we tend to either a) remove local admin when it's added to the domain, or b) make local admin a non-standard account name with an utterly brutal password, since it's so infrequently used. ophcrack can crack windows xp easily enough, has a much harder time with windows 7. but besides all that, you cannot locally crack a domain account's password. it authenticates against the DC, so it doesn't store the password locally on the computer, even hashed. also - when you do not have access to a computer of your own and can only use the school computers, how do you go about making an ophcrack livecd/usb? :P those downloads are super-filtered pretty much everywhere.Makari
Yeah, if you set up a network following the MCSE/MCITP guidelines, disabling admin and changing the name to a non-standard name is exactly what you are supposed to upon setting up a new network (both the local admin and the domain admin accounts). Client OSes can and do cache the credentials of domain accounts. This is how laptops or remote computers are capapble of logging in locally when not directly connected to their domain.
If he were really trying to hack his school's computers (which from his post I'm pretty sure his question was around running apps -without- violating school rules) then his best bet would be to use a live USB stick with a password reset utility. While the local admin account's name can change, the GUID that uniquely identifies the account in Windows does not. These utilities boot outside of Windows and directly access the registry and locate the admin account based via GUID and overwrites the hashed password with their own. They'll also tell you what the username is for the admin account if it has been changed from "administrator". Zaku's suggestion to brute force the password is, as usual, born out of a complete lack of knowledge of the subject matter.
If the Op wanted to accomplish his goal unobtrusively and without modifying his school's computers, then WinPE on a USB stick would be the best (albeit slow) solution.
That's of course assuming that boot to USB isn't disabled in the BIOS and that the BIOS isn't password protected if boot to USB has been disabled. To be honest, if the network admin is any good then all of this would have been done and the discussion is moot.
-Byshop
Log in to comment