Ętherwide: connected «


Saving Windows with KNOPPIX

How to salvage a crippled Windows laptop.
15 November 2005

Last week I got a frantic call from a customer of mine who got locked out of his Windows 2000 laptop. In a misguided attempt to fix a perceived networking problem, a helpful coworker had removed his computer from the company domain. With no local accounts but Administrator (for which no one could remember the password), he was pretty much dead in the water.

Now, I'm no expert in Windows domains and their associated nuances, but I do know that one has to be careful when messing around with users (domain or local) and their associated profiles. One misstep, and Windows might decide you no longer need a user's profile (and related "My Documents", desktop files, e-mail, etc.). I found this out the hard way once...

Anyway, in remediating this situation, my first order of business was to back up the contents of the laptop's hard drive. The laptop, being a bit on the old side (circa 2000), it doesn't have Firewire (err, IEEE 1394) or USB 2.0. Old school USB 1.1 just isn't workable when trying to move 12 Gig of data, so I acquired an Adaptec AUA-1420A USB 2.0 interface card (it appears to use an NEC chipset). This connected the laptop to an external Western Digital 160 GB USB drive. (The drive has these fancy buttons for "one-touch" backup, etc. -- I just ignored all of that. There's no telling what they do or what kind of bloat the associated software introduces.)

In order to do the backup, I needed to be able to mount both the source laptop drive and the destination USB drive. Since I had no way of logging into Windows on the laptop and really wasn't interested in messing with Windows anyway until I had everything backed-up, enter KNOPPIX. KNOPPIX is a Linux "live CD", which means that the CD boots into a fully functional Linux system without needing to install anything on the computer.

KNOPPIX had no trouble booting on this older machine, a Fujitsu S-Series Lifebook S-4542 with only 256 Megs of memory. It launched into KDE at full resolution (for what that's worth), and seamlessly recognized the Adaptec USB adapter and connected external drive. The laptop's hard drive had been formatted as FAT32 (Windows 98 had been upgraded to Window NT, and from there Windows 2000: yes, it's a bit of a mess), so nothing funky was necessary to work with NTFS. (The external USB drive is also FAT32.)

Anyway, the setup made quick work of copying the entire contents of the laptop's read-only mounted 12 Gig drive from the Linux command line. (Note that KDE's file manager couldn't cope with some of the filenames.) Once done, the next task was to reset the Administrator password so I could get into Windows. A handy little utility called chntpw ("change NT password") was perfect for this task.

Basically, it edits a registry file called "SAM" (usually found in c:\windows\system32\config\) that contains Windows account information and passwords. In order to do this, though, the laptop's drive had to be re-mounted as writable (easy under KNOPPIX with FAT32, maybe a little more challenging if you're dealing with NTFS). Once I had the password reset, I was able to reboot into Windows and log right in. Fortunately, simply adding the machine back to the company domain preserved existing domain account profiles -- it wasn't necessary to trick Windows by renaming profile directories. Everything was back to normal, and I had a happy customer.

Needless to say, KNOPPIX proved to be a quick and capable out-of-the-box solution to a computer rescue task: those Germans have done an excellent job. However, have no illusions about the security of passwords on your computer: unless you're encrypting your data, when physical access is possible, getting to a computer's contents is trivial.

« Return to Home
© 2006 Ętherwide, LLC. All rights reserved.