If you can change the boot sequence, just boot from the Windows installation CD and use the “Command prompt” recovery option.
Move to the folder “windows\system32” and rename the “cmd.exe” in “sethc.exe”. You can now restart and then shift repeated 5 times will give you a CMD window, from which comfortably run the “net user administrator”.
I hope I have understood what you wanted!

Gain access: Boot from external media
Mitigate the above: full disk encryption

daMage … the same! LOL

This is a client for the company i work for, i just asked about booting to a device and they say the option to boot to a device is disabled and the BIOS is password protected (PC’s have an actually lock on them so they cant be opened), is there any other way?

tag “disgruntled employee”.

I also asked how there ntfs permission is configured, they didnt reply.

I think the only other possibility is contact the Cumaean Sibyl (an oracle) or try the Ouija board … Or if that does not work … Have you try to ask to daMage??? :) LOL

Excuse the irony but after a sandwich and a beer that is the only answer that comes! :)

I’m pretty sure that the way they configured there ntfs permissions were inefficiant, i had a quick look at there group policy and active diretory but there was nothing out of the black. (just incase there was). I going to convince them to change to thin clients and have a few managed servers (makes my life easier). cheers guys.

How to they know it’s the method that has been used? On windows 7, even admins can’t modifiy this file, except if you take ownership.

You could cut the lock… it’s easy. Or get the key… Usually admin always use the same key for evrything. Maybe a copy was throw to the garbage. Lockpick it (don’t think so…) Also, for example, on Dell computer, you can lock the BIOS and change the boot order but you can still hit F12 at boot and access a boot menu. You can hide the message that offer the option… but it still works if you know the key. Maybe it’s the same for your client BIOS.

Maybe we don’t focus on the good thing… maybe the hackers didn’t boot from another source. @damage has written a tutorial that explain how to root windows using DMA. Maybe you could take a look at it…

DaGr8

They don’t have to “manage” system32 permissions… It’s ok the way it is after installation. I would not hire you again if your solution to this problem was to buy several servers… Their mission is not to make your life easier. My 2 cents…

My solution isnt to buy a few servers, i said i think i know what the problem was, how the person got into that folder is still unknown, im not even on site so the information they gave me is all i have. All i know is that it happend and those are my theorys.

Why not invoke the sticky keys before being logged on ;)

I could just invoke the sticky keys but DaGr8Kornolio would probably say im not doing my job correctly.

scopes20, this sounds like the technique used to recover passwords, without software. It uses the Windows failure to start system, which consist of turning the system off and on during booting. Checkout this link
&list=UU7eBQV8hH3XDFq0baNEiVTw&index=7">Your text to link here…
This allows access to system32 through the Startup Repair system. Most Hackers don’t like to deal with; fixing, shoring up, or repairing Windows 7 security holes. This is why they prefer you use Unix derivative. Please, do not use for illegal purpose!

Thanks for the link, for all i know the culprit booted to a windows disk

@Scopes20 : I’m trying to help you… I just though your solution had nothing to do with their problem. How can we help you? You are trying to find a way to hack with the sticky notes because you found that the file has been replaced? What version of windows this is? In the past I’ve used “at” command (cron equivalent) to get an admin command prompt. But it doesn’t work with windows 7.

I guess there is multiple ways to achieve this without booting on a CD…

DaGr8

Everytime I’ve seen this its always been file replacing or using a Linux boot :D

I have the impression that we are not fully understanding what he scopes20 asks …

I think guufs theory fits the bill to be honest. DaGr8Kornolio i know your just trying to help, what i said about you saying im not doing my job correctly was a joke :), BTW they are useing XP sp3.

@guff!!!!!!!!!! This is great discovery! Well done! I’ll keep that…

About the ducks…. is it 3?!? Does this make me a supreme intelligent being? I think so….

Peace
DaGr8