Vista System Restore - will it remove users and domains
If I set up a computer with Vista on a domain of xxx with users yyy on May 1st and that computer is no longer on that domain or able to get to that domain, will a system restore prior to the date that the computer was set to that domain remove the users and more importantly the domain ?
I dont want to rebake the entire machine, but I dont have the administrator access to remove the domain, so how do I get the computer to go back to being a stand alone machine.
(ps - I was consulting at this company, I brought my laptop in, their IT guy set up my computer on their domain and me as a user. I am no longer doing any work for them and now my computer is stuck on their domain and I dont have access to remove it as a user.)
Always vigilient, and dies in the end
You only need local admin access to remove the machine from the domain as far as the machine is concerned. Once it's removed from the domain, the user accounts for the domain should be gone but again as a local admin you can clean them up.
Shoot, it will ask for a domain/user to perform the unjoin, let me research this quick.
My google-fu is failing at the moment, I'm almost positive you can unjoin it but you may get a message that since a DC couldn't be contacted you have to manually clean up AD (like you care).
I can test more when I get home in about 3 hours.
Do you ever walk alone like a drifter in the dark?
The computer still works when I use it at home even if I sign onto the old domain, i just dont have any network access or email for that domain (which I dont want regardless).
When I hit the Switch Users button it gives me the option to sign on as the local computer.
so I try to sign on
local user/dthind
password
And it tells me "no domain controllers are available"
I was hoping a system restore prior to the computer be added to the domain would wipe out the reference the computer has to the domain, otherwise I will have to rebake it. Which I just did before taking the consulting job a few months ago.
Sad part is the "guy" at the company wont give me the admin password or let me bring it in so he can remove the domain. I had the admin password, but I know they change it often, so mine is dead now.
Always vigilient, and dies in the end
I'd be calling a lawyer, or threatening to.
Unfortunately, if I slash my wrist with my lightsaber it cauterizes instantly. - PurEvil on emo Star Wars plots.
Libertarianism would be a lot more palatable if Ayn Rand hadn't decided she was the world's greatest living philosopher - Robear
Windows machines have a local Administrator account. By joining a domain, you also grant Administrative access to people in the Administrators group in the domain. But your local Administrator account is still alive, and should still have its old password, assuming they didn't change it, which would be a ridiculously scummy thing to do.
All you really need to do is log in as the local Adminstrator, and then join a workgroup, leaving the domain. Your user account in the old domain will be lost, but you should still have the local account you were using before you joined it. And, assuming they're not encrypted, you can take ownership of the files in the domain user's directory, and transfer them to your local user account.
Staats wrote:
Basically I was trying to say what Malor did. You may need to boot into Safe Mode to get the administrator account to show up/be logged in as but since the PC is on a domain, most likely not.
Also it would not be 'local user\username' but 'machinename\username'. Since you joined a domain you should see just a login and password field with the domain named underneath the password field, under the domain name should be a "How do I switch to another domain?" or something and if you click on that it will show you an example of how to log on with a local account. For instance, if all my computers at home are given Disney character names and my domain is Disney.local and I wanted to log on to the Donald computer with the local admin acct it would be donald\administrator in the name field.
All that said and done, in regards to your original question since I was confused by it until you clarified it, I don't know and I doubt it. System Restore worries more about files and such than system state BUT you can undo a system restore (be sure to read up on it and print out the associated whitepapers/topics from MS's site before you begin). Since you're running a version of Vista that can join a domain you may have the Backup and Restore Center available and (for next time, sorry or when you get it to the state you want it) you will want to do a Complete Computer Backup from which you can restore the whole PC. In fact if you're nervous about the System Restore you can do this first to make doubly sure you can at least get back to the point you are at.
If you have a problem getting into the local admin account though, there are utilities out there that can reset the local admin password.
Do you ever walk alone like a drifter in the dark?
does ntpassword still work on newer versions of Windows? I live under a rock, and The People of Underrock still use XP/2003...
I may be going to hell in a bucket, but at least I'm enjoyin' the ride
Honestly, I'd look to see if BackTrack or similar can get or reset an admin password on Vista. Or, follow the directions on this link:
http://www.paulspoerry.com/2008/08/03/hack-vista-create-a-new-admin-acco...
That should help a bit. (Though, given a choice, I'd likely grab any domain passwords I knew, run JtR to recover any on the machine, and have some fun with it. But that's probably just my grey hat side wanting revenge.)
Also, after you make sure it works, you'll want to move Utilman.old back to Utilman.exe, overwriting the old one... which will fix the massive gaping security hole you just opened. You may have to open up Backtrack again, I dunno if you can do it in usermode, even as admn. So, you may need to fix that from outside (With the Backtrack live CD.)
I love that security hole, I really do. Copying over creative or patched files into system things that spawn with system rights... so much fun. My favorite is replacing an EXE that will spawn a pwdump shell dumping the hashes which I then grab. Local IT was slow enough, they never thought to look for it. (I don't recommend it, I only did it to prove a point. Most places will bust you for it.)
Parallax Abstraction wrote:
This is why any IT shop worth a damn will lock down the ability to boot from other devices than the actual hard drive that holds the system\C drive. If someone has physical access to the box it's not secure.
And for the most part I've found most password utilities still work with Vista, accessing the SAM database is still accessing the SAM database.
Do you ever walk alone like a drifter in the dark?
thanks - I just rebaked it. Either all of the local machine passwords were changed by their IT guy or something was done. Since i have the serial, it just became easier to rebake the machine.
The "guy" that I was working for still owes me money, so he was never going to cooperate.
Always vigilient, and dies in the end
Odd, that was the exact point I was making.
Protip: Make sure, if you lock out all boot drives except the C drive, also make sure the BIOS has a password.
Also: You still need to keep an eye on people. You'd be amazed how easy it is to stealthily crack a case and pop in another drive to boot from.
Man, that's pretty low. Who changes the local passwords on someone else's machine just linking it to a domain?
Parallax Abstraction wrote: