from the Domain, add it to "WORKGROUP," restart the machine, log back in with the same local administrator account, and then add the machine back to the domain.  

You will be prompted for an Administrative account able to add and remove machines from the domain, and specify the important details needed to do so.  When successful, the computer will give you a "Welcome to the domain." message and all will be right as rain.  Reboot and you are ready to go.

In the background, this process will add a new computer to the Active Directory that will need to be managed in whichever Security Group your administrator has chosen.  The machine will then be able to connect to the domain, you can log off the local administrator account, and have the user attempt using their Domain Account to log in.

There are, of course, faster ways of doing this by utilizing Power Shell commands, some minor hacking that requires far more work than necessary, and even some scripting that can do this seamlessly.  If you're looking for those other methods, I would suggest you do a search for the "domain trust relationship" and try that.

What happens when you don't know the local administrator password?  What happens when your Department has disabled the local administrator accounts to prevent someone from hacking them?What happens if the Group Policy locks down the local administrator account after 5 failed attempts at the password?  What happens when the department hasn't documented the local administrator password for this machine?  Well, you're screwed, right?

This is a case where you now must find a way to unlock the account and reset the password.  This is exactly what happened to me.

There are several options for resetting the passwords to a locacl administrator account.  You can buy software that does it, you can use some anonymous piece of freeware that advertises being able to do this, or you can find other tools that can do the job.

And just to throw an extra monkey wrench into everything, my Department has disabled USB ports so that you can't use USB drives.  This is locked down at the BIOs level by security settings.  Enjoy!

I chose to use a Linux LiveCD to get into an OS.  Ubuntu has a tool called CHNTPW that is able to reset, enable, disable, and otherwise elevate local accounts to give help out.  The tool can browse the windows files and make changes to the file that stores local account Access rights.  Cool beans, right?

Installing CHNTPW on your LiveCD
This is not exactly accurate, but think of it as a temporary installation.  When you shut down your LIveCD OS, you will lose any changes you made to the OS.

"All those moments will be lost in time, like tears in rain."  ~ Roy Batty, Blade Runner

Keeping this is mind, you must first enable the OS options to allow use of Opensource tools written for this purpose.  This is found in System Settings under the Software and Updates Control Panel.  Enable the option for Universal Software and Updates. These options are enabled when you install Ubuntu to your drive, but disabled in the liveCD. 

Now here comes the part everyone loves about Linux..  Command Lines.  You will need internet access, so make sure the computer is connected to the internet.  Open up your Terminal - Ctrl+Alt+T and type in this command:

"sudo apt-get update" and press enter.  You shouldn't be prompted for root elevation, because its a LiveCD and the "sudo" command elevates your permission.

THis comOnce this completes, you can download the CHNTPW package by using this command:

"sudo apt-get install chntpw"

Once this process has completed, you are ready to locate your user profile information.

Using CHNTPW on your LiveCD
As I pointed out, we are operating in a LiveCD environment so all of your changes are temporary.  We just gave the OS permission to download the updates and software we will need and we installed CHNTPW.  Now we will need to gather information from your Windows drive.

Open your Hard Drive and locate the SAM file - it should be at Windows/Windows/System32/Config/

Right click on the SAM file and select Properties.  You will need to enlarge the screen, but it will have the full location of the file.  Media/Windows/Windows/System32/Config/...  There may be some variation with this address, depending on your Windows 7 Install, - select this and copy, you will need it, unless you want memorize it and type by hand.  You can, otherwise, close out your drive.

Now open up your terminal and we are going to select the file directory by using the CD command.


"cd /Media/Windows/Windows/System32/Config" and press enter.  

The easier way is to simply type "cd" and paste the folder address by hitting Shift + Insert or by using the paste command.

Alternatively, If you're typing the directory out, you can use the "cd" command and small chunks of the file directory at a time.  You could do it this way:

"cd /Media/Windows/" enter
"cd /Windows/System32/config" enter

This CD command will "change" to the "directory" where your SAM file is located and you can run the CHNTPW program.


"sudo chntpw SAM"

and it will open the program and give you options to make changes to the Administrator Account.  It will also list the other Administrator accounts if there are any.

If you use the specific command

"sudo chntpw -u Administrator SAM"

You will be able to make changes to the Administrator account.  If your local administrator account has a different name, use that name instead.

I ran into a permission error on one of the machines I tried this on.  If you have this issue, you will need to go back to the SAM Properties screen and change the permission to Read and Write.  Once this is done, the command works.

I ran into a separate problem on a 32bit Windows 7 install where the SAM file was "sam" all lower-case!  This command is case-sensitive so make sure you type the folder and file names as they appear in the directory.

The CHNTPW options are listed depending on the changes needed to make..  Select the ones you will need.  1 will remove the account password, meaning you can leave the password box blank to log in.  When you are done, type q to quit.  When you are prompted to write to hive, select Y for yes.  When done, type exit to close out of terminal and shut down to close out of the LiveCD Environment.

Some of the other options include enabling the default Administrator account if it has been disabled.  You can elevate other local user accounts to an Admin and enable any accounts that were disabled due to incorrect logins earlier.

At this point, we are done with the LiveCD and we can shut down and reboot into Windows 7.  Mistakes in capitalization, syntax, may result in failure and shutting down LiveCD means you will have to go back through these steps again.  Make sure you are done before you Shutdown.

Fixing the Windows 7 Domain Trust Issue
Reboot the computer into Windows and use the blank password to get into the local administrator account.  Once you have logged in, make sure you reset the password.

Fixing Windows 7 domain issues means going into the System Control Panel, changing the Domain to "WORKGROUP," restarting the computer, and then adding the computer back to the domain.

Once you have added the computer to the domain, you will need to reboot and try your domain account to verify it is working correctly.

With a working Local Administrator account, this normally would take 5-10 minutes.  With the LiveCD Method, it may take about 30 minutes.  So make sure to take the time to familiarize yourself with the Distro you intend to use.

I had pondered this may also allow you to remove a drive from a computer and edit the SAM file from another machine.  But decided to just take care of the business at hand.

I used Ubuntu 16.04 LTS to perform this, but you can use other flavors such as Linux Mint.   Once I have more free time, I plan to add screenshots.  If you want a closer step-by-step account of doing this, you will need to read several different articles.  There may be a better one out there, but I haven't found it yet!

Wednesday, January 17, 2018

The Last Jedi

I took the kid to go see The Last Jedi right after Christmas.  I didn't much care for it, at all.  He loved it. 

Rey is a Mary Sue...
This has been one of the funniest debates, mostly because Daisy Ridley doesn't seem to know what the definition is.  Yes, Rey is a Mary Sue, which is not any fault of the actress, but mostly a fault of poor writing and poor creativity on the part of the directors.  This could be seen as an actress that isn't asking the important questions to flush out their character, but in the end, the creative team is to blame.

Rey has ability without explanation, can best an experienced Jedi warrior with little to no training apart from Maz saying - "Use the force.."  This is bad writing.  The more the studio tries to explain it away as being sexism or bigotry, the poorer their argument becomes.

Disney at the Helm...
You only have to visit your nearest store to understand why this was a poor decision.  Disney has put the Star Wars label on everything from toys to feminine hygiene products in an effort to make money. 

Lucas himself was known to go after the lucrative licensing agreements over the years.  But it did seem like there was a line he would not cross with his brand.  Star Wars is everywhere, far more than before.  And I, frankly, am tired of it.

Thursday, December 28, 2017

That's not a bug, that's a feature!

I have been having trouble with my Dell Latitude E5580 where desktop icons and documents will occasionally scale down to tiny sizes that are difficult to get back to proper size.

Normally, I dock my laptop and use an external keyboard for typing and a mouse for cursory things..  When I'm on the road, I just plop the computer down on a table.  Yay, mobile computing?

I knew my problems revolved around the Touch pad on the laptop and had experienced similar issues with previous laptops.  I addressed this by disabling the touch pad and using an external wired/wireless mouse and setting the touchpad to disable when the computer detected an attached external mouse.

Today, I didn't deploy my mouse, because I was busy with other projects and hadn't taken the time to retrieve my mouse.

Again, the scrolling and resizing issue reared its ugly head.  Enough!

The first issue is desktop icons have been resizing due to inadvertent touchpad strikes.  It is relatively easy to resize the icons by simply right-clicking on the desktop, selecting view, and then selecting the Icon size - small, medium or large.  But this is a nuisance that I would rather prevent.

Upon researching the issue, I found my my bear-sized thumbs were accidentally hitting the touchpad in such a way that it was creating a gesture used to resize.  I found this article on Microsoft's page.

By using this method, you can disable the gestures that are causing problems with item resizing.

In this case, this isn't a bug in software, but rather, unintentional use of a Windows feature.

Friday, March 18, 2016

My home technology

Its no secret that I have several Thinkpads at home, but here is a little more information on my other builds at home.

Home Network
I have cable modem service by the local provider and that ties into my router - a Netgear WNDR3400.  We stream movies across our network from our digital library on a 3TB external drive.  the Netgear router supports ReadyShare via a single USB port.  The drive is also used for storage and my back software library.

Living Room
For entertainment I have an HP DC7900 running Windows 10 Pro with 4GB of RAM and a 320 GB HD.  Its connected via ethernet to the Netgear router.  I have an ASUS Nvidia GT210 card that gives the computer HDMI out to a 32" TV.  We can watch Hulu, videos, and Youtube from this computer.  Occasionally we'll watch movies from Amazon and Netflix.  We also have the TV connect to the kid's Xbox 360 via another HDMI cable.

I have my home office area which is currently housing my Dell Optiplex 790.  I picked this computer up used for $150 off ebay a few months ago.  I upgraded the RAM to 32GB and installed an ASUS Nvidia GTX 650 in it.  I use this computer for gaming and work.  The computer also has a 500GB primary drive and a 1tb drive for back up, which has become my standard configuration for desktop.  This computer has a i5 2500 quadcore running at 3.3GHz.

My old home office computer was a HP DC7900 running Windows 10 Pro with 8GB of RAM, a 320 GB hdd for primary and a Westerna Digital Black 1TB as backup.  It has a 2.3GHz Core 2 Quad processor.  The machine can run 99% of my current steam library, but was recently shelved due to issues with a processor fan.  My future plans are to replace the fan, and put a PNY Nvidia GT640 into it.  I may use it elsewhere in the house or maybe even create a fileserver.

I don't use my Thinkpad W500 as often as I once did.  I recently replaced the factory Hitachi 180GB hard drive with a Samsung 850 EVO 250GB drive.  The DVD drive was removed to use a hard drive adapter.  I have a 500 GB Western Digital Black drive in there, which is used for storage.  I haven't used the DVD drive in quite some time and don't even know where it went.

Other machines that frequent my living room are an Asus Netbook I rebuilt for work, an old Thinkpad X61 Tablet, and a few odds and ends android tablets with various older versions of Android.  I keep these around because people at work have brought all manner of  Android devices they are having trouble with and its nice to have some of the base OS they're using to navigate.

Bedroom Computers
My bedroom computer is another HP Dc7900, with a 3 GHz Core 2 Duo and 8GB of RAM.  This machine is running Windows 10 Pro and has a similar 320Gb/1TB drive set-up.  This computer is mostly for watcing movies, Netflix, and Amazon in addition to our digital library.  I do also use this computer for work as I can get calls at any hour of the night and may need to troubleshoot a problem.  The computer has a PNY Nvidia GT640 and connects to a 32" LED TV via HDMI.

On my nightstand I have an Onda 820w 7" tablet I just got.  It runs Android 5 and Windows 10 Home.  It is mostly a novelty but it is a fully working computer.  I opted for this to replace my old Lenovo Android tablet.

I gave my girlfriend my Thinkpad T500 and it is running Windows 7 Pro.  I was unable to get some of her older games to run in Windows 8 or 10, so we stuck with Windows 7.  The computer has 8GB of RAM and a 400GB Toshiba HDD.  She still has her DVD, but from the numerous time she's dropped the computer since having it, the drive no longer works.  She also carries several external USB drives for movies when we are on the go.

My girlfriend's kid has my old HP DC7600 that I brought back with me from Wisconsin.  Its running Windows 7 Pro from a single 160GB hdd.  It is mostly stock except for its wireless card.  He watches Youtube and plays a few games.  But its mostly a distraction for him since he is only 8.

Future Plans
If money allows it, I may pick up some additional Optiplex 790s and start retiring the HP fleet.  They have been great computers but most of them are 8 years old.  This would likely be more of a Fall project and depends largely on Used Pricing staying relatively stable over the next few months.  Luckily, I know a few recyclers that have thee machines, so I'm hopeful I can get a good deal.

The other plans involve replacing the W500 and T500 with Thinkpad T420s.  They have been going for right around $180 and it is very tempting.  I do plan to buy Samsung EVO drives for them and upgrade the RAM to 16GB if I can.  The real trick will be finding the version with the right graphics card setup.

Sunday, March 6, 2016

A Few Tips for a Good Windows 10 Upgrade

I've found the Windows 10 Upgrade process goes best for me if you follow these guidelines.  There are a few steps to doing this, so ask questions where they are needed and I will try to help you along.


Before you upgrade to Windows 10 from Windows 7 or 8, make sure your current operating system has all current updates.

Locate all program disks and install program for any software you will need.  During the preparation stage, when you reserve your upgrade, the Windows 10 tool will scan your computer to find software and hardware components that are incompatible with Windows 10.

Make a note of its finds, but understand this is a preliminary compatibility test - it may not find everything and there may still be other issues that may develop because of your specific computer configuration.

Go to your computer manufacture's website and check to see if they make Windows 10 drivers available.  Dell and HP both advertise Windows 10 readiness for your specific system.  If you have an aftermarket graphics card, wireless card, etc. go to their sites to locate your drivers

What should happen during the install is the Windows 10 installation locates the updated versions of the hardware drivers for your system.  But, it may not find all the components, especially if you use generic or no-name or generic hardware components.  This seems especially the case with AMD/ATI driver components which seem to be problematic during installation.

Check with your Antivirus company to see if they have a Windows 10 compatible upgrade.  This is important because you will want to keep Anti Virus protection on your new OS, unless you intend to use the free Windows Defender.

Find backup media Windows DVD for your old OS - you may need to buy the install media from the computer manufacturer, but this should not be more than $12.  You can also locate these disks on eBay for about $12 a set - make sure this is for your brand of computer before you buy!  You need these in case the backup doesn't go as planned and you are unable to revert the changes after the upgrade.

Have all of your important files and programs backed up to external media that you can access should the upgrade have problems.  It is better to play it safe than to expect everything will be OK.

Windows 10 Upgrade Preparation

Assuming you are running Windows 7 or 8, you will have the Windows 10 notification icon in your taskbar.  During the initial upgrade process you will be prompted as to how you will upgrade.  You are given the option to download the upgrade as a Windows Update and apply the update when done or to create installation media.  I recommend creating the install media and putting it on a USB disk.

You can do this two ways, you can create an ISO file and create a bootable upgrade disk using a USB formatting utility called RUFUS or you can burn the ISO to a DVD for deployment later.  I suggest you choose these routes because it will immediately give you backup media.

As with your other backup files, copy this to your external backup so that you can access this again later, should you have issues with the upgrades.  If you choose to upgrade through Windows Updates, I suggest you still look for a Windows 10 media option - find  Windows 10 disk or download the ISO files at another time.

The Actual Upgrade

If you chose the Windows Update Option, it will first begin by downloading the 3GB files to perform the upgrade.  This will take time depending on your internet connection speed.  Once all files are downloaded it will begin installation.  

If you choose to create installation media, you will need to load this and begin while your old Windows OS is in operation.

The initial stages will allow you to operate in Windows while files are copied.  The latter stages will take control of the computer to apply the updates and may reboot your computer a few times.

You will be given the option to download Windows updates during the installation.  I recommend doing this as it will also grab any new drivers and software changes needed to get your machine running.

You'll go through the prompts to set updates and security settings, you'll be prompted to enter wireless settings if you were using wireless previously and if the wireless drivers loaded properly, it will then load your username account from the previous Operating Systems.

Upon launch, check to make sure your existing software is still functional.  check to verify that file are still there.  Then check the control panel Device Manager and note any missing device drivers.  You will need to locate and install drivers for the missing items.

Accepting the Upgrade Went OK

At this point you should have a working machine, but still have the option of going back to the previous OS.  If you are certain everything is working right, I would suggest you now prepare for doing a clean install of the OS with your USB drive or DVD media.

As with previous upgrades in the Windows family, there will be leftover files from the old OS.  Some issues from the old registry may still be present.  Luckily, part of the upgrade process can help with this.

During activation, your new Windows Key is matched against your hardware information that is sent back to Microsoft.  This means you no longer have to type in the Windows key after reinstalling Windows.

After you back up all your files and programs, boot from your Windows 10 media into the Install program.  Reformat your drive, and begin installation.  You will be prompted to enter your windows key, just click skip...  and move on.

You will have to set up the user accounts and passwords, again, but once you load into the desktop, you will have a clean installation.  Reinstall your programs and backups and you should be good to go.

Post Installation Tips

I have some additional tips for making the installation go smoothly.  

Image your original OS drive onto a spare drive.

Instead of upgrading your original hard drive, purchase a second matching drive and image this installation to the new drive.  Perform all upgrades on this new drive.  That way, if you run into problems, you can revert to the original drive and lose nothing.

Upgrade your original drive but do the clean install on a new drive

This is a similar concept, except you keep your working upgraded drive to fall back on.  This may also help if you have trouble locating drivers.

Consider adding a second internal drive to your system.

During my last upgrade, I chose to add a second drive to my system.  I used this drive to keep backups of all my software, files, and drivers.  This made recovering from the clean installation took minutes instead of hours.

Take the time to address other issues with your system.

While I was already going to have my machine open to install upgrades, I also took the time to clean the inside of the systems and around the working area.  Remove dust, fluff, and any other junk around your computer area so that you can start with a clean system and work space.  I also took the time to address cabling and ventilation issues.

Program Installation Compatibility Issues with Windows 10 Pro:

There are some cases where an installation program won't properly install in Windows 10, even with compatibility set to an earlier OS compatibility settings in the program properties. Some programs may check to see if a specific OS is installed. If it does not find that OS, it will error out and cancel the installation.

There are cases where Windows 10 will not allow you to install a program because the author of the software does not register their program with Microsoft. I found Irfanview would not install in the 1511 versions of Windows 10.

There are fixes involving using an elevated command prompt or using "Run as Administrator" when installing the program, which you should probably do anyway. There are also fixes listed by changing compatibility settings, Unfortunately, none of these worked for Irfanview.

What I ended up doing is activating the built-in administrator account, logging into Windows under this account, installing the software in question, then logging out and disabling the account. After which, I was able to use Irfanview without further issues.

I will be performing facility upgrades at work on a few dozen machines, so I may revisit this article with a few more updates.  Please do ask question, I will try to answer if I can.  Good luck with your update!