Interesting what you could do with these two settings. If you could set the password never expires attribute then you can guarantee that the password doesn't change. If you could also modify the lockout status of the account, you could try to login a few
times, if the passwords are all bad the account would lock out, but you could reset it and try a few more, instant password brute force application.
Unfortunately for you, Windows provides official ways of getting back lost passwords (including using an administrator to reset a user account's password). If you somehow managed to forget the Administrator's logon details, then any other Administrator
account on that system will be able to reset the password, if that is the only Administrator, then you deserve the pain of repairing the install to be able to reset the account password. Also with wanting to access the SAM file directly this means that you
could possibly bypass any SACLs.
So unless you can give some really really good reasons why this isn't an attempt to bypass security, then I know I am not going to help.
This is a signature
Any samples given are not meant to have error checking or show best practices. They are meant to just illustrate a point. I may also give inefficient code or introduce some problems to discourage copy/paste coding. This is because the major point of my posts
is to aid in the learning process.
Visit my (not very good) blog at
Marked as answer byRob PanTuesday, July 05, 2011 7:40 AM