Gaining Admin access when you have forgotten the Admin password

A common occurance with all the family home computer users I support is that I will arrive on site, a problem is described that requires admin access but they have forgotten their admin password!

The way round this is to create another admin user within safe mode.

This works for Windows 7:

Restart the PC

Hold the F8 key down until you see the Windows Boot Menu

Choose Safe mode with Command Prompt

Wait for windows to boot and eventually you should be presented with a command prompt.

Add a new user (‘root’ in our case) using the following command:

net use root /add

Add the new user to the Administrators group:

net localgroup Administrators root /add

Delete the use from the limited users group:

net localgroup Users root /delete

Reboot the machine and you should now see a new user available at the logon screen. Logon with the new user and you can then change the password of the original admin user in the normal way (control panel, users).

You might also want to logoff, logon as original admin user and delete the new user you just created in the normal way (control panel, users) – just to tidy things up and not have multiple admin users hanging about.

 

BreakthePaywall now available in Google Chrome

BreakthePaywall is now available as a Google Chrome Extension.

Visit the Breakthepaywall home page: http://www.breakthepaywall.com

Or search in the Chrome store for ‘BreakthePaywall’

Or click this direct link: 

https://chrome.google.com/webstore/detail/breakthepaywall/ddlcmnkkbojfnfclfhbdfkcmhfaebhgc

The Chrome version utilises referer and agent hacks but does not perform any cookie deletion or other storage manipulation. However, this should be enough for most paywall websites.

The Extension adds a simple BTPW button to the Chrome toolbar which you can use to toggle BreakthePaywall on and off. When it’s coloured blue it’s on and grey is off.

Completely disable IPv6 in Windows

You can’t get rid of IPv6 stuff from windows completely but you can effectively turn it off.

IPv6 seems to cause all sorts of problems under Windows and in most cases nobody needs it – yet….the fear is that IPv4 IP numbers are running out and therefore we have to start moving to IPv6 with it’s huge address range (IPv4 just under 4.3billion addresses, IPv6 3.4×1038 or 340 undecillion i.e. vastly more).

However, apart from the fact that there are still masses of unused IPv4 addresses and address ranges out there – I personally know of 2 class C address ranges for companies that I have worked for in the past, handed back to the ISP when not required anymore and are still listed under that companies name as being used – the software and hardware manufacturers need to make easy to transition and co-exist with both address ranges, otherwise it just aint gonna happen. And this is where MS windows seems to fall down in it’s implementation.

My view is, if you don’t need IPv6 yet then turn it off until you do.

My investigations of how to do this were prompted by noticing rogue network adapters listed under Windows 7 AND 8. Running IPCONFIG in the command prompt brought up several strangly named adapters with names such as Toredo tunneling adapter, MS ISATAP adapter.

The toredo adpaters are described on Wikipedia as:

In computer networking, Teredo is a transition technology that gives full IPv6 connectivity for IPv6-capable hosts which are on the IPv4 Internet but which have no direct native connection to an IPv6 network. Compared to other similar protocols its distinguishing feature is that it is able to perform its function even from behind network address translation (NAT) devices such as home routers.

https://en.wikipedia.org/wiki/Teredo_tunneling

And ISATAP:

ISATAP (Intra-Site Automatic Tunnel Addressing Protocol) is an IPv6 transition mechanism meant to transmit IPv6 packets between dual-stack nodes on top of an IPv4 network.

https://en.wikipedia.org/wiki/ISATAP

I would say that both those functions are better suited to gateway devices i.e routers and switches. Most people on home or business networks will carry on using IPv4 locally for ever – there is no need to upgrade to IPv6 addressing on these networks. Therefore, the translation of one addressing schema to another should be carried out at the edge of these networks – on the hardware devices that connect us to the rest of the internet.

So to get rid of these adapters and turn off IPv6 this is what I have gathered so far:

The Toredo and ISATAP adapters are invoked on demand but stay in your system. They are not listed in the normal Network and Sharing centres network connections. They only appear under and IPCONFIG command or within the device manager as hidden devices:

  • Goto device manager under the control panel.
  • Select Show hidden devices from the View menu.
  • Right click on Toredo or MS ISATAP adapters and select uninstall.

Next you need to disable IPv6 on all network connections.

  • Goto Network and Sharing centre in the control panel.
  • Select Change adapter settings from the left hand side.
  • Right click on each adapter and select properties.
  • Untick the TCP/IPv6 component:

IPv6.png

Make sure you do this on all adapters including virtual ones.

Next you need to add a registry entry under the following registry key:

  • [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetservicesTCPIP6Parameters]
  • Add A Dword parameter named: DisabledComponents
  • With the value: ffffffff

This is documented here: http://support.microsoft.com/kb/929852 expand the Disable IPv6 entry and the bottom of the article for a full list of parameter values.

As far as I know that’s about as far as you can go at present at disabling IPv6.

Bittorrent Sync Rocks!

In the past I contantly struggled with keeping my PC’s and devices up to date with all the stuff I needed on them.

The best way to do this was to use some kind of replication program for copying files between devices. I’ve tried most, if not all, of these programs from ones that simply don’t work – MS Synctoy – to ones that do but are hugely expensive – Peersync.

And then, along comes Bittorrent sync, and it doesn’t disappoint.

BTSync uses the Bittorrent protocol to replicate files over any network – local, VPN or internet.

All data is encrypted. You can have one way or bi-directional synching. And it’s one of the simplest programs I have ever used.

To setup a sync simply add a folder to sync. Browse to the folder you want to sync and click the Generate button to create the keys. This will create 2 cryptographic keys – one for full access (bi-directional) and one for read only (one direction). You can view the keys by selecting the folder and hitting Info – copy the relevant key and then on the other device or PC create a folder where the files will be synched to and add this folder to BTSync but don’t hit the generate key – instead paste the relevant key in to the box (how you get the key from one device to another is up to you – if local then just copy and paste, if remote then print out and type in manually, or send via secure email). The synchronisation is now set up and you will see the synching starting. That’s it!

As with all synching programs it may be best to copy the contents from one device to another first – the synching program doesn’t then have to take ages doing the initial sync.

You will soon notice that BTSync only kicks in when your machine is idle. Any changes to files are picked up automatically and if you have it set to start when the machine starts then an initial sync will take place once logged on. Notifications popup showing what is happening – when you are confidant all is ok you can switch off the notifications.

This is just marvellous stuff but what was even more surprising was when I got BTSync installed on my NAS drives. Not all NAS devices have a BTSync app that you can install – Netgear did at the time of writing.

Via a web interface you can setup syncs just like in the normal program.

I setup a repository for My Documents folder under windows – bi-directional sync between my desktop My Documents and the NAS drive and also to my Laptop. That’s right, you can have multiple devices participating in the synchronisation – setup the folder on the NAS device and create the keys there, then on the desktop and laptop simply create a sync using My Documents as the folder and enter the full access key.

Not only does this instantly synchronise my documents folder between machines as soon as changes are made it also does it automatically over the Internet. When i’m out and about with my laptop and i’m connected to the internet (via wi-fi for instance but could just as easily work over mobile network) BTSync will synchronise with my NAS device bi-directionally. Just fantastic!

The only thing BTSync falls down on is not being able to synchronise with offline devices e.g. an external backup disk. It’s just not designed for that scenario. Of course you could synchronise between 2 NAS devices over the Internet. But for general offline backup you still need the old mathod – Peersync workstation being the best choice.

There’s also no way to force a synchronisation it just does it when it can – it does initialise a full sync every 10 mins (this is an option that you can change to any time preferred in the preferences).

But for the kind of application described above it just rocks! And, it’s free!

 

Getting rid of Windows 7 HomeGroup

Homegroup is a Microsoft product that comes with Windows 7 and is turned on by default even though you don’t need it.

It is purely there to accomodate easier sharing between windows 7 machines on a local network but you can do that anyway using mapped drives between machines or to a NAS drive and/or replication.

It also uses up resources on your PC and I have found causes problems with wifi connected devices.

So, if like me you like to control things yourself then to get rid of homegroup:

  • Goto to Network and Sharing Centre in control panel.
  • Select Choose Homegroup and Sharing Options.
  • If it states you are part of a Homegroup then select leave Homegroup.

You might also want to check your advanced sharing options at this point:

  • Select Change Advanced Sharing settings…
  • Expand the Home or Work option.
  • Network discovery should be enabled.
  • Set Printer sharing as desired.
  • Turn off Public Folder sharing.
  • You should turn on encryption.
  • You should turn on password protection.
  • Use User accounts and Passwords to connect.

So far ok but you will probably notice that you still get the Homegroup option listed in the Explorer app – to get rid of that you need to stop the Homegroup services:

  • Got Administrative Tools under Control Panel
  • Select Services.
  • Find the Homegroup Listener and Homegroup Provider services.
  • Stop the service and set to disabled so that they do not turn on again.

The homegroup option should now have disappeared from the Explorer window.

 

Switching to local account from Microsoft account and deleting your synched settings

I setup another Windows 8 machine and used my Microsoft account as the logon account.

I have been meaning to change the logon on my Surface Pro from Microsoft account to a local account for some time as I use it when travelling and everyone can see my email address on the logon screen and possibly workout my password when I type it in – that would give someone access to quite a bit of stuff!

Upon logging in on the new machine, to my surprise, the start screen and desktop settings were all the same as on my Surface Pro – I had inadvertently allowed windows to sync to Microsoft’s skydrive cloud service which allows synching between all windows 8 devices.

I don’t need that so I found out how to stop the synching and how to delete the information already held in the cloud.

I didn’t want to keep my Microsoft account as the logon account so decided I needed to switch to a local account but I did not want to lose all my settings, particularly my customised start screen. As it turns out this is easy to do:

Swipe from the right and choose settings at the bottom, then choose Change PC Settings from the bottom.

On Windows 8 you will need to choose Users and then choose Switch to Local account.

On Windows 8.1 you will need to choose Accounts and then choose Disconnect.

You will be prompted for your Microsoft Account password and then will be asked to provide your local account username and password.

The system will restart and that’s it.

To delete your settings in the cloud make sure you have no devices synching with your Microsoft Account and then go to this link:

https://skydrive.live.com/P.mvc#!/win8personalsettingsprivacy/

Logon with your Microsoft Account and choose to Delete Your Settings from SkyDrive.

That’s it!

Desktop version of IE broken after upgrading to Windows 8.1

Just upgraded my Surface Pro to Windows 8.1 at the weekend and had problems with desktop version of IE.
 
The 8.1. upgrade updates IE to version 11 from version 10 and by default Enhanced Protected Mode is switched on – even if you had it off in IE10 (default for IE10 was off).
 
After upgrading when I first started IE I got messages about add-ons being incompatible with Enhanced Protected Mode and I couldn’t do anything, browse the web or get options up.

Managed to get into Internet Options via Control Panel and noticed in Manage Add-ons that various add-ons including Lastpass, Evernote and even MS add-ons were listed as incompatible.
 
MS confirmed that this is switched on by default in IE11 but that not all add-ons including their own will be compatible.

I uninstalled any addons programmes I knew about, reset the settings for IE, unticked Enhanced Protected Mode (Internet Options, Advanced tab, Security section). Everything was then ok so I re-installed my add-on programmes.

I did a bit of additional testing – latest version of Lastpass was ok with enhanced protected mode switched on but latest Evernote (V5.0.2) was not.

So looks like best thing to do for now is switch Enhanced Protected Mode option off.

My test version of BreakThePaywall for Windows 8 was listed as disabled in Enhanced Protected Mode – this was almost ready for release but looks like I will have to make it compatible with Enhanced Protected Mode first. (http://www.breakthepaywall.com). Will try and get this rolled out before they release IE11 on Windows 7 as well.