Petri.co.il forums Home Forums Start Page Forums Frequently Asked Questions FAQ Member List Members List
Go Back   Petri IT Knowledgebase Forums > Security > Forgot Administrator Password
Petri.co.il is happy to award RicklesP the title of Most Valuable Member !!!
Register Calendar Calendar Search Petri IT Knowledgebase Forums Search Todays Posts Today's Posts Mark Forums Read
Notices

system error 5 has occurred

system error 5 has occurred

this thread has 4 replies and has been viewed 33040 times

Closed Thread
 
Thread Tools Search this Thread Display Modes
  #1  
Old 22nd January 2004, 23:40
ronker's Avatar
ronker ronker is offline
Junior Member
Staying around
 
 Join Date: Jan 2004
  6 month star 12 month star
 Location: Israel
 Posts: 176
 Reputation: ronker is on a distinguished road (11)
Default system error 5 has occurred

im trying to reset the administrator password folowing the "Alternate Method - The LOGON.SCR trick" on petri and keep getting this massage : "system error 5 has occurred access is denied"

please help
__________________
crocus
  #2  
Old 15th October 2006, 17:30
MXMsound MXMsound is offline
Casual
Casual
 
 Join Date: Oct 2006
  6 month star 12 month star
 Posts: 1
 Reputation: MXMsound is on a distinguished road (10)
Default Re: system error 5 has occurred

I try "net user administrator pass" in command line, i have the same problem.
  #3  
Old 15th October 2006, 20:21
biggles77's Avatar
biggles77 biggles77 is offline
Administrator
 
 Join Date: Dec 2003
  6 month star 12 month star
 Location: Nowhere that I like.
 Posts: 11,051
 Reputation: biggles77 is a splendid one to beholdbiggles77 is a splendid one to beholdbiggles77 is a splendid one to beholdbiggles77 is a splendid one to beholdbiggles77 is a splendid one to beholdbiggles77 is a splendid one to beholdbiggles77 is a splendid one to behold (793)
Default Re: system error 5 has occurred

Yawn, system error 5 has occurred access is denied

Moved to Password Forum.
__________________
"There I stood at the bar, wearing a Mae West, no jacket, and beginning to leak blood from my torn boot. None of the golfers took any notice of me - after all, I wasn't a member!" Kenneth Lee - after being shot down during the Battle of Britain on the 18th August 1940.

************************************************** **********************
** Remember to give credit where credit is due and leave reputation points where appropriate **
************************************************** **********************
  #4  
Old 16th October 2006, 10:53
Ossian Ossian is offline
Administrator
 
 Join Date: Nov 2003
  6 month star 12 month star
 Location: Bonnie Scotland
 Posts: 16,654
  Send a message via Skype™ to Ossian
 Reputation: Ossian has a brilliant futureOssian has a brilliant futureOssian has a brilliant futureOssian has a brilliant futureOssian has a brilliant futureOssian has a brilliant futureOssian has a brilliant futureOssian has a brilliant futureOssian has a brilliant futureOssian has a brilliant futureOssian has a brilliant future (1520)
Default Re: system error 5 has occurred

Ronker and MXMSound -- you should know that that trick does not work on a Win9x machine -- you need to delete the username.pwl file instead.

If you (just on the off chance) happen to be using a different operating system, please have the courtesy to tell us what it is, also a little bit of information about your network environment (domain or workgroup is a good start).

There is an implicit assumption here that we already know about your setup. We DONT!

Tom
__________________
Tom Jones
MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
PhD, MSc, FIAP, MIITT
IT Trainer / Consultant
Ossian Ltd
Scotland

** Remember to give credit where credit is due and leave reputation points where appropriate **
  #5  
Old 23rd October 2006, 15:31
rvalstar's Avatar
rvalstar rvalstar is offline
Senior Member
Guru
 
 Join Date: Oct 2006
  6 month star 12 month star
 Location: Houston, TX
 Posts: 1,303
 Reputation: rvalstar is just really nicervalstar is just really nicervalstar is just really nicervalstar is just really nice (376)
Default Re: system error 5 has occurred

I'm going to imagine they are using WXP or an up-to-date W2K install as that would explain the behavior. Here's my canned response to this now urban legend of a hack. Since they made it to #3, please read from #4 on.

Ciao,

Rick

=====================================
The LOGON.SCR trick does not work w/ current (all?) WXP installations on several fronts.

1) If you can replace logon.scr with cmd.exe, "Windows File Protection" (WFP) will undo it. So you'd have to be able to disable that first OR change the registry value for SCRNSAVE.EXE in [HKEY_USERS\S-1-5-18\Control Panel\Desktop] from logon.scr to cmd.exe

2) Assuming you get cmd.exe in as the screen saver for SYSTEM and wait the 10 +/- minutes, a CMD box will pop up as noted under the user SYSTEM.

3) You try to do a NET USER Administrator <new_pwd> and you get "System error 5 has occurred. Access is denied" -- how can this be? Isn't SYSTEM all powerful?

4) SYSTEM is all powerful but Microsoft fixed this back door by removing almost all of SYSTEM's privs. Running a "whoami /user /groups /priv" for a normal SYSTEM session (AT hh:mm /INTERACTIVE cmd) gives:

[User] = "NT AUTHORITY\SYSTEM"

[Group 1] = "BUILTIN\Administrators"
[Group 2] = "Everyone"
[Group 3] = "NT AUTHORITY\Authenticated Users"

(X) SeTcbPrivilege = Act as part of the operating system
(O) SeCreateTokenPrivilege = Create a token object
(O) SeTakeOwnershipPrivilege = Take ownership of files or other objects
(X) SeCreatePagefilePrivilege = Create a pagefile
(X) SeLockMemoryPrivilege = Lock pages in memory
(O) SeAssignPrimaryTokenPrivilege = Replace a process level token
(O) SeIncreaseQuotaPrivilege = Adjust memory quotas for a process
(X) SeIncreaseBasePriorityPrivilege = Increase scheduling priority
(X) SeCreatePermanentPrivilege = Create permanent shared objects
(X) SeDebugPrivilege = Debug programs
(X) SeAuditPrivilege = Generate security audits
(O) SeSecurityPrivilege = Manage auditing and security log
(O) SeSystemEnvironmentPrivilege = Modify firmware environment values
(X) SeChangeNotifyPrivilege = Bypass traverse checking
(O) SeBackupPrivilege = Back up files and directories
(O) SeRestorePrivilege = Restore files and directories
(O) SeShutdownPrivilege = Shut down the system
(X) SeLoadDriverPrivilege = Load and unload device drivers
(X) SeProfileSingleProcessPrivilege = Profile single process
(X) SeSystemtimePrivilege = Change the system time
(X) SeUndockPrivilege = Remove computer from docking station
(O) SeManageVolumePrivilege = Perform volume maintenance tasks
(X) SeImpersonatePrivilege = Impersonate a client after authentication
(X) SeCreateGlobalPrivilege = Create global objects

But running the same command from the LOGON.SCR replacement instance of CMD.EXE gives:

[User] = "NT AUTHORITY\SYSTEM"

[Group 1] = "BUILTIN\Administrators"
[Group 2] = "Everyone"
[Group 3] = "NT AUTHORITY\Authenticated Users"

(X) SeChangeNotifyPrivilege = Bypass traverse checking

That's why this doesn't work.

Last edited by rvalstar; 26th December 2006 at 03:20.. Reason: missed mentioning W2K
Closed Thread


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Disaster rocovery mode and system attendant m80arm Exchange 2000 / 2003 4 14th February 2007 20:14
change bot & system partition S2002 Windows 2000 Pro, XP Pro 1 30th January 2006 11:47
System Error 5 has occured MarkC Forgot Administrator Password 3 21st June 2005 01:20
Help regarding System restore on a new PC? imran_mcse Active Directory 1 7th March 2005 16:04
Save data during system recovery scan4me Windows 2000 Pro, XP Pro 1 9th February 2005 07:45


All times are GMT +3. The time now is 06:02.

Steel Blue 3.5.4 vBulletin Style ©2006 vBEnhanced
Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
 

Valid XHTML 1.0!   Valid CSS!

Copyright 2005 Daniel Petri