Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  groups  login

Message-ID:  

It is not well to be thought of as one who meekly submits to insolence and intimidation.


computers / alt.comp.os.windows-10 / Re: Gaining access to a PC where user has forgotten the login password (using Micrsoft account rather than local account)

SubjectAuthor
* Gaining access to a PC where user has forgotten the login password (using MicrsoNY
+* Re: Gaining access to a PC where user has forgotten the loginGraham J
|`- Re: Gaining access to a PC where user has forgotten the loginBig Al
+- Re: Gaining access to a PC where user has forgotten the login password (using MiKenW
+* Re: Gaining access to a PC where user has forgotten the loginBig Al
|+- Re: Gaining access to a PC where user has forgotten the loginCarlos E.R.
|`* Re: Gaining access to a PC where user has forgotten the login password (using MiNY
| `- Re: Gaining access to a PC where user has forgotten the login...w¡ñ§±¤ñ
+* Re: Gaining access to a PC where user has forgotten the login password (using MiVanguardLH
|`* Re: Gaining access to a PC where user has forgotten the login password (using MiNY
| `- Re: Gaining access to a PC where user has forgotten the login password (using MiVanguardLH
+- Re: Gaining access to a PC where user has forgotten the loginBig Al
+- Re: Gaining access to a PC where user has forgotten the loginPaul
+- Re: Gaining access to a PC where user has forgotten the loginwasbit
`* Re: Gaining access to a PC where user has forgotten the loginNY
 +- Re: Gaining access to a PC where user has forgotten the loginCarlos E.R.
 +- Re: Gaining access to a PC where user has forgotten the loginGraham J
 `* Re: Gaining access to a PC where user has forgotten the loginPaul
  `- Re: Gaining access to a PC where user has forgotten the login password (using MiChar Jackson

1
Gaining access to a PC where user has forgotten the login password (using Micrsoft account rather than local account)

<ttid77$39i1g$1@dont-email.me>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=69336&group=alt.comp.os.windows-10#69336

 copy link   Newsgroups: alt.comp.os.windows-10
Path: i2pn2.org!i2pn.org!eternal-september.org!reader01.eternal-september.org!.POSTED!not-for-mail
From: me...@privacy.invalid (NY)
Newsgroups: alt.comp.os.windows-10
Subject: Gaining access to a PC where user has forgotten the login password (using Micrsoft account rather than local account)
Date: Mon, 27 Feb 2023 14:03:15 -0000
Organization: A noiseless patient Spider
Lines: 1
Message-ID: <ttid77$39i1g$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain;
format=flowed;
charset="Windows-1252";
reply-type=original
Content-Transfer-Encoding: 7bit
Injection-Date: Mon, 27 Feb 2023 14:03:19 -0000 (UTC)
Injection-Info: reader01.eternal-september.org; posting-host="7779d82acd2b99cdd0e78a772caefa80";
logging-data="3459120"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX19FpRu1x6TWFd5bKIEXJ85tiBD1Y1e772E="
Cancel-Lock: sha1:2CK9qYLEiNYNhpy9/lgM/d7poC4=
X-MSMail-Priority: Normal
X-Antivirus: Avast (VPS 230227-4, 27/2/2023), Outbound message
X-Antivirus-Status: Clean
X-Newsreader: Microsoft Windows Live Mail 14.0.8089.726
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V14.0.8089.726
X-Priority: 3
 by: NY - Mon, 27 Feb 2023 14:03 UTC

I have a customer with a Windows 10 PC which is blocking attempts to login,
using (as far as he knows) the same Windows password that always worked. The
PC is set to use a Microsoft account rather than a local account (I knew
there was a reason why I set my Win7 and Win10 PCs to use local accounts!)

Is there any way of bypassing Windows security to be able to access the
browser's list of saved IDs and passwords for websites?

Unfortunately, any attempt to reset the password is stuck in a deadly
embrace: the only "back door" is to send a code in an email to a Talktalk
address whose password he doesn't know because he never uses it: it's always
saved and supplied by his browser. The "back door" for Talktalk offers to
send its code to 1) the same address (circular argument!), 2) a BT Internet
address whose password he doesn't know, 3) a mobile phone number that he no
longer has access to. Attempts to reset the BT Internet email password seem
to disappear into a black hole: I seem to have changed the password
successfully but the new username/password don't let me in. I have a feeling
of chasing my tail :-(

Talktalk seemed to be very unhelpful. It doesn't help that the email account
is "orphaned": it exists as an email address but there is no longer a
broadband account associated with it, because he changed in the past to use
BT Internet for broadband. So we can't use the bank account that pays the TT
direct debit as a form of validation.

(For the future, I will make damn sure that he has a written record of all
the details which work, and that "back door" validation codes are sent to
*other* email accounts and not the the same one whose details I've
forgotten. All the "circular references" and references to phone numbers
that no longer exist happened long before I was involved...)

Any suggestions? A password reset utility would get him into the PC, but
maybe at the expense of not allowing access to browser-saved
usernames/passwords, so it would solve on problem but leave another
(accessing his emails) still remaining. And reinstalling Windows would lose
everything of the personalisation, even if I first saved his
c:\users\<username> tree structure.

Re: Gaining access to a PC where user has forgotten the login password (using Micrsoft account rather than local account)

<ttiga3$39rp2$1@dont-email.me>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=69337&group=alt.comp.os.windows-10#69337

 copy link   Newsgroups: alt.comp.os.windows-10
Path: i2pn2.org!i2pn.org!eternal-september.org!reader01.eternal-september.org!.POSTED!not-for-mail
From: nob...@nowhere.co.uk (Graham J)
Newsgroups: alt.comp.os.windows-10
Subject: Re: Gaining access to a PC where user has forgotten the login
password (using Micrsoft account rather than local account)
Date: Mon, 27 Feb 2023 14:55:39 +0000
Organization: A noiseless patient Spider
Lines: 19
Message-ID: <ttiga3$39rp2$1@dont-email.me>
References: <ttid77$39i1g$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Mon, 27 Feb 2023 14:56:03 -0000 (UTC)
Injection-Info: reader01.eternal-september.org; posting-host="1f0271325d2e63e3fe08d27b834b916b";
logging-data="3469090"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+VlWpEbs6Hzml9I6oTL/CY"
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:91.0) Gecko/20100101
Firefox/91.0 SeaMonkey/2.53.15
Cancel-Lock: sha1:EUiZijngzckNKPG7TmF2Ix8saWY=
X-Antivirus-Status: Clean
In-Reply-To: <ttid77$39i1g$1@dont-email.me>
X-Antivirus: AVG (VPS 230227-0, 27/2/2023), Outbound message
 by: Graham J - Mon, 27 Feb 2023 14:55 UTC

NY wrote:
> I have a customer with a Windows 10 PC which is blocking attempts to
> login, using (as far as he knows) the same Windows password that always
> worked. The PC is set to use a Microsoft account rather than a local
> account (I knew there was a reason why I set my Win7 and Win10 PCs to
> use local accounts!)

[snip]

It should be possible to create a "local administrator" account, see:

<https://www.isumsoft.com/windows-10/create-administrator-account-when-cant-sign-in-windows-10.html>

Google might find other ways ...

--
Graham J

Re: Gaining access to a PC where user has forgotten the login password (using Micrsoft account rather than local account)

<r8hpvh9q0sgv18fkd39b30nt11pcqutltf@4ax.com>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=69338&group=alt.comp.os.windows-10#69338

 copy link   Newsgroups: alt.comp.os.windows-10
Path: i2pn2.org!i2pn.org!usenet.blueworldhosting.com!feed1.usenet.blueworldhosting.com!peer02.iad!feed-me.highwinds-media.com!news.highwinds-media.com!fx12.iad.POSTED!not-for-mail
From: ken1...@invalid.net (KenW)
Newsgroups: alt.comp.os.windows-10
Subject: Re: Gaining access to a PC where user has forgotten the login password (using Micrsoft account rather than local account)
Organization: Home
Message-ID: <r8hpvh9q0sgv18fkd39b30nt11pcqutltf@4ax.com>
References: <ttid77$39i1g$1@dont-email.me>
User-Agent: ForteAgent/8.00.32.1272
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Lines: 46
X-Complaints-To: abuse(at)newshosting.com
NNTP-Posting-Date: Mon, 27 Feb 2023 15:00:56 UTC
Date: Mon, 27 Feb 2023 08:00:55 -0700
X-Received-Bytes: 3171
 by: KenW - Mon, 27 Feb 2023 15:00 UTC

On Mon, 27 Feb 2023 14:03:15 -0000, "NY" <me@privacy.invalid> wrote:

>I have a customer with a Windows 10 PC which is blocking attempts to login,
>using (as far as he knows) the same Windows password that always worked. The
>PC is set to use a Microsoft account rather than a local account (I knew
>there was a reason why I set my Win7 and Win10 PCs to use local accounts!)
>
>Is there any way of bypassing Windows security to be able to access the
>browser's list of saved IDs and passwords for websites?
>
>Unfortunately, any attempt to reset the password is stuck in a deadly
>embrace: the only "back door" is to send a code in an email to a Talktalk
>address whose password he doesn't know because he never uses it: it's always
>saved and supplied by his browser. The "back door" for Talktalk offers to
>send its code to 1) the same address (circular argument!), 2) a BT Internet
>address whose password he doesn't know, 3) a mobile phone number that he no
>longer has access to. Attempts to reset the BT Internet email password seem
>to disappear into a black hole: I seem to have changed the password
>successfully but the new username/password don't let me in. I have a feeling
>of chasing my tail :-(
>
>Talktalk seemed to be very unhelpful. It doesn't help that the email account
>is "orphaned": it exists as an email address but there is no longer a
>broadband account associated with it, because he changed in the past to use
>BT Internet for broadband. So we can't use the bank account that pays the TT
>direct debit as a form of validation.
>
>(For the future, I will make damn sure that he has a written record of all
>the details which work, and that "back door" validation codes are sent to
>*other* email accounts and not the the same one whose details I've
>forgotten. All the "circular references" and references to phone numbers
>that no longer exist happened long before I was involved...)
>
>Any suggestions? A password reset utility would get him into the PC, but
>maybe at the expense of not allowing access to browser-saved
>usernames/passwords, so it would solve on problem but leave another
>(accessing his emails) still remaining. And reinstalling Windows would lose
>everything of the personalisation, even if I first saved his
>c:\users\<username> tree structure.
>
>
I believe there are password recovery programs around. Do a search for
>Windows password recovery<

KenW

Re: Gaining access to a PC where user has forgotten the login password (using Micrsoft account rather than local account)

<ttii58$39kfd$1@dont-email.me>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=69339&group=alt.comp.os.windows-10#69339

 copy link   Newsgroups: alt.comp.os.windows-10
Path: i2pn2.org!i2pn.org!eternal-september.org!reader01.eternal-september.org!.POSTED!not-for-mail
From: Bea...@invalid.com (Big Al)
Newsgroups: alt.comp.os.windows-10
Subject: Re: Gaining access to a PC where user has forgotten the login
password (using Micrsoft account rather than local account)
Date: Mon, 27 Feb 2023 10:27:36 -0500
Organization: A noiseless patient Spider
Lines: 20
Message-ID: <ttii58$39kfd$1@dont-email.me>
References: <ttid77$39i1g$1@dont-email.me> <ttiga3$39rp2$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Mon, 27 Feb 2023 15:27:36 -0000 (UTC)
Injection-Info: reader01.eternal-september.org; posting-host="25385a47dcbd524dd1d75fbdbec1be63";
logging-data="3461613"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/QRAX89yxz+EmwZm9675OCB0ujMkTwd7c="
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101
Thunderbird/102.7.1
Cancel-Lock: sha1:LFuQhRuq93OXrKL3SwotxzYW6Cg=
In-Reply-To: <ttiga3$39rp2$1@dont-email.me>
Content-Language: en-US
 by: Big Al - Mon, 27 Feb 2023 15:27 UTC

On 2/27/23 09:55, this is what Graham J wrote:
> NY wrote:
>> I have a customer with a Windows 10 PC which is blocking attempts to login, using (as far as he knows) the same
>> Windows password that always worked. The PC is set to use a Microsoft account rather than a local account (I knew
>> there was a reason why I set my Win7 and Win10 PCs to use local accounts!)
>
>
> [snip]
>
> It should be possible to create a "local administrator" account, see:
>
> <https://www.isumsoft.com/windows-10/create-administrator-account-when-cant-sign-in-windows-10.html>
>
> Google might find other ways ...
>
>
I've seen this before (the site & directions), and it sounds like it should work.
--
Al

Re: Gaining access to a PC where user has forgotten the login password (using Micrsoft account rather than local account)

<ttiibl$39kfd$2@dont-email.me>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=69340&group=alt.comp.os.windows-10#69340

 copy link   Newsgroups: alt.comp.os.windows-10
Path: i2pn2.org!i2pn.org!eternal-september.org!reader01.eternal-september.org!.POSTED!not-for-mail
From: Bea...@invalid.com (Big Al)
Newsgroups: alt.comp.os.windows-10
Subject: Re: Gaining access to a PC where user has forgotten the login
password (using Micrsoft account rather than local account)
Date: Mon, 27 Feb 2023 10:31:01 -0500
Organization: A noiseless patient Spider
Lines: 38
Message-ID: <ttiibl$39kfd$2@dont-email.me>
References: <ttid77$39i1g$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Mon, 27 Feb 2023 15:31:01 -0000 (UTC)
Injection-Info: reader01.eternal-september.org; posting-host="25385a47dcbd524dd1d75fbdbec1be63";
logging-data="3461613"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX18o/7N7RrJbRSkOHydUisCNOARiJBohyW0="
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101
Thunderbird/102.7.1
Cancel-Lock: sha1:dpwpyWbtmV7PMFHyj1ef8gBOyYA=
In-Reply-To: <ttid77$39i1g$1@dont-email.me>
Content-Language: en-US
 by: Big Al - Mon, 27 Feb 2023 15:31 UTC

On 2/27/23 09:03, this is what NY wrote:
> I have a customer with a Windows 10 PC which is blocking attempts to login, using (as far as he knows) the same Windows
> password that always worked. The PC is set to use a Microsoft account rather than a local account (I knew there was a
> reason why I set my Win7 and Win10 PCs to use local accounts!)
>
> Is there any way of bypassing Windows security to be able to access the browser's list of saved IDs and passwords for
> websites?
>
> Unfortunately, any attempt to reset the password is stuck in a deadly embrace: the only "back door" is to send a code in
> an email to a Talktalk address whose password he doesn't know because he never uses it: it's always saved and supplied
> by his browser. The "back door" for Talktalk offers to send its code to 1) the same address (circular argument!), 2) a
> BT Internet address whose password he doesn't know, 3) a mobile phone number that he no longer has access to. Attempts
> to reset the BT Internet email password seem to disappear into a black hole: I seem to have changed the password
> successfully but the new username/password don't let me in. I have a feeling of chasing my tail :-(
>
> Talktalk seemed to be very unhelpful. It doesn't help that the email account is "orphaned": it exists as an email
> address but there is no longer a broadband account associated with it, because he changed in the past to use BT Internet
> for broadband. So we can't use the bank account that pays the TT direct debit as a form of validation.
>
> (For the future, I will make damn sure that he has a written record of all the details which work, and that "back door"
> validation codes are sent to *other* email accounts and not the the same one whose details I've forgotten. All the
> "circular references" and references to phone numbers that no longer exist happened long before I was involved...)
>
> Any suggestions? A password reset utility would get him into the PC, but maybe at the expense of not allowing access to
> browser-saved usernames/passwords, so it would solve on problem but leave another (accessing his emails) still
> remaining. And reinstalling Windows would lose everything of the personalisation, even if I first saved his
> c:\users\<username> tree structure.
>
>
>
If you want the browser passwords, I'd boot a live Linux CD, copy the browser profile folder like %APPDATA%\firefox to
the /home/mint/.mozilla/firefox folder on the live cd while it's running. You could then launch firefox and see the
passwords etc.

You don't says what browser.
--
Al

Re: Gaining access to a PC where user has forgotten the login password (using Micrsoft account rather than local account)

<1oomtpbw2hlgn$.dlg@v.nguard.lh>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=69341&group=alt.comp.os.windows-10#69341

 copy link   Newsgroups: alt.comp.os.windows-10
Path: i2pn2.org!i2pn.org!news.neodome.net!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail
From: V...@nguard.LH (VanguardLH)
Newsgroups: alt.comp.os.windows-10
Subject: Re: Gaining access to a PC where user has forgotten the login password (using Micrsoft account rather than local account)
Date: Mon, 27 Feb 2023 12:19:47 -0600
Lines: 50
Message-ID: <1oomtpbw2hlgn$.dlg@v.nguard.lh>
References: <ttid77$39i1g$1@dont-email.me>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Trace: individual.net IkIuvO3i2syqh+yiWLSkpACJiLrmS8nCZm8NiACsPolR8ZTYR5
Cancel-Lock: sha1:YuD9lhrejvBclIPCZwcp3rsuIeE=
User-Agent: 40tude_Dialog/2.0.15.41
 by: VanguardLH - Mon, 27 Feb 2023 18:19 UTC

NY <me@privacy.invalid> wrote:

> I have a customer with a Windows 10 PC which is blocking attempts to login,
> using (as far as he knows) the same Windows password that always worked. The
> PC is set to use a Microsoft account rather than a local account (I knew
> there was a reason why I set my Win7 and Win10 PCs to use local accounts!)
>
> Is there any way of bypassing Windows security to be able to access the
> browser's list of saved IDs and passwords for websites?

If security were easy to bypass, it wouldn't be worth a gnat's fart.

Not matter which type of account you create when installing Windows, an
administrator account ("Administrator") is always created. To see for
yourself, in an elevated command shell run:

net users

You might have to unhide the Administrator account. I don't have the
steps memorized, so do a search on "windows 10 show administrator
account". As I recall, just because it is hidden does not prevent you
from logging into it.

Reboot the computer, and at Windows login try to log into Administrator.
I don't remember being asked for the password for the Administrator
account during setup. I was asked for my Microsoft account and started
with that.

Considering the lack of expertise as a sysadmin for the user you are
trying to help, I suggest someone more knowledgeable do the log into
Administrator. If the user fucks the Administrator account, you're
looking at a reinstall of Windows.

If the user trusts you with their logins, you could use your web browser
to log into the user's Microsoft account. Since his local login doesn't
work, the online login might fail, too. However, there should be a
"Forgot Password" option. The reset e-mail would go to his e-mail
account (depends on what he specified for that), and you would have to
log into his e-mail account to see the link or new password.

This user has no access to another computer himself, like another family
member's computer, a computer at work, a friend's computer, an Internet
cafe, etc?

There isn't a "Forgot Password" link in the Windows login screen? The
following article mentions a "Reset password" link on the sign-in
screen. The problem is if the user has forgotten their login password
then perhaps they also forgot their answers to the security questions.

https://support.microsoft.com/en-us/windows/change-or-reset-your-windows-password-8271d17c-9f9e-443f-835a-8318c8f68b9c#WindowsVersion=Windows_10

Re: Gaining access to a PC where user has forgotten the login password (using Micrsoft account rather than local account)

<icavcjxaun.ln2@Telcontar.valinor>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=69343&group=alt.comp.os.windows-10#69343

 copy link   Newsgroups: alt.comp.os.windows-10
Path: i2pn2.org!i2pn.org!usenet.goja.nl.eu.org!2.eu.feeder.erje.net!feeder.erje.net!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail
From: robin_li...@es.invalid (Carlos E.R.)
Newsgroups: alt.comp.os.windows-10
Subject: Re: Gaining access to a PC where user has forgotten the login
password (using Micrsoft account rather than local account)
Date: Mon, 27 Feb 2023 19:46:10 +0100
Lines: 28
Message-ID: <icavcjxaun.ln2@Telcontar.valinor>
References: <ttid77$39i1g$1@dont-email.me> <ttiibl$39kfd$2@dont-email.me>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Trace: individual.net JDK9cdqb+4s5Lh7QJNkGQQZtABXCc0UYnv2zR5mVCkv/5qsMGS
X-Orig-Path: Telcontar.valinor!not-for-mail
Cancel-Lock: sha1:60yJQa/yHvJybRclK7ONvhCzxtg=
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101
Thunderbird/102.7.1
Content-Language: es-ES, en-CA
In-Reply-To: <ttiibl$39kfd$2@dont-email.me>
 by: Carlos E.R. - Mon, 27 Feb 2023 18:46 UTC

On 2023-02-27 16:31, Big Al wrote:
> On 2/27/23 09:03, this is what NY wrote:
>> I have a customer with a Windows 10 PC which is blocking attempts to
>> login, using (as far as he knows) the same Windows password that
>> always worked. The PC is set to use a Microsoft account rather than a
>> local account (I knew there was a reason why I set my Win7 and Win10
>> PCs to use local accounts!)
>>
>> Is there any way of bypassing Windows security to be able to access
>> the browser's list of saved IDs and passwords for websites?

....

>>
> If you want the browser passwords, I'd boot a live Linux CD, copy the
> browser profile folder like %APPDATA%\firefox to the
> /home/mint/.mozilla/firefox folder on the live cd while it's running.
> You could then launch firefox and see the passwords etc.
>
> You don't says what browser.

I was going to suggest something like this. It should work if firefox
has a local master password. If this is not set, I don't know if the
login/pass data is protected or not.

--
Cheers, Carlos.

Re: Gaining access to a PC where user has forgotten the login password (using Micrsoft account rather than local account)

<ttj66a$3bosm$1@dont-email.me>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=69345&group=alt.comp.os.windows-10#69345

 copy link   Newsgroups: alt.comp.os.windows-10
Path: i2pn2.org!i2pn.org!eternal-september.org!reader01.eternal-september.org!.POSTED!not-for-mail
From: Bea...@invalid.com (Big Al)
Newsgroups: alt.comp.os.windows-10
Subject: Re: Gaining access to a PC where user has forgotten the login
password (using Micrsoft account rather than local account)
Date: Mon, 27 Feb 2023 16:09:29 -0500
Organization: A noiseless patient Spider
Lines: 16
Message-ID: <ttj66a$3bosm$1@dont-email.me>
References: <ttid77$39i1g$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Mon, 27 Feb 2023 21:09:30 -0000 (UTC)
Injection-Info: reader01.eternal-september.org; posting-host="25385a47dcbd524dd1d75fbdbec1be63";
logging-data="3531670"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX19faNkDB/RhJVgggafQdd5r8eNw4WIO+vg="
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101
Thunderbird/102.7.1
Cancel-Lock: sha1:TVOw+5SsqImoSDXzC0k7iAZpl4w=
In-Reply-To: <ttid77$39i1g$1@dont-email.me>
Content-Language: en-US
 by: Big Al - Mon, 27 Feb 2023 21:09 UTC

On 2/27/23 09:03, this is what NY wrote:
> I have a customer with a Windows 10 PC which is blocking attempts to login, using (as far as he knows) the same Windows
> password that always worked. The PC is set to use a Microsoft account rather than a local account (I knew there was a
> reason why I set my Win7 and Win10 PCs to use local accounts!)
>
> Is there any way of bypassing Windows security to be able to access the browser's list of saved IDs and passwords for
> websites?
>
<snip>
>
>
When access to password managers is so easy, one would think that people with thin memories would use a password
manager. I use Bitwarden, and I can access it from anywhere, so I store my Windows login password there too.
--
Al

Re: Gaining access to a PC where user has forgotten the login password (using Micrsoft account rather than local account)

<ttj73o$3buc1$1@dont-email.me>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=69347&group=alt.comp.os.windows-10#69347

 copy link   Newsgroups: alt.comp.os.windows-10
Path: i2pn2.org!i2pn.org!eternal-september.org!reader01.eternal-september.org!.POSTED!not-for-mail
From: me...@privacy.invalid (NY)
Newsgroups: alt.comp.os.windows-10
Subject: Re: Gaining access to a PC where user has forgotten the login password (using Micrsoft account rather than local account)
Date: Mon, 27 Feb 2023 21:16:56 -0000
Organization: A noiseless patient Spider
Lines: 2
Message-ID: <ttj73o$3buc1$1@dont-email.me>
References: <ttid77$39i1g$1@dont-email.me> <ttiibl$39kfd$2@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain;
format=flowed;
charset="UTF-8";
reply-type=response
Content-Transfer-Encoding: 7bit
Injection-Date: Mon, 27 Feb 2023 21:25:12 -0000 (UTC)
Injection-Info: reader01.eternal-september.org; posting-host="7779d82acd2b99cdd0e78a772caefa80";
logging-data="3537281"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+KUWaWZ3ZHm3kPJ9IIHYS6CDBgFVuXJtI="
Cancel-Lock: sha1:FM5eb6v6T+6wkVxMSFPNDHU4IBI=
X-Priority: 3
Importance: Normal
X-MSMail-Priority: Normal
X-Antivirus: Avast (VPS 230227-4, 27/2/2023), Outbound message
In-Reply-To: <ttiibl$39kfd$2@dont-email.me>
X-Newsreader: Microsoft Windows Live Mail 14.0.8089.726
X-Antivirus-Status: Clean
X-MimeOLE: Produced By Microsoft MimeOLE V14.0.8089.726
 by: NY - Mon, 27 Feb 2023 21:16 UTC

"Big Al" <Bears@invalid.com> wrote in message
news:ttiibl$39kfd$2@dont-email.me...
> If you want the browser passwords, I'd boot a live Linux CD, copy the
> browser profile folder like %APPDATA%\firefox to the
> /home/mint/.mozilla/firefox folder on the live cd while it's running. You
> could then launch firefox and see the passwords etc.

Hmmm. Yes, Firefox saves everything in nice files that you can copy from one
PC to another (I did it when I got a new laptop and copied my
saved-passwords list from my old laptop). I have a nasty feeling that he may
not be using FF.

> You don't says what browser.

I don't know what browser (and the customer wouldn't have a clue). I imagine
it will be the Windows default: probably Edge. Few non-techies install
third-party browsers, and if they do, they tend to install Google Chrome.

The good news is that I managed to persuade Talktalk to add the customer's
*current* mobile phone number as a get-out-of-jail password-recovery
mechanism. They said it would take up to three days for the change to take
effect (though I'll try sooner than that!) but hopefully I can then do a
password-recovery on the customer's Talktalk email password, and once we
have access to his email, I can use the Windows password-recovery to send a
code to his Talktalk email. So the end *may* be in sight.

I'll also set the Windows recovery to use his mobile phone number and a
newly-created gmail account, and set Talktalk to use that gmail account -
anything to break the deadly embrace of defining email address X as the
recovery address for the password of account X ;-)

It was a case of one damn thing after another: each email account used
either itself, or else another account for which we didn't have the
password, or else an obsolete mobile phone number which he couldn't even
*remember* let alone access. He'd kept a record of account details and
passwords - but unfortunately all the entries were out of date and didn't
help :-(

Re: Gaining access to a PC where user has forgotten the login password (using Micrsoft account rather than local account)

<ttj73o$3buc1$2@dont-email.me>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=69348&group=alt.comp.os.windows-10#69348

 copy link   Newsgroups: alt.comp.os.windows-10
Path: i2pn2.org!i2pn.org!eternal-september.org!reader01.eternal-september.org!.POSTED!not-for-mail
From: me...@privacy.invalid (NY)
Newsgroups: alt.comp.os.windows-10
Subject: Re: Gaining access to a PC where user has forgotten the login password (using Micrsoft account rather than local account)
Date: Mon, 27 Feb 2023 21:25:08 -0000
Organization: A noiseless patient Spider
Lines: 1
Message-ID: <ttj73o$3buc1$2@dont-email.me>
References: <ttid77$39i1g$1@dont-email.me> <1oomtpbw2hlgn$.dlg@v.nguard.lh>
MIME-Version: 1.0
Content-Type: text/plain;
format=flowed;
charset="iso-8859-1";
reply-type=original
Content-Transfer-Encoding: 7bit
Injection-Date: Mon, 27 Feb 2023 21:25:12 -0000 (UTC)
Injection-Info: reader01.eternal-september.org; posting-host="7779d82acd2b99cdd0e78a772caefa80";
logging-data="3537281"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+Qlzp9GoNnsxELwtZvBc7O+4ZMpgIu43o="
Cancel-Lock: sha1:7aUP3fz2DMkBwDukUbD4EU4CQgE=
X-Priority: 3
Importance: Normal
X-MSMail-Priority: Normal
X-Antivirus: Avast (VPS 230227-4, 27/2/2023), Outbound message
In-Reply-To: <1oomtpbw2hlgn$.dlg@v.nguard.lh>
X-Newsreader: Microsoft Windows Live Mail 14.0.8089.726
X-Antivirus-Status: Clean
X-MimeOLE: Produced By Microsoft MimeOLE V14.0.8089.726
 by: NY - Mon, 27 Feb 2023 21:25 UTC

"VanguardLH" <V@nguard.LH> wrote in message
news:1oomtpbw2hlgn$.dlg@v.nguard.lh...
> There isn't a "Forgot Password" link in the Windows login screen? The
> following article mentions a "Reset password" link on the sign-in
> screen. The problem is if the user has forgotten their login password
> then perhaps they also forgot their answers to the security questions.

I did try that: Windows tries to use the email/phone detail that you
configured when you created the user, but if offers to use a browser
instead, with a long URL of random characters. Brilliant: took some typing
and checking, but I did it. However the information that it asked for (name,
date of birth, previous passwords allocated before the current unknown one,
etc) was not sufficient for it to authorise recovery of the password. It may
even have been asking for some information that the customer had never set.

I'm glad I wasn't responsible for setting up the various systems so as to
use the same address for recovery as the one that I was trying to access, or
to use a mobile phone number that no longer existed. It's a matter of
thinking "I've changed my phone" or "I no longer have access to this email"
and changing the places where those details are used for recovering a
password on something unrelated.

Re: Gaining access to a PC where user has forgotten the login password (using Micrsoft account rather than local account)

<ttj9ge$3c61j$1@dont-email.me>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=69350&group=alt.comp.os.windows-10#69350

 copy link   Newsgroups: alt.comp.os.windows-10
Path: i2pn2.org!i2pn.org!eternal-september.org!reader01.eternal-september.org!.POSTED!not-for-mail
From: nos...@needed.invalid (Paul)
Newsgroups: alt.comp.os.windows-10
Subject: Re: Gaining access to a PC where user has forgotten the login
password (using Micrsoft account rather than local account)
Date: Mon, 27 Feb 2023 17:06:05 -0500
Organization: A noiseless patient Spider
Lines: 63
Message-ID: <ttj9ge$3c61j$1@dont-email.me>
References: <ttid77$39i1g$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Mon, 27 Feb 2023 22:06:06 -0000 (UTC)
Injection-Info: reader01.eternal-september.org; posting-host="a0cb63c66bd8255469047cfaed2406ee";
logging-data="3545139"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX19ZHCGUovTaG5rcyY8ei82BD8soyMP2gDw="
User-Agent: Ratcatcher/2.0.0.25 (Windows/20130802)
Cancel-Lock: sha1:fDpoTENvOUq1TbTmA6E73vMTWp0=
In-Reply-To: <ttid77$39i1g$1@dont-email.me>
Content-Language: en-US
 by: Paul - Mon, 27 Feb 2023 22:06 UTC

On 2/27/2023 9:03 AM, NY wrote:
> I have a customer with a Windows 10 PC which is blocking attempts to login, using (as far as he knows) the same Windows password that always worked. The PC is set to use a Microsoft account rather than a local account (I knew there was a reason why I set my Win7 and Win10 PCs to use local accounts!)
>
> Is there any way of bypassing Windows security to be able to access the browser's list of saved IDs and passwords for websites?
>
> Unfortunately, any attempt to reset the password is stuck in a deadly embrace: the only "back door" is to send a code in an email to a Talktalk address whose password he doesn't know because he never uses it: it's always saved and supplied by his browser. The "back door" for Talktalk offers to send its code to 1) the same address (circular argument!), 2) a BT Internet address whose password he doesn't know, 3) a mobile phone number that he no longer has access to. Attempts to reset the BT Internet email password seem to disappear into a black hole: I seem to have changed the password successfully but the new username/password don't let me in. I have a feeling of chasing my tail :-(
>
> Talktalk seemed to be very unhelpful. It doesn't help that the email account is "orphaned": it exists as an email address but there is no longer a broadband account associated with it, because he changed in the past to use BT Internet for broadband. So we can't use the bank account that pays the TT direct debit as a form of validation.
>
> (For the future, I will make damn sure that he has a written record of all the details which work, and that "back door" validation codes are sent to *other* email accounts and not the the same one whose details I've forgotten. All the "circular references" and references to phone numbers that no longer exist happened long before I was involved...)
>
> Any suggestions? A password reset utility would get him into the PC, but maybe at the expense of not allowing access to browser-saved usernames/passwords, so it would solve on problem but leave another (accessing his emails) still remaining. And reinstalling Windows would lose everything of the personalisation, even if I first saved his c:\users\<username> tree structure.
>

Ah, yes. A password recovery spiral.

For a local account, there were some hacks to cause an administrator command prompt
to appear on the screen at startup. This allows a user to access the "password" command
and change a lowly local account password. Some of the easy methods have been blocked
for that, so it is not quite as easy to fix things as it used to be. And that's *only*
for a local, that won't fix an MSA.

And you've already experienced what a recovery is like, when the comms channel
for the account is not working any more. Still, the person in this
situation, can review the information here.

https://www.digitalcitizen.life/how-reset-password-your-microsoft-account/

It could be that the account has been blocked, because "too many attempts
have been made to get in". Or, the account really could have been compromised,
using a known password for the same individual.

This is not the same thing, but I had a gmail that was blocked on me. I
let it sit for six months, and then when I logged in, it worked :-)
How is that for a recovery strategy :-/ Even if they did the simple
things, like make the password string visible while it was being typed
in, that would be a start at improving the statistics.

*******

And I don't really want to address how to "make this bulletproof",
except to make a disparaging reference to a product. Someone makes
a security key that you plug into a USB port, and that can be tied
to a Microsoft account. Mechanically, the product is poorly made, and
looking at it, you would ask yourself what were they thinking. Then,
on the product web site, it will say "you should buy two of these, OK ?"
Yet, as a marketing exercise, they don't enumerate the reasons
why they think you should buy two. Undoubtedly the tech support
phone number is ringing off the hook, from the customers that
only bought one of the keys, and now their life is a shambles
because the key doesn't work :-)

So yes, there's a lot to be said for having a local account.

"In The Wizard of Oz (1939), Dorothy Gale comes to learn that
there's "no place like C:\users\home"
"

Who will stop this madness, I wonder...

Paul

Re: Gaining access to a PC where user has forgotten the login password (using Micrsoft account rather than local account)

<e3qi1cxgjfzv.dlg@v.nguard.lh>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=69356&group=alt.comp.os.windows-10#69356

 copy link   Newsgroups: alt.comp.os.windows-10
Path: i2pn2.org!i2pn.org!weretis.net!feeder8.news.weretis.net!news.uzoreto.com!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail
From: V...@nguard.LH (VanguardLH)
Newsgroups: alt.comp.os.windows-10
Subject: Re: Gaining access to a PC where user has forgotten the login password (using Micrsoft account rather than local account)
Date: Mon, 27 Feb 2023 21:11:53 -0600
Lines: 26
Message-ID: <e3qi1cxgjfzv.dlg@v.nguard.lh>
References: <ttid77$39i1g$1@dont-email.me> <1oomtpbw2hlgn$.dlg@v.nguard.lh> <ttj73o$3buc1$2@dont-email.me>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Trace: individual.net FUOsNWVvNJVKvTxi0AA+swAne7Y48dHVxM1fXysIeHe2YivJ+r
Cancel-Lock: sha1:jc9Q6X1+MUfn1LAhOpBBqCweWb4=
User-Agent: 40tude_Dialog/2.0.15.41
 by: VanguardLH - Tue, 28 Feb 2023 03:11 UTC

NY <me@privacy.invalid> wrote:

> "VanguardLH" <V@nguard.LH> wrote in message
> news:1oomtpbw2hlgn$.dlg@v.nguard.lh...
>> There isn't a "Forgot Password" link in the Windows login screen? The
>> following article mentions a "Reset password" link on the sign-in
>> screen. The problem is if the user has forgotten their login password
>> then perhaps they also forgot their answers to the security questions.
>
> I did try that: Windows tries to use the email/phone detail that you
> configured when you created the user, but if offers to use a browser
> instead, with a long URL of random characters. Brilliant: took some typing
> and checking, but I did it. However the information that it asked for (name,
> date of birth, previous passwords allocated before the current unknown one,
> etc) was not sufficient for it to authorise recovery of the password. It may
> even have been asking for some information that the customer had never set.
>
> I'm glad I wasn't responsible for setting up the various systems so as to
> use the same address for recovery as the one that I was trying to access, or
> to use a mobile phone number that no longer existed. It's a matter of
> thinking "I've changed my phone" or "I no longer have access to this email"
> and changing the places where those details are used for recovering a
> password on something unrelated.

This user doesn't have a smartphone he uses to web browser and perhaps
have e-mail apps on it to the same MS account?

Re: Gaining access to a PC where user has forgotten the login password (using Micrsoft account rather than local account)

<ttkf68$3ie32$1@dont-email.me>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=69360&group=alt.comp.os.windows-10#69360

 copy link   Newsgroups: alt.comp.os.windows-10
Path: i2pn2.org!i2pn.org!eternal-september.org!reader01.eternal-september.org!.POSTED!not-for-mail
From: winston...@gmail.com (...w¡ñ§±¤ñ)
Newsgroups: alt.comp.os.windows-10
Subject: Re: Gaining access to a PC where user has forgotten the login
password (using Micrsoft account rather than local account)
Date: Tue, 28 Feb 2023 01:49:12 -0700
Organization: windowsunplugged.com
Lines: 84
Message-ID: <ttkf68$3ie32$1@dont-email.me>
References: <ttid77$39i1g$1@dont-email.me> <ttiibl$39kfd$2@dont-email.me>
<ttj73o$3buc1$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Date: Tue, 28 Feb 2023 08:49:13 -0000 (UTC)
Injection-Info: reader01.eternal-september.org; posting-host="fdf855e3cdc6ac43fde8916dfb1c2f3b";
logging-data="3749986"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+E5cdISYqEOVHv2FgI3maH7e7gVgAwFb8="
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101
Firefox/91.0 SeaMonkey/2.53.15
Cancel-Lock: sha1:5KM/VjMjG30aFspNyAMqASuvq6Q=
In-Reply-To: <ttj73o$3buc1$1@dont-email.me>
 by: ...w¡ñ§±¤ñ - Tue, 28 Feb 2023 08:49 UTC

NY wrote on 2/27/2023 2:16 PM:
>
> I'll also set the Windows recovery to use his mobile phone number and a
> newly-created gmail account, and set Talktalk to use that gmail account -
> anything to break the deadly embrace of defining email address X as the
> recovery address for the password of account X ;-)

A MSA(Microsoft Account) has multiple configurations for:
a. Signing on
b. Security

Where (a) signing on by default is the MSFT Account email address and
password via web site url account.microsoft.com
Where (b) is the security configurable settings for
notification(including password reset/account reactivation etc)

For (a) the sign-in setting are in the MSA online account under 'Your
Info' category
- only the MSA email address is recommended, not the phone
- for the same reason, folks change phone providers/phone numbers/email
Note: even though a 3rd party email account is no longer available from
the provider, that MSA logon for that email account is not lost(i.e. the
MSA for the account once created for use as an MSA remains independent
from the provider email account(active or inactive or deleted or no
longer available)
- another reason to not configure a phone for sign-in...and a common
problem when doing so, folks forget to update the MSA sign-in for a no
longer avaialble phone number with the new one(required deleting the old
and adding the new, not editing the old)

For (b) - the configurable settings are under the online MSA in the
'Security' section.
=> this is the location one configures notification options where an
alternate phone number and text capable phone number is entered.
- yes, that phone number has to be updated to but not tied to signing
in. Notification methods are and should be separate from sign-in methods.
Note: If nothing is configured in this section(alternate email or phone,
then password recovery via this route won't be available.

An MSA does require one to sign-on using that MSA at least once every two
years and sign on should be done in a browser at account.microsft.com or
outlook.com or onedrive.com. Optionally if one has a subscription to
M365 and that MSA is also the owner of the M365 account, then signing on
in Office and using Office Outlook for that email account(configured
automatically with the Exchange protocol) will meet the time limit
requirements for signing on with the MSA to retain the account's active
status.
- If not signed on in the 2 yr time frame, the account goes into
inactive status for 60 days then permanently/automatically deleted.
- Another good reason to sign-in on the web UI when having an M365
Office(Personal or Family) - Office requires that MSA to be signed in for
use to retain full usage rights. Likewise another reason to always
consider setting up (b) options if the MSA goes inactive/locked/etc.

In your customer's case...if that MSA was never used to sign-in in the
web UI(options noted above) then his account may have went inactive or
even expired - the latter doesn't seem likely if attempts to reset the
password provided those Talktalk or BT internet options. Inactive may
have been the issue, which would require one to sign-in in the web UI at
account.microsoft.com to reactivate/validate the email as active.

There are other reasons for not being able to access an account.
- Account locked(Can be unlocked by use of any phone number provided as
long as text message capable to send a numeric code for unlocking. The
phone number does not have to associated with that Email account signon
or notification settings)
- Hacked or Compromised(online tool available to regain control and
reactivate for use)

Good luck with the 'get-out-of-jail' mobile number.

>
> It was a case of one damn thing after another: each email account used
> either itself, or else another account for which we didn't have the
> password, or else an obsolete mobile phone number which he couldn't even
> *remember* let alone access. He'd kept a record of account details and
> passwords - but unfortunately all the entries were out of date and didn't
> help :-(

Happens quite often(all the above).

--
....w¡ñ§±¤ñ

Re: Gaining access to a PC where user has forgotten the login password (using Micrsoft account rather than local account)

<ttkj3u$3irn3$1@dont-email.me>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=69362&group=alt.comp.os.windows-10#69362

 copy link   Newsgroups: alt.comp.os.windows-10
Path: i2pn2.org!i2pn.org!eternal-september.org!reader01.eternal-september.org!.POSTED!not-for-mail
From: was...@nowhere.com (wasbit)
Newsgroups: alt.comp.os.windows-10
Subject: Re: Gaining access to a PC where user has forgotten the login
password (using Micrsoft account rather than local account)
Date: Tue, 28 Feb 2023 09:56:15 +0000
Organization: A noiseless patient Spider
Lines: 57
Message-ID: <ttkj3u$3irn3$1@dont-email.me>
References: <ttid77$39i1g$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Tue, 28 Feb 2023 09:56:14 -0000 (UTC)
Injection-Info: reader01.eternal-september.org; posting-host="676bea01a0d39547eee21e20c5bcc71c";
logging-data="3763939"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/Z/B7V2ilIFTy3Kj0C3J0i"
User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:5.0) Aura/20220608
Interlink/52.9.8194
Cancel-Lock: sha1:xLdluTdJb69DW4lbW5JI8+lKBe8=
In-Reply-To: <ttid77$39i1g$1@dont-email.me>
Content-Language: en-US
 by: wasbit - Tue, 28 Feb 2023 09:56 UTC

On 27/02/2023 14:03, NY wrote:
> I have a customer with a Windows 10 PC which is blocking attempts to
> login, using (as far as he knows) the same Windows password that always
> worked. The PC is set to use a Microsoft account rather than a local
> account (I knew there was a reason why I set my Win7 and Win10 PCs to
> use local accounts!)
>
> Is there any way of bypassing Windows security to be able to access the
> browser's list of saved IDs and passwords for websites?
>
> Unfortunately, any attempt to reset the password is stuck in a deadly
> embrace: the only "back door" is to send a code in an email to a
> Talktalk address whose password he doesn't know because he never uses
> it: it's always saved and supplied by his browser. The "back door" for
> Talktalk offers to send its code to 1) the same address (circular
> argument!), 2) a BT Internet address whose password he doesn't know, 3)
> a mobile phone number that he no longer has access to. Attempts to reset
> the BT Internet email password seem to disappear into a black hole: I
> seem to have changed the password successfully but the new
> username/password don't let me in. I have a feeling of chasing my tail :-(
>
> Talktalk seemed to be very unhelpful. It doesn't help that the email
> account is "orphaned": it exists as an email address but there is no
> longer a broadband account associated with it, because he changed in the
> past to use BT Internet for broadband. So we can't use the bank account
> that pays the TT direct debit as a form of validation.
>
> (For the future, I will make damn sure that he has a written record of
> all the details which work, and that "back door" validation codes are
> sent to *other* email accounts and not the the same one whose details
> I've forgotten. All the "circular references" and references to phone
> numbers that no longer exist happened long before I was involved...)
>
> Any suggestions? A password reset utility would get him into the PC, but
> maybe at the expense of not allowing access to browser-saved
> usernames/passwords, so it would solve on problem but leave another
> (accessing his emails) still remaining. And reinstalling Windows would
> lose everything of the personalisation, even if I first saved his
> c:\users\<username> tree structure.
>

I've used the freeware Offline NT to reset a local account password before
- https://pogostick.net/~pnh/ntpasswd/

Major Geeks notes that their zip contains the files to run from either a
DVD (& presumably CD) or USB
-
https://www.majorgeeks.com/files/details/offline_nt_password_and_registry_editor.html

Link wraps.

--
Regards
wasbit

Re: Gaining access to a PC where user has forgotten the login password (using Microsoft account rather than local account)

<EvWcnaqw2ohRjpz5nZ2dnZfqn_GdnZ2d@brightview.co.uk>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=69417&group=alt.comp.os.windows-10#69417

 copy link   Newsgroups: alt.comp.os.windows-10
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!news.misty.com!border-2.nntp.ord.giganews.com!nntp.giganews.com!Xl.tags.giganews.com!local-1.nntp.ord.giganews.com!nntp.brightview.co.uk!news.brightview.co.uk.POSTED!not-for-mail
NNTP-Posting-Date: Thu, 02 Mar 2023 21:23:24 +0000
Date: Thu, 2 Mar 2023 21:23:25 +0000
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101
Thunderbird/102.8.0
From: me...@privacy.net (NY)
Subject: Re: Gaining access to a PC where user has forgotten the login
password (using Microsoft account rather than local account)
Newsgroups: alt.comp.os.windows-10
References: <ttid77$39i1g$1@dont-email.me>
Content-Language: en-GB
In-Reply-To: <ttid77$39i1g$1@dont-email.me>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Antivirus: AVG (VPS 230302-0, 2/3/2023), Outbound message
X-Antivirus-Status: Clean
Message-ID: <EvWcnaqw2ohRjpz5nZ2dnZfqn_GdnZ2d@brightview.co.uk>
Lines: 80
X-Usenet-Provider: http://www.giganews.com
X-Trace: sv3-f3SahYb8fScjA2iUzrIpB3QxJ5UGKGdWFpaJZr/HnQ27gttFXuB6AcfCi66l/MO8VlE9i694a35iuU4!J9Qcc8Zv0K8sX+ZJppWLiaAdKvYuja49d3/deKvB28+UP9LTl9K0SCoj3oCOF++UTLkjwjHwHqK5!xEKLtfedi95w5EveTT5gOfMbRgM=
X-Abuse-and-DMCA-Info: Please be sure to forward a copy of ALL headers
X-Abuse-and-DMCA-Info: Otherwise we will be unable to process your complaint properly
X-Postfilter: 1.3.40
 by: NY - Thu, 2 Mar 2023 21:23 UTC

On 27/02/2023 14:03, NY wrote:
> I have a customer with a Windows 10 PC which is blocking attempts to
> login, using (as far as he knows) the same Windows password that always
> worked. The PC is set to use a Microsoft account rather than a local
> account (I knew there was a reason why I set my Win7 and Win10 PCs to
> use local accounts!)
>
> Is there any way of bypassing Windows security to be able to access the
> browser's list of saved IDs and passwords for websites?
>
> Unfortunately, any attempt to reset the password is stuck in a deadly
> embrace: the only "back door" is to send a code in an email to a
> Talktalk address whose password he doesn't know because he never uses
> it: it's always saved and supplied by his browser. The "back door" for
> Talktalk offers to send its code to 1) the same address (circular
> argument!), 2) a BT Internet address whose password he doesn't know, 3)
> a mobile phone number that he no longer has access to. Attempts to reset
> the BT Internet email password seem to disappear into a black hole: I
> seem to have changed the password successfully but the new
> username/password don't let me in. I have a feeling of chasing my tail :-(

Good news in this saga. I broke the deadly-embrace of "forgotten
password" mechanisms without needing to bypass Windows security or
create a new Admin account.

I managed to talk to someone from TalkTalk whom I persuaded to change
the mobile phone number used for account recovery from an obsolete
number to the user's current number. It needed a few security questions
answering as proof.

So I could then:

- do the Talktalk "forgotten password" routine, sending a reset code by
text to the user's phone, thus gaining access to his incoming emails

- do the Windows "forgotten password" routine, sending a reset code by
email to TalkTalk

- log in to Windows using the newly created password

It turned out that the PC was Win 11, not Win 10 - no way of
distinguishing them when the customer doesn't know what version of
Windows he has and the start-from-cold screens as far as the password
screen don't display the version.

I was surprised that it went through some of the stages that you get
when you create new Windows user, so I was pleasantly surprised to see
that the Downloads, Pictures, Documents etc folders still had the
contents that he's placed there before he lost access. Control Panel |
Users showed that there was only one used defined (and it was an Admin
account) and c:\users showed only one user profile directory (apart from
the standard "Public" and "Default" ones).

I could even have looked up the TalkTalk password in his browser's saved
passwords list. If it had been Firefox I'd have done it because I know
exactly where to look; since he used Edge, and the password had already
been changed, it wasn't worth that hassle of investigating Edge's
equivalent menus for something that was only of academic interest.

As to why it happened, goodness knows. He swears blind that he used the
original Windows password when he used logged on to the PC on Friday,
then brought it out of sleep (not even startup from having been
shutdown) on Saturday and the same password was rejected. All rather
worrying.

Could a Windows update have affected it? I noticed that Windows had
downloaded V22H2 of Win 11, together with a few other things that I
forgot to note down from Windows Update | Update History. That took a
*long* time to install - I went home, hand my lunch and came back a few
hours later, having left the PC to do its thing.

And I wrote down all the passwords, together with a description of what
each one was used for, and said "keep these safe and remember to update
these pieces of paper if you change the email/Windows passwords or your
mobile phone number in future".

Re: Gaining access to a PC where user has forgotten the login password (using Microsoft account rather than local account)

<1ri7djxn9f.ln2@Telcontar.valinor>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=69419&group=alt.comp.os.windows-10#69419

 copy link   Newsgroups: alt.comp.os.windows-10
Path: i2pn2.org!i2pn.org!weretis.net!feeder8.news.weretis.net!newsreader4.netcologne.de!news.netcologne.de!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail
From: robin_li...@es.invalid (Carlos E.R.)
Newsgroups: alt.comp.os.windows-10
Subject: Re: Gaining access to a PC where user has forgotten the login
password (using Microsoft account rather than local account)
Date: Thu, 2 Mar 2023 22:59:29 +0100
Lines: 27
Message-ID: <1ri7djxn9f.ln2@Telcontar.valinor>
References: <ttid77$39i1g$1@dont-email.me>
<EvWcnaqw2ohRjpz5nZ2dnZfqn_GdnZ2d@brightview.co.uk>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Trace: individual.net HWc15vzMAcZG90OZNsCvKwLUEaR/fNjLMtIAW1vs22CLW7ucyQ
X-Orig-Path: Telcontar.valinor!not-for-mail
Cancel-Lock: sha1:MjU/mmf2e9Eker/N4ULJIJdyPpE=
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101
Thunderbird/102.7.1
Content-Language: es-ES, en-CA
In-Reply-To: <EvWcnaqw2ohRjpz5nZ2dnZfqn_GdnZ2d@brightview.co.uk>
 by: Carlos E.R. - Thu, 2 Mar 2023 21:59 UTC

On 2023-03-02 22:23, NY wrote:

....

> And I wrote down all the passwords, together with a description of what
> each one was used for, and said "keep these safe and remember to update
> these pieces of paper if you change the email/Windows passwords or your
> mobile phone number in future".

I buy a new small notebook, where I write some details about the
configuration, keys or procedures needed to enter boot or bios config,
and login/passwords, then give it as a gift to the person.

Don't loose it.

However, it can happen that the user rips the pages and reuses the
notebook. Fortunately, she kept the pages safely. I bought a new
notebook and transferred the notes. Told not loose or rip the pages.

:-D

I may keep a copy of it.

--
Cheers, Carlos.

Re: Gaining access to a PC where user has forgotten the login password (using Microsoft account rather than local account)

<ttr6rt$de06$1@dont-email.me>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=69421&group=alt.comp.os.windows-10#69421

 copy link   Newsgroups: alt.comp.os.windows-10
Path: i2pn2.org!i2pn.org!eternal-september.org!reader01.eternal-september.org!.POSTED!not-for-mail
From: nob...@nowhere.co.uk (Graham J)
Newsgroups: alt.comp.os.windows-10
Subject: Re: Gaining access to a PC where user has forgotten the login
password (using Microsoft account rather than local account)
Date: Thu, 2 Mar 2023 22:09:31 +0000
Organization: A noiseless patient Spider
Lines: 41
Message-ID: <ttr6rt$de06$1@dont-email.me>
References: <ttid77$39i1g$1@dont-email.me>
<EvWcnaqw2ohRjpz5nZ2dnZfqn_GdnZ2d@brightview.co.uk>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Thu, 2 Mar 2023 22:10:05 -0000 (UTC)
Injection-Info: reader01.eternal-september.org; posting-host="571fd9f066b92625565b094d64251dfe";
logging-data="440326"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+fdrCKn4jew8OKDT1AzCZM"
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:91.0) Gecko/20100101
Firefox/91.0 SeaMonkey/2.53.15
Cancel-Lock: sha1:FdhWOkj96fEkBPxRFhWtmrPx/iQ=
In-Reply-To: <EvWcnaqw2ohRjpz5nZ2dnZfqn_GdnZ2d@brightview.co.uk>
X-Antivirus: AVG (VPS 230302-8, 2/3/2023), Outbound message
X-Antivirus-Status: Clean
 by: Graham J - Thu, 2 Mar 2023 22:09 UTC

NY wrote:

[snip]
>
> Could a Windows update have affected it? I noticed that Windows had
> downloaded V22H2 of Win 11, together with a few other things that I
> forgot to note down from Windows Update | Update History. That took a
> *long* time to install - I went home, hand my lunch and came back a few
> hours later, having left the PC to do its thing.
>
>
> And I wrote down all the passwords, together with a description of what
> each one was used for, and said "keep these safe and remember to update
> these pieces of paper if you change the email/Windows passwords or your
> mobile phone number in future".

So now you absolutely MUST create a Local Admin account with a password
that only you know - and write down securely - so that at least you can
get into the computer when your customer next forgets his password.

Having done that I think you can use this Local Admin account to set a
new password for the user's Microsoft Account, so that - with the
internet disconnected - you can log into his account when he next
forgets his password. When you later connect to the internet you may be
prompted to set up the new password for the Microsoft website, and this
may still require knowledge of the old forgotten password, but you might
at least be able to use more of the password recovery tools.

I think it is possible that a W11 update broke his machine - I've seen
something on the web about M$ accounts being locked out but I can't
remember what. If he uses OneDrive and has stored a file there which M$
doesn't like (e.g. kiddie pron, perhaps a pic of a small child in the
bath) then he might never get back his MS account.

Use of OneDrive does not remove the need for a local backup that is
totally under the control of the user.

--
Graham J

Re: Gaining access to a PC where user has forgotten the login password (using Microsoft account rather than local account)

<ttr9tn$dokd$1@dont-email.me>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=69426&group=alt.comp.os.windows-10#69426

 copy link   Newsgroups: alt.comp.os.windows-10
Path: i2pn2.org!i2pn.org!eternal-september.org!reader01.eternal-september.org!.POSTED!not-for-mail
From: nos...@needed.invalid (Paul)
Newsgroups: alt.comp.os.windows-10
Subject: Re: Gaining access to a PC where user has forgotten the login
password (using Microsoft account rather than local account)
Date: Thu, 2 Mar 2023 18:02:14 -0500
Organization: A noiseless patient Spider
Lines: 18
Message-ID: <ttr9tn$dokd$1@dont-email.me>
References: <ttid77$39i1g$1@dont-email.me>
<EvWcnaqw2ohRjpz5nZ2dnZfqn_GdnZ2d@brightview.co.uk>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Thu, 2 Mar 2023 23:02:15 -0000 (UTC)
Injection-Info: reader01.eternal-september.org; posting-host="3c20d35a4964b5e848b7d389e715db1c";
logging-data="451213"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+ZWNDIJryYe2JEibnS1m9ZCHO2aUMlPo0="
User-Agent: Ratcatcher/2.0.0.25 (Windows/20130802)
Cancel-Lock: sha1:7fQeW6UE0PKYLy4TT54P81tuk+c=
Content-Language: en-US
In-Reply-To: <EvWcnaqw2ohRjpz5nZ2dnZfqn_GdnZ2d@brightview.co.uk>
 by: Paul - Thu, 2 Mar 2023 23:02 UTC

On 3/2/2023 4:23 PM, NY wrote:

> As to why it happened, goodness knows. He swears blind that he used the original Windows password when he used logged on to the PC on Friday, then brought it out of sleep (not even startup from having been shutdown) on Saturday and the same password was rejected. All rather worrying.
>
> Could a Windows update have affected it?

Obviously, he had Windows 11 installed over Windows 10, very very recently.
Golly, I wonder how that happened. Yet another mystery for the XFiles.

Look in C:\Windows.old for proof. If you have a Windows.old, then
the Windows has changed versions on you. Windows.old will auto-delete
after some number of days. (You can "revert" to Win10 again, if
Windows.old still exists.)

There are people who will claim this can't happen, unless you "click something".
Dunno. It's all just too suspicious.

Paul

Re: Gaining access to a PC where user has forgotten the login password (using Microsoft account rather than local account)

<8gm20itil17fs7nsqdfhgfj4aj7e0e4uml@4ax.com>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=69427&group=alt.comp.os.windows-10#69427

 copy link   Newsgroups: alt.comp.os.windows-10
Path: i2pn2.org!i2pn.org!usenet.blueworldhosting.com!feed1.usenet.blueworldhosting.com!peer02.iad!feed-me.highwinds-media.com!news.highwinds-media.com!fx18.iad.POSTED!not-for-mail
From: non...@none.invalid (Char Jackson)
Newsgroups: alt.comp.os.windows-10
Subject: Re: Gaining access to a PC where user has forgotten the login password (using Microsoft account rather than local account)
Message-ID: <8gm20itil17fs7nsqdfhgfj4aj7e0e4uml@4ax.com>
References: <ttid77$39i1g$1@dont-email.me> <EvWcnaqw2ohRjpz5nZ2dnZfqn_GdnZ2d@brightview.co.uk> <ttr9tn$dokd$1@dont-email.me>
X-Newsreader: Forte Agent 6.00/32.1186
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Lines: 24
X-Complaints-To: abuse(at)newshosting.com
NNTP-Posting-Date: Fri, 03 Mar 2023 02:25:15 UTC
Organization: Newshosting.com - Highest quality at a great price! www.newshosting.com
Date: Thu, 02 Mar 2023 20:25:16 -0600
X-Received-Bytes: 2006
 by: Char Jackson - Fri, 3 Mar 2023 02:25 UTC

On Thu, 2 Mar 2023 18:02:14 -0500, Paul <nospam@needed.invalid> wrote:

>On 3/2/2023 4:23 PM, NY wrote:
>
>> As to why it happened, goodness knows. He swears blind that he used the original Windows password when he used logged on to the PC on Friday, then brought it out of sleep (not even startup from having been shutdown) on Saturday and the same password was rejected. All rather worrying.
>>
>> Could a Windows update have affected it?
>
>Obviously, he had Windows 11 installed over Windows 10, very very recently.
>Golly, I wonder how that happened. Yet another mystery for the XFiles.
>
>Look in C:\Windows.old for proof. If you have a Windows.old, then
>the Windows has changed versions on you. Windows.old will auto-delete
>after some number of days. (You can "revert" to Win10 again, if
>Windows.old still exists.)
>
>There are people who will claim this can't happen, unless you "click something".
>Dunno. It's all just too suspicious.

My sister's Win 10 laptop magically showed up one morning, a few weeks
ago, proudly wearing Win 11. I grilled her pretty hard but she insists
that she saw nothing at all to suggest that an upgrade was going to
happen.

1
server_pubkey.txt

rocksolid light 0.9.7
clearnet tor