Announcement

Collapse
No announcement yet.

Need to reset admin password on a remote PC.

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Need to reset admin password on a remote PC.

    Hi All,
    We have a rouge PC on our network and cannot physically find it.....
    Its running XP Pro and can be pinged and I can connect to the shared drives but need to access the PC as it is constantly connecting to a dubious website. It is in ots own Workgroup but has a dhcp address in our range, so it probably is one of ours.
    Any ideas how I can get to this. I would like to change the admin password so I can look at where it is and who is logged on etc. If this is not possible, can I shut it down remotely without the admin password????

    Any help please would be much appreciated....

    Thanks
    Mike
    (aka stretcheboy)

  • #2
    Re: Need to reset admin password on a remote PC.

    You could try using PSSHUTDOWN from PS Tools... but I think you might need the admin password.

    Why not block its IP at the company firewall? That way there is no way for the user to get around the block...


    Tom
    For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

    Anything you say will be misquoted and used against you

    Comment


    • #3
      Re: Need to reset admin password on a remote PC.

      Thanks for the reply stonelaughter...
      I have tried this just now (forgot those existed...) but no joy I'm afraid.
      I do need the password.
      We have blocked the IP address on the firewall (or the network guy has.. ) but it is still broadcasting.
      It not a massive problem I admit, but I would like to shut it down if poss, that way the users will contact us and then we can trace the PC.
      I have only been here a couple of weeks and there is no asset tracking or monitoring in place at teh moment, hence we do not know where it is or if indeed it truly is one of ours...
      It seems also when I try to connect that the RPC service is not working. I assume this means that any remote options are out of the question?

      Thanks for the help.
      Mike.

      Comment


      • #4
        Re: Need to reset admin password on a remote PC.

        Sounds to me like someone has deliberately set this machine up for them to do their nefarious doings. I would look at options like finding which switch port it is connected to - given the IP address the network guy should be able to do this - and disabling the switch port. p.s. If the network guy can find the switch port, he MUST also know the physical location... surely???


        Tom
        For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

        Anything you say will be misquoted and used against you

        Comment


        • #5
          Re: Need to reset admin password on a remote PC.

          Chances are this might not really be a physical machine. Right now I am assuming that this would be an OS in a Virtual Machine Environment. What do you guys think?

          Comment


          • #6
            Re: Need to reset admin password on a remote PC.

            Thinking wireless perhaps? VM's a good idea as well.

            Stone's got the right idea. Trace the IP on the switch, then assuming you've got a logical wire setup in the building, find out its location.

            Worst case, hit up every single PC there.
            ** Remember to give credit where credit is due and leave reputation points where appropriate **

            Comment


            • #7
              Re: Need to reset admin password on a remote PC.

              Thanks everyone....some good ideas here but alas....!!!....none have worked so far...
              We have already walked around the site and not found the machine (Good excuse for a full audit though..!) but we are a large manufacturing site with 100's of areas a pc could be hidden in.
              Managed switches come online in the next couple of months, so if we don't succeed before then.....
              As for the VM...mmmm possible. When I browse the workgroup (only the 1 machine in the MSHOME worksgroup), it has a comment of test. So, a VM is feasable.

              If anyone has any more ideas, I'd love to hear them and try them....
              When I do eventually find an answer (and I will.....lol) I'll post it on here. Might help someone in the future.

              Thanks again all those who have helped....
              Mike.

              Comment


              • #8
                Re: Need to reset admin password on a remote PC.

                Originally posted by stretcheboy View Post
                Managed switches come online in the next couple of months, so if we don't succeed before then.....
                Your MDF/server room is using unmanaged switches? You mean something like these? I'm slightly 'ed.

                Stonelaughter had the right idea. Just get the offending node's MAC address and then look through your switch's MAC tables to find the port. Then... if you have decently documented wires... trace it back to a physical wire drop. Of course, you could put a white hat on and scan the node for vulnerabilities and then sort of use those to your advantage.
                Wesley David
                LinkedIn | Careers 2.0
                -------------------------------
                Microsoft Certifications: MCSE 2003 | MCSA:Messaging 2003 | MCITP:EA, SA, EST | MCTS: a'plenty | MCDST
                Vendor Neutral Certifications: CWNA
                Blog: www.TheNubbyAdmin.com || Twitter: @Nonapeptide || GTalk, Reader and Google+: [email protected] || Skype: Wesley.Nonapeptide
                Goofy kitten avatar photo from Troy Snow: flickr.com/photos/troysnow/

                Comment


                • #9
                  Re: Need to reset admin password on a remote PC.

                  what about rdp?
                  you could log on using remote desktop, and see in compmgmt.msc what type of hardware this machine is using, if you find something like vmnetwork card etc, then you know this is virtual machine. you could do the same from AD if you can see that machine in mmc.

                  If that doesn't work, and you really want to find out whether that is a virtual machine, then scan the network, and get the MAC address.

                  Company and Products MAC unique identifier (s)
                  VMware ESX 3, Server, Workstation, Player 00-50-56, 00-0C-29, 00-05-69
                  Microsoft Hyper-V, Virtual Server, Virtual PC 00-03-FF
                  Parallells Desktop, Workstation, Server, Virtuozzo 00-1C-42
                  Virtual Iron 4 00-0F-4B
                  Red Hat Xen 00-16-3E
                  Oracle VM 00-16-3E
                  XenSource 00-16-3E
                  Novell Xen 00-16-3E
                  Sun xVM VirtualBox 08-00-27

                  that should be helpful
                  ..:: jumanji

                  Comment

                  Working...
                  X