10931419_10152524230236587_4253503813420642869_n

So a customer calls me and is a little hesitant to explain what’s wrong with her computer. Almost without fail when they dance around what happened – you know it’s likely the Microsoft Tech Support Scam. (See Snopes). Not a big deal – we scan their computer, ensure nothing is lurking in scheduled tasks or startup, and point them to information related to reversing any charges if it got that far.

Well this time was different. “They changed my password on my computer and now I can’t log back in. Can you reset it?” That was new for me and pretty clever. I told her absolutely – we reset passwords often. A quick boot into System Rescue CD, mount the drive, and run chntpw. Voila!

So I get the computer (running Windows 8.1), boot it up, and see this:

syskey

“This computer is configured to require a password in order to startup”. This looked vaguely familiar, and not in a good way. Especially on Windows 8 since that popup has a very Windows NT vibe. A quick trip to Google and it all comes back. Syskey allows for encrypting the SAM hive where all the password hashes are stored. This was going to be harder than I thought… So I called the customer to get a little more info…

(more…)

WindowsGlassRegistry corruptions don’t always require a wipe and reinstall. You can often get the registry ‘back’ using a backed up copy. Microsoft published a procedure for doing this way back in knowledge base article KB307545. The trouble with this procedure is it is very tedious, utilizing Windows XP recovery mode  (basically a DOS prompt) and tricks to get into the System Volume Information directory.

Instead, utilizing the fantastic System Recovery CD, you can quickly restore a backup copy of the registry.

(more…)

  • 1 Comment
  • Filed under: Microsoft