Wednesday, May 6, 2009

Hack and Reset Windows NT 4.0 and Windows 2000 Administrator or Domain Admin Password with LOGON.SCR Trick

  1. Logon or login to the Windows computer with any user account.
  2. Navigate to %systemroot%\System32 in Windows Explorer. %systemroot% is your Windows installation folder, and normally located in \WINNT or \Windows (i.e. \WINNT\System32).
  3. Save a copy of LOGON.SCR file, or simply rename the logon.scr file to something else. Just make sure that you remember where and what name is the backup copy.
  4. Delete the original LOGON.SCR from the %systemroot%\System32 sub-folder after you have backed it up. The file should no longer exist if you rename it.

    Note: If you having problem to delete or rename LOGON.SCR, it may be due to permission settings. Try to take ownership of the LOGON.SCR (by right clicking on LOGON.SCR, then select Properties and go to the Security tab, then click on the Ownership. Click “Take Ownership” and then click Yes to the prompt message.), and give the Everyone group Full Control permissions (by right clicking on LOGON.SCR then select Properties, then go to Security tabs. Click on Add and browse to and add the Everyone group. Give Everyone Full Control and then click on OK.) You may need to install an alternate second copy of Windows on the machine to do so as detailed at the end of this article.

  5. Copy and paste the CMD.EXE located in %systemroot%\System32 to create additional copy of CMD.EXE in the same directory, then rename the new copied file as LOGON.SCR. This will let the Windows NT or Windows 2000 to use CMD.EXE command prompt program as the screen saver that will be activated after computer idle for specific minutes.
  6. Ensure that you activate the screen saver of the Windows.
  7. Wait for the computer screen saver activation idle wait time timeout, so that Windows will load the unprotected DOS command prompt in the context of the local system account as if it’s the screen saver.
  8. In the CMD command prompt that is opened, key in the following command to reset and change the administrator’s password:

    net user administrator newpassword

    And the user account for administrator will have the new password of newpassword (which you should change to your own password). With the syntax of net use user_name new_password, it can be used to reset or modify the password of other administrative user account’s passwords.

  9. You can now log on to the administrator account with the new password. You may want to replace back the original LOGON.SCR that has been backed up or renamed.
  10. You may want to delete the alternate installation of Windows, by deleting the installation folder or format the partition (if you install in different partition), and removing the second Windows entry in BOOT.INI file at the root. Use attrib -r -s -h c:\boot.ini to change and allow the boot.ini to be modified and viewed.

Saturday, April 25, 2009

Disable Password Caching

As in Windows for Workgroups, when logging on to an NT Domain, it is preferable to disable password caching.
This allows for the single NT Domain login and eliminates the secondary Windows logon screen.
It also eliminates the possibility of the respective passwords to get out of sync.
To disable password caching on the workstation, a one-line addition to the registry needs to be made.
To make the change, create a ASCII text file called DISABLE.REG with the following lines:


  • REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Network]
    "DisablePwdCaching"=dword:00000001



  • Open up a DOS box and type REGEDIT DISABLE.REG
    You can also download the DISABLE.REG file.
    If you need to re-enable password caching, download ENABLE.REG and repeat the process just with the different file name

    Here is how to add any application to the menu when you right click on any Folder.
    This could be useful if there is an app you always want available and don't want to go through the Start menu

    1. Start Regedit
    2. Go to HKEY_CLASSES_ROOT \ Folder \ shell
    3. Add a key Name_of_Your_App
    4. This can really be any label, just use one that makes sense to you
    5. Give it a default value of Name_of_Your_App
    6. Putting a & in front of a character will allow you to use the keyboard
    7. Go to HKEY_CLASSES_ROOT \ Folder \ shell \ Name_of_Your_App
    8. Add a key command
    9. Give it a default value of the application you want to run
    10. For example: c:\program files\internet explorer\iexplore.exe
    11. Include the full path
    Now when you right click on any folder, you can have access to that application
    This will work for both Windows95 and NT 4.0

    Changing Exchange's Mailbox Location

    When you create a mailbox in Exchange for e-mail, you specify the file where you want to mail to go.
    You cannot change this in Exchange afterwards.

    If you want to change the file name or location::

    1. Start Regedit
    2. Go to HKEY_CURRENT_USER \ Software \ Microsoft \ WindowsMessaging Subsystem \ Profiles
    3. Go to the profile you want to change
    4. Go to the section that has the file location for your mailbox (*.PST) file in the right hand panel
    5. Make the change to file location or name
    6. Restart Exchange

    Removing Sound Events from Control Panel / Sounds

    When you view what events you can assign sounds to from Control Panel / Sounds,
    you cannot delete the events themselves. In order to do that:

    1. Start Regedit
    2. Go to HKEY_CURRENT_USER / AppEvents / Schemes / Apps
    3. From here you can delete any items you don't want to show or no longer need.

    Opening a DOS Window to either the Drive or Directory in Explorer

    Add or Edit the following Registry Keys

    [HKEY_CLASSES_ROOT\Directory\shell\opennew]
    @="Dos Prompt in that Directory"

    [HKEY_CLASSES_ROOT\Directory\shell\opennew\command]
    @="command.com /k cd %1"

    [HKEY_CLASSES_ROOT\Drive\shell\opennew]
    @="Dos Prompt in that Drive"

    [HKEY_CLASSES_ROOT\Drive\shell\opennew\command]
    @="command.com /k cd %1"

    These will allow you to right click on either the drive or the directory and the option of starting the dos prompt there will pop up

    Compacting the Registry

    How to compact the registry?

    1. Got to true DOS, not a DOS window
    2. Run Regedit and then export the entire Registry to COMPACT.REG.
    3. Then exit regedit and run it again with the following switch. REGEDIT /C COMPACT.REG

    Enabling the Middle Mouse Button on Logitech Mouse

    To enable the middle mouse button on Logitech Mouses to act as a double-click button by only pressing it once:

    1. Run Regedit
    2. Go to HKEY_LOCAL_MACHINE\SOFTWARE\LOGITECH\MOUSEWARE\CURRENTVERSION\SERIALV\0000
    3. Change DoubleClick to equal 001

    Easily Opening a File with Notepad

    This will enable you to right click on any file and have the option to open it with notepad.
    Also if a file has no association and you try to open it it will open with notepad

    1. Run 'regedit.exe'
    2. Expand "HKEY_CLASSES_ROOT"
    3. Inside "HKEY_CLASSES_ROOT", expand "*"
    4. Inside "*", create a key called "shell"
    5. Inside "shell" create a key called "open"
    6. Inside "open" edit the string "(default)" to say "open (notepad)"
    7. Inside "open" create a key called "command"
    8. Inside "command" edit the string "(default)" to say C:\WINDOWS\NOTEPAD.EXE "%1"

    Removing the Hand Icon from Shared Resources

    When you share a local resource, Windows95 normally puts a hand in from of that resources icon.
    To remove hand icon from your shared resources:

    1. Start Regedit.
    2. Go to HKEY_CLASSES_ROOT / Network
    3. Open SharingHandler.
    4. Clear it's default value
    5. Restart Windows.
    6. To restore set Default value "msshrui.dll".

    Hiding Any Combination of Drives

    If you want to stop a drive or any combination of drives appearing in Explorer/My Computer

    Add the Binary Value of 'NoDrives' in the registry at HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

    Give it a value from a combination of the table below:

    A 1 00 00 00
    B 2 00 00 00
    C 4 00 00 00
    D 8 00 00 00
    E 16 00 00 00
    F 32 00 00 00
    G 64 00 00 00
    H 128 00 00 00
    I 00 1 00 00
    J 00 2 00 00
    K 00 4 00 00
    L 00 8 00 00
    M 00 16 00 00
    N 00 32 00 00
    O 00 64 00 00
    P 00 128 00 00
    Q 00 00 1 00
    R 00 00 2 00
    S 00 00 4 00
    T 00 00 8 00
    U 00 00 16 00
    V 00 00 32 00
    W 00 00 64 00
    X 00 00 128 00
    Y 00 00 00 1
    Z 00 00 00 2

    Where (for eg) you want to hide Drives {C,E,J,O,R,U,Y,Z} you would give 'NoDrives' the value 14 42 12 03
    Where C+E = 14, J+O = 42, R+U=12 and Y+Z = 03
    Please NOTE: The Numbers are to be added in HEXadecimal ie: ABCD = 0F, not 15 All Drives Visible is 00 00 00 00 All Drives Hidden is FF FF FF 03

    Creating a Legal Text Notice Before Logon

    You can create a banner that will come up just before you logon to the computer:

    1. Start Regedit
    2. Go to HKeyLocalMachine \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ WinLogon
    3. Create a new string value called LegalNoticeCaption and give it a value you want to see in the menu bar
    4. Create a new string value called LegalNoticeText and give it a value you want to see in the dialog box

    Now before anyone logs into that computer, this banner will come up on the screen.
    This can be useful for any legal warnings you want to give regarding the use of the computer.

    Disabling the Blinking Cursor

    To stop the cursor from blinking in applications such as Word:

    1. Start Regedit
    2. Go to HKEY_CURRENT_USER\Control Panel\Desktop
    3. Add a String Value
    4. Name it CursorBlinkRate
    5. Give it a value of -1
    6. Reboot the computer

    Re-Enabling DHCP Error Messages

    If you got a DHCP error message, selected to not see DHCP errors, and now want to see them again;

    1. Start Regedit
    2. Go to HKEY_LOCAL_MACHINE \ System \ CurrentControlSet \ Services \ VxD \ DHCP
    3. Change the value of PopupFlag from 00 to 01

    Getting Rid of Schemes

    1. A safer way would be is to go to the Control Panel / Display / Appearance tab
    2. Go to the Scheme drop down box
    3. Select the one you don't want and click on the delete button

    When you right click on your desktop and pick properties your Display Properties screen appears.
    Under Appearance tab / Schemes, determine if you want all those wild schemes.
    If not they can be deleted and clear approximately 45K.
    Before you delete them, choose or create at least 1 Scheme and "Save As" (in my case Bud 1).

    1. Open Regedit
    2. Go to HKEY_CURRENT_USER \ Control Panel \ Appearance \ Schemes
    3. Highlight every String and Value on the right side and delete. DO NOT DELETE "Default"

    NT Crash Log File

    In addition to the crash log file, you can also enable two other methods of crash notification and logging.

    You can enable an administrative alert by changing the value of

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl\SendAlert to 1. The next time the system crashes, an administrative alert will be sent that may provide the first sign of the crash.

    You can also make NT log the crash in the event log by changing the value of

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\CrashControl\LogEvent to 1 instead of its default 0. Now, the exact time of the crash will be permanently recorded.

    Changing the Location of Outlook Express Data Files

    Normally Outlook Express keeps its data files in the C:\Windows\Application Data\Microsoft\Outlook Express directory.

    To change this:

    1. First copy those files to the new location
    2. Start RegEdit
    3. Go to HKEY_CURRENT_USER \ Software \ Microsoft \ Outlook Express
    4. Change the Store Root key to the directory where you moved the files

    Sticky Menus

    Normally when you move the mouse over the Start Menu / Programs, it will automatically cascade and show the submenus.
    If you want them to open only when you actually click on them:

    1. Start Regedit
    2. Go to HKEY_CURRENT_USER \ Control Panel \ Desktop
    3. If if it not already there, create a string called MenuShowDelay
    4. Give it a value of 65534

    Automatic Shutdown with Windows NT

    Most laptops allow the operating system to turn off the hardware after shutdown, instead of displaying the message telling you it's now safe to turn off your system.
    You can take advantage of this capability by enabling the Power Down After Shutdown feature.

    To enable this feature, simply add a REG_SZ value named HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\PowerdownAfterShutDown and set it to 1.

    Next, tell NT to shut down and see if the machine turns itself off after shutting down. If it doesn't, change the value back to 0 to restore normal operation.

    Kill Hung Processes When Logging Off in Windows NT

    When you tell NT to shut down, it first sends shutdown requests to any running processes.
    Most 32-bit applications honor these requests and shut down, but older 16-bit apps running in the Virtual DOS Machine often won't.
    When this occurs, the operating system prompts you with a dialog box asking if you want to kill the task, wait for the task to die on its own, or cancel the shutdown.
    By modifying the Registry, you can automate this process.

    You can force NT to kill all running processes on shutdown by adding a REG_SZ value named HKEY_USER\\ControlPanel\Desktop\AutoEndTasks and set the value to 1. You can also add this value to HKEY_USERS\.DEFAULT so that all new accounts will shut down the same way.