F5F Stay Refreshed Software Operating Systems Help with disabled local account issues

Help with disabled local account issues

Help with disabled local account issues

M
MasterDoge101
Member
Find
66
07-04-2020, 07:41 AM
#1
Hello
I used an Admin Local account a few days ago, but my PC joined an Active Directory with limited capabilities. The AD admin also disabled my local account, so whenever I try to log in as the local account, I receive the message "your account is disabled."
Now I want to re-enable the local account, but I don’t have access to the AD admin password and can’t modify group policies. When I enter safe mode, I can only log in with my AD account.
I attempted to edit the SAM file using WinRe:
I discovered that I can still access the local account through winre>regedit, but "access is denied" appears.
I loaded hex dive and edited the SAM file:
HKEY_LOCAL_MACHINE\REPAIR\SAM\Domains\Account\Users\000001F4
The hex value 0038 was 10, so I didn’t make any changes.
Looking at the user name, I saw the default account, which means my AD account. I tried assigning admin privileges to the default account, but changed the hex value from 15 to 10 and saved it. After restarting, I didn’t notice any differences. Then I reopened WinRe and reloaded the SAM file to check if the changes persisted—there they were, so I didn’t need to adjust anything.
However, I noticed that the value under HKEY_LOCAL_MACHINE\SAM doesn’t update to my modified SAM file created in System32/config. Why is that? It should be able to read from System32/config, right?
I’m also wondering why the built-in Admin account isn’t visible in safe mode.
Any suggestions on how I can re-enable the local account again?
Thank you
Reply
Reply
M
MasterDoge101
07-04-2020, 07:41 AM #1

Hello
I used an Admin Local account a few days ago, but my PC joined an Active Directory with limited capabilities. The AD admin also disabled my local account, so whenever I try to log in as the local account, I receive the message "your account is disabled."
Now I want to re-enable the local account, but I don’t have access to the AD admin password and can’t modify group policies. When I enter safe mode, I can only log in with my AD account.
I attempted to edit the SAM file using WinRe:
I discovered that I can still access the local account through winre>regedit, but "access is denied" appears.
I loaded hex dive and edited the SAM file:
HKEY_LOCAL_MACHINE\REPAIR\SAM\Domains\Account\Users\000001F4
The hex value 0038 was 10, so I didn’t make any changes.
Looking at the user name, I saw the default account, which means my AD account. I tried assigning admin privileges to the default account, but changed the hex value from 15 to 10 and saved it. After restarting, I didn’t notice any differences. Then I reopened WinRe and reloaded the SAM file to check if the changes persisted—there they were, so I didn’t need to adjust anything.
However, I noticed that the value under HKEY_LOCAL_MACHINE\SAM doesn’t update to my modified SAM file created in System32/config. Why is that? It should be able to read from System32/config, right?
I’m also wondering why the built-in Admin account isn’t visible in safe mode.
Any suggestions on how I can re-enable the local account again?
Thank you

Reply
Reply
N
NinjaaGamer_
Member
Find
189
07-04-2020, 01:42 PM
#2
is this your personal pc?
Reply
Reply
N
NinjaaGamer_
07-04-2020, 01:42 PM #2

is this your personal pc?

Reply
Reply
J
jjsoini
Posting Freak
Find
809
07-07-2020, 09:29 PM
#3
Ask the actual admin people.
Reply
Reply
J
jjsoini
07-07-2020, 09:29 PM #3

Ask the actual admin people.

Reply
Reply
J
Jelly_Fluff
Member
Find
54
07-08-2020, 06:20 AM
#4
yes but i use it for work. for security reasons i can't use Company Network unless i join to AD, although it was optional. i want to use AD accounts only when necessary, so i need both local and AD accounts.
Reply
Reply
J
Jelly_Fluff
07-08-2020, 06:20 AM #4

yes but i use it for work. for security reasons i can't use Company Network unless i join to AD, although it was optional. i want to use AD accounts only when necessary, so i need both local and AD accounts.

Reply
Reply
S
Sihere
Member
Find
187
07-13-2020, 05:57 AM
#5
Collaborate with your employers' IT team.
This is merely one of the challenges when trying to utilize a personal system for professional responsibilities.
Reply
Reply
S
Sihere
07-13-2020, 05:57 AM #5

Collaborate with your employers' IT team.
This is merely one of the challenges when trying to utilize a personal system for professional responsibilities.

Reply
Reply
A
Andy_206
Member
Find
58
07-18-2020, 03:54 PM
#6
I discovered a fix, it was quite simple, employing the access convenience method and executing a command to restore the local account.
Reply
Reply
A
Andy_206
07-18-2020, 03:54 PM #6

I discovered a fix, it was quite simple, employing the access convenience method and executing a command to restore the local account.

Reply
Reply