Unoffical empeg BBS

Quick Links: Empeg FAQ | RioCar.Org | Hijack | BigDisk Builder | jEmplode | emphatic
Repairs: Repairs

Topic Options
#208988 - 11/03/2004 23:30 Can't login to own laptop - help?
hybrid8
carpal tunnel

Registered: 12/11/2001
Posts: 7738
Loc: Toronto, CANADA
Windows XP Pro: Ok, I was playing arond with my girlfriend's new work laptop. It's got wireless built in and for the life of me, no matter what I tried, I could not get it to connect to my wireless network. Connecting any Apple portable is a piece of cake.

Anyway, the specific problem is this: while lpaying around I changed computer ID settings to tell it to join my workgroup, INSTEAD of the DOMAIN it belonged to before.

At work we use a domain, no surprise. But now it won't let me log in to the machine! At the login prompt there's only a spot for userID and password. Correct password gives back an error saying "to make sure your user name and domain are correct" - WTF?

I didn't set this machine up, so I don't know the password for the "Administrator" login - figures IT wouldn't have told her.

I also don't know if there are any other users (besides hers which I was using to log in before) with admin privs.

My assumption here is that her userID was tied to the domain and isn't the same as whatever local ID should (is?) on the machine...

It's late and I'm stumped. And I've left her machine in a state where it can't be used. She's going to kill me when she can't use it at work tomorrow. Hopefully someone in IT can fix it quickly. I did tell her tonight, but I'm pretty sure she had already been sleeping just long enough for it not to fully register.

Any suggestions? Even any tips I may ps on to her to tell the IT people?

Bruno
_________________________
Bruno
Twisted Melon : Fine Mac OS Software

Top
#208989 - 12/03/2004 00:21 Re: Can't login to own laptop - help? [Re: hybrid8]
mvigneau
member

Registered: 12/08/2002
Posts: 179
Loc: Manchester, NH
Well, you are correct. The login name and password that she was using is tied to the domain.

The IT people should have a utility (ERD Commander) to change the Admin password if they forgot it(I know we have one at work).

They should back up the profile BEFORE they readd it to the domain just in case the readdition to the domain and relogin overrides the stored profile.

Unfortunately without a local admin account to login to there is nothing that you can do unless you have the password chaning utility which would allow you to logon as Administrator and backup her data.

Top
#208990 - 12/03/2004 00:28 Re: Can't login to own laptop - help? [Re: hybrid8]
webroach
old hand

Registered: 23/07/2003
Posts: 869
Loc: Colorado
Use this at your own risk, Bruno.

bootdisk

Should do the trick. But your best bet is to let your girlfriend's IT staff add her back into the domain.

Since you're a Mac user (I believe), just a note: This is perfectly normal behavior for the Wintendo OS. Only a system admin (or, IIRC, a Power User) can switch the computer to a domian.
_________________________
Dave

Top
#208991 - 12/03/2004 01:13 Re: Can't login to own laptop - help? [Re: webroach]
brendanhoar
enthusiast

Registered: 09/06/2003
Posts: 297
> This is perfectly normal behavior for the Wintendo OS. Only
> a system admin (or, IIRC, a Power User) can switch the
> computer to a domian.

...but apparently anyone can switch the computer from a domain to a workgroup?

-brendan

Top
#208992 - 12/03/2004 01:58 Re: Can't login to own laptop - help? [Re: brendanhoar]
andy
carpal tunnel

Registered: 10/06/1999
Posts: 5916
Loc: Wivenhoe, Essex, UK
but apparently anyone can switch the computer from a domain to a workgroup?

By default yes, but this behaviour can be changed by messing about with security policies.
_________________________
Remind me to change my signature to something more interesting someday

Top
#208993 - 12/03/2004 08:15 Re: Can't login to own laptop - help? [Re: brendanhoar]
mvigneau
member

Registered: 12/08/2002
Posts: 179
Loc: Manchester, NH
Well the reason that only admins can add it to the domain is a security issue. They don't want "normal" users adding it to the domain. They also need to have different permissions on the domain itself so people can't arbitrarily add PCs to the domain.

It may be a Windows thing but it makes more sense than other Windows behavior.

The reason anybody can add it to a workgroup is because you don't need special permissions on a workgroup to add a PC to that workgroup.

Top
#208994 - 12/03/2004 09:37 Re: Can't login to own laptop - help? [Re: mvigneau]
wfaulk
carpal tunnel

Registered: 25/12/2000
Posts: 16706
Loc: Raleigh, NC US
It's not so much the "add to a workgroup" part as the "remove from a domain" part that's worrisome, since it makes anybody with a login able to create a virtual DOS attack.
_________________________
Bitt Faulk

Top
#208995 - 12/03/2004 11:32 Re: Can't login to own laptop - help? [Re: hybrid8]
tfabris
carpal tunnel

Registered: 20/12/1999
Posts: 31594
Loc: Seattle, WA
I don't know if this will work since you switched it from domain to workgroup, but you can try prepending the domain name to the username with a backslash, like this:

User name: girlfriendsdomain\girlfriendsusername
Password: girlfriendspassword

Sometimes in Windows NT authentication, if you have a screen where the domain name is not available as an entry field, you have to prepend the domain name like that.

Of course, it would only work if she's actually connected to the work LAN. You can't do that unless the domain in question is really there.
_________________________
Tony Fabris

Top
#208996 - 12/03/2004 17:35 Re: Can't login to own laptop - help? [Re: tfabris]
hybrid8
carpal tunnel

Registered: 12/11/2001
Posts: 7738
Loc: Toronto, CANADA
Well, I'm just replying to the last post (just because ).

The laptop was fixed quickly once she got it to work. I'd have been able to do the same with an Admin password. They're not telling her that password and they say they won't be telling her. I don't know if her own account has admin access. I always use an account with Admin access - both on my work PC as well as my home machines. She works for the same company BTW. Other department obviously. When I've ever received a system from IT, I've had to reformat and install the OS and everything back myself, so that's likely why I know all the Admin details of my own system - same goes for everyone else in my group pretty much.

For Webroach... No, I'm a PC user. I just happen to work (have for 7 years) on a Mac team. I guess I'm a Windows/Mac user professionally and a Windows user on my own time.

Tony, I just happened to forget about specifying the domain on the login. I've done that at work myself.

So how should (ideally) a machine be set up to be able to use it stand-alone as well as on a corporate LAN? Was it fine before with her username on the Domain?

Now say I'd like to be able to connect such a machine to my home network - to surf the net or to browse my other filestores? Am I going to be able to do that easily while still using the same user login? Or does another one have to be created?

What will be the primary differences between doing this for a wired versus wireless connection?

My GF's machine is also set up with VPN access, but I don't see how this is going to do any good from home if she can't connect to my network. Using it over dialup is an excercise in idiocy because I've got broadband already.

I know this is going to get on my nerves/piss me off if I have to deal with that laptop again and can't get it to connect, likewise if she's forced to use dialup. So, any help will be really appreciated. It will no doubt prevent the loss of a few stress-related years off my life.

Bruno
_________________________
Bruno
Twisted Melon : Fine Mac OS Software

Top
#208997 - 12/03/2004 17:44 Re: Can't login to own laptop - help? [Re: hybrid8]
tfabris
carpal tunnel

Registered: 20/12/1999
Posts: 31594
Loc: Seattle, WA
So how should (ideally) a machine be set up to be able to use it stand-alone as well as on a corporate LAN? Was it fine before with her username on the Domain?
My favorite way to do this is:

- Build the machine yourself, and make sure the owner of that machine knows its local Administrator account password. Or sets that password themselves during setup.

- After you create a user account to join the domain (girlfriendsdomain\girlfriendsname), sign back in as local Administrator and use the user manager to add (girlfreindsdomain\girlfriendsname) as one of the members of the local machine's "administrators" group.

That way, when the computer is on the domain, the person still has admin rights on that box, but is not an admin on the network in general. And they sign in with (girlfriendsname) no matter what environment they're in so it all Just Works.
_________________________
Tony Fabris

Top
#208998 - 13/03/2004 00:56 Re: Can't login to own laptop - help? [Re: tfabris]
msaeger
carpal tunnel

Registered: 23/09/2000
Posts: 3608
Loc: Minnetonka, MN
That's how my laptop is setup and it works very well. The problem would be if the computer is issued from the company who knows it their IT department would let you do that. (That's why I bought my own and gave the company issued one back )
_________________________

Matt

Top
#208999 - 13/03/2004 19:10 Re: Can't login to own laptop - help? [Re: tfabris]
hybrid8
carpal tunnel

Registered: 12/11/2001
Posts: 7738
Loc: Toronto, CANADA
Thanks Tony. I know a few people in IT at work so I'll see if someone can make the mod to her machine.

Bruno
_________________________
Bruno
Twisted Melon : Fine Mac OS Software

Top
#209000 - 16/03/2004 11:44 Re: Can't login to own laptop - help? [Re: hybrid8]
Oli
journeyman

Registered: 20/02/2002
Posts: 58
Loc: Bucks, UK.
Or, boot from a cd with NTFSdos Pro, mount local hard drive, copy the SAM file from the WINNT dir onto a disk. This stores all the local passwords in an encrypted form. Transfer the SAM file to another machine and use SAMinside to extract password hashes. Then use Lophtcrack to perform a brute force password crack on the hashes. presto... local admin password.

Oli.

Top
#209001 - 16/03/2004 11:59 Re: Can't login to own laptop - help? [Re: tfabris]
andy
carpal tunnel

Registered: 10/06/1999
Posts: 5916
Loc: Wivenhoe, Essex, UK
Of course, it would only work if she's actually connected to the work LAN. You can't do that unless the domain in question is really there.

You can if you have logged on to the domain on the LAN recently. The authentication gets cached for a while meaning you can logon to the domain even when not connected to a network.
_________________________
Remind me to change my signature to something more interesting someday

Top
#209002 - 16/03/2004 13:30 Re: Can't login to own laptop - help? [Re: Oli]
Ezekiel
pooh-bah

Registered: 25/08/2000
Posts: 2413
Loc: NH USA
Oli - Stop, you're scaring the children (well, me anyhow)!

-Zeke
_________________________
WWFSMD?

Top