Personal laptop joined to domain with expired cached credentials

majestic_pecanmajestic_pecan Member Posts: 38 ■■□□□□□□□□
I'm hoping someone can help me out here and that there's a command I've forgotten about...
I have a friend who purchased a laptop and immediately joined it to the domain where he worked. He stopped working there, but never thought to unjoin his PC from the company domain. For the last 90 or so days, he's been logging in with cached credentials. Now, the credentials have expired and he cannot login to the PC at all. He doesn't know/remember the local administrator account username or password.
Is there a way to use the command line in PXE to unjoin this machine from the domain (which he no longer has access to) or am I just going to have to help him use a third party password recovery tool at this point?
OS is Windows 8.1, machine is Lenovo Thinkpad.
2016 GOALS:
Linux+
Wireshark
New job...

Comments

  • scaredoftestsscaredoftests Security +, ITIL Foundation, MPT, EPO, ACAS, HTL behind youMod Posts: 2,752 Mod
    Go into safe mode, no networking?
    Never let your fear decide your fate....
  • Mike7Mike7 Member Posts: 1,074 ■■■■□□□□□□
    Since he does not know his local admin account, his domain account credentials has expired, and he has stopped working at the company, get a third party tool to reset local admin password.
  • gespensterngespenstern Member Posts: 1,243 ■■■■■■■□□□
    ^ but watch out for bitlocker and/or EFS. Bitlocker, which many companies use, will totally prevent you from resetting a password and, unless you know your bitlocker key, your only option in this case is scrap this windows installation and install from scratch. EFS encrypted files will be lost after resetting a password with a 3-rd party tool.

    And... hopefully lesson will be learned and your buddy will show more responsible approach to this matter next time...
  • cyberguyprcyberguypr Senior Member Mod Posts: 6,882 Mod
    Ah! The beauty that BYOD is (NOT). I don't know what troubles me more, people joining their PCs to corporate domains or companies letting people do this.
  • MideMide Member Posts: 61 ■■□□□□□□□□
    Just DL a tool to a CD to break into the SAM DB and clear the password.
  • srabieesrabiee Member Posts: 1,231 ■■■■■■■□□□
    Hiren's Boot CD has tools to allow you to reset the local administrator account.
    WGU Progress: Master of Science - Information Technology Management (Start Date: February 1, 2015)
    Completed: LYT2, TFT2, JIT2, MCT2, LZT2, SJT2 (17 CU's)
    Required: FXT2, MAT2, MBT2, C391, C392 (13 CU's)

    Bachelor of Science - Information Technology Network Design & Management (WGU - Completed August 2014)
  • majestic_pecanmajestic_pecan Member Posts: 38 ■■□□□□□□□□
    ^ but watch out for bitlocker and/or EFS. Bitlocker, which many companies use, will totally prevent you from resetting a password and, unless you know your bitlocker key, your only option in this case is scrap this windows installation and install from scratch. EFS encrypted files will be lost after resetting a password with a 3-rd party tool.

    This was precisely what happened. Luckily he was able to call his old company's help desk and they provided him with the Bitlocker recovery key.
    Afterwards I came across an interesting (?) workaround in Windows 8 which allowed me to replace the Ease of Access application at the log on screen with the command prompt, use said command prompt to create a user and add it to the local admin group and get him in to unjoin the PC. Seems very vulnerable to a hacker though.
    Thanks guys.
    2016 GOALS:
    Linux+
    Wireshark
    New job...
  • OctalDumpOctalDump Member Posts: 1,722
    Afterwards I came across an interesting (?) workaround in Windows 8 which allowed me to replace the Ease of Access application at the log on screen with the command prompt, use said command prompt to create a user and add it to the local admin group and get him in to unjoin the PC. Seems very vulnerable to a hacker though.
    Thanks guys.

    Once the hacker has physical access to the device, game over. Could use the TPM to encrypt the drive.
    2017 Goals - Something Cisco, Something Linux, Agile PM
  • maelstrom3530maelstrom3530 Member Posts: 40 ■■□□□□□□□□
    Yeah that's the whole point of BitLocker. Without being able to decrypt the drive, good luck replacing Ease of Access with cmd.exe.
    2015 Goals: [X] ICND2 [X]70-680 [X]70-685 [X]70-640
    2016 Goals: [X]70-410 [X]70-411
    2017 Goals: [X]70-412
    2018 Goals: [_]70-697 [_]70-698
Sign In or Register to comment.