Please Read: Significant Update Planned, Migrating Forum Software This Month

See more
See less

system error 5 has occurred

  • Filter
  • Time
  • Show
Clear All
new posts

  • system error 5 has occurred

    im trying to reset the administrator password folowing the "Alternate Method - The LOGON.SCR trick" on petri and keep getting this massage : "system error 5 has occurred access is denied"

    please help

  • #2
    Re: system error 5 has occurred

    I try "net user administrator pass" in command line, i have the same problem.


    • #3
      Re: system error 5 has occurred

      Yawn, system error 5 has occurred access is denied

      Moved to Password Forum.
      1 1 was a racehorse.
      2 2 was 1 2.
      1 1 1 1 race 1 day,
      2 2 1 1 2


      • #4
        Re: system error 5 has occurred

        Ronker and MXMSound -- you should know that that trick does not work on a Win9x machine -- you need to delete the username.pwl file instead.

        If you (just on the off chance) happen to be using a different operating system, please have the courtesy to tell us what it is, also a little bit of information about your network environment (domain or workgroup is a good start).

        There is an implicit assumption here that we already know about your setup. We DONT!

        Tom Jones
        MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
        PhD, MSc, FIAP, MIITT
        IT Trainer / Consultant
        Ossian Ltd

        ** Remember to give credit where credit is due and leave reputation points where appropriate **


        • #5
          Re: system error 5 has occurred

          I'm going to imagine they are using WXP or an up-to-date W2K install as that would explain the behavior. Here's my canned response to this now urban legend of a hack. Since they made it to #3, please read from #4 on.



          The LOGON.SCR trick does not work w/ current (all?) WXP installations on several fronts.

          1) If you can replace logon.scr with cmd.exe, "Windows File Protection" (WFP) will undo it. So you'd have to be able to disable that first OR change the registry value for SCRNSAVE.EXE in [HKEY_USERS\S-1-5-18\Control Panel\Desktop] from logon.scr to cmd.exe

          2) Assuming you get cmd.exe in as the screen saver for SYSTEM and wait the 10 +/- minutes, a CMD box will pop up as noted under the user SYSTEM.

          3) You try to do a NET USER Administrator <new_pwd> and you get "System error 5 has occurred. Access is denied" -- how can this be? Isn't SYSTEM all powerful?

          4) SYSTEM is all powerful but Microsoft fixed this back door by removing almost all of SYSTEM's privs. Running a "whoami /user /groups /priv" for a normal SYSTEM session (AT hh:mm /INTERACTIVE cmd) gives:

          [User] = "NT AUTHORITY\SYSTEM"

          [Group 1] = "BUILTIN\Administrators"
          [Group 2] = "Everyone"
          [Group 3] = "NT AUTHORITY\Authenticated Users"

          (X) SeTcbPrivilege = Act as part of the operating system
          (O) SeCreateTokenPrivilege = Create a token object
          (O) SeTakeOwnershipPrivilege = Take ownership of files or other objects
          (X) SeCreatePagefilePrivilege = Create a pagefile
          (X) SeLockMemoryPrivilege = Lock pages in memory
          (O) SeAssignPrimaryTokenPrivilege = Replace a process level token
          (O) SeIncreaseQuotaPrivilege = Adjust memory quotas for a process
          (X) SeIncreaseBasePriorityPrivilege = Increase scheduling priority
          (X) SeCreatePermanentPrivilege = Create permanent shared objects
          (X) SeDebugPrivilege = Debug programs
          (X) SeAuditPrivilege = Generate security audits
          (O) SeSecurityPrivilege = Manage auditing and security log
          (O) SeSystemEnvironmentPrivilege = Modify firmware environment values
          (X) SeChangeNotifyPrivilege = Bypass traverse checking
          (O) SeBackupPrivilege = Back up files and directories
          (O) SeRestorePrivilege = Restore files and directories
          (O) SeShutdownPrivilege = Shut down the system
          (X) SeLoadDriverPrivilege = Load and unload device drivers
          (X) SeProfileSingleProcessPrivilege = Profile single process
          (X) SeSystemtimePrivilege = Change the system time
          (X) SeUndockPrivilege = Remove computer from docking station
          (O) SeManageVolumePrivilege = Perform volume maintenance tasks
          (X) SeImpersonatePrivilege = Impersonate a client after authentication
          (X) SeCreateGlobalPrivilege = Create global objects

          But running the same command from the LOGON.SCR replacement instance of CMD.EXE gives:

          [User] = "NT AUTHORITY\SYSTEM"

          [Group 1] = "BUILTIN\Administrators"
          [Group 2] = "Everyone"
          [Group 3] = "NT AUTHORITY\Authenticated Users"

          (X) SeChangeNotifyPrivilege = Bypass traverse checking

          That's why this doesn't work.
          Last edited by rvalstar; 26th December 2006, 01:20. Reason: missed mentioning W2K


          ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

          2006-2099 R Valstar. This post is offered "as is" for discussion purposes only with no express or implied warranty of any kind including, but not limited to, correctness or fitness for use. Nothing herein shall be construed as advice. Attempting any activity based on information in this post is done at your own risk.