Administrator account gone...totally stumped!

jakt · Dec 13, 2008

Ok let me take a deep breath before I begin... :sleepy:

So this all started with running NewSID from SysInternals on my Vista64 machine. Yes I knew the risks, but it seemed 50/50 from what I had read on other forums around the Internet so I went ahead and took my chances with it.

Sure enough, NewSID hung up just like a lot of people said it would, and I was forced to kill the process and restart. NewSID seemed to do its job, as my PC thought it had been started for the first time, only some things were very odd.

My original Administrator account had been demoted to a guest account. This is the only account available at my log in screen. Looking under my Users folder, I see my old user account folder jakt, and a second folder called jakt.jakt-pc. (This is in the format of <user>.<domain>) All my data remains. Files are all there, programs all still run fine, drivers still intact. Under my Local Users and Groups in Computer Management, I see only two users in my Administrators usergroup. S-1-5-21-XXXXXXXXXX-XXXXXXX-1000 and S-1-5-21-XXXXXXXXXX-XXXXXX-500. I believe this is my previous SID before running the NewSID utility. No clue where this came from, or how to log in under this account, or if it is even possible to use this account.

So...after a few hours of messing around and unsuccessfully being able to restore my old account to Adminitrator priviledges, I figure I am just going to try and undo this entire operation.

First, I try to start System Restore. I was not so confident to not create a restore point before attmpting to create a new SID. Sadly, this does me no good as I am greeted with an error on start up of System Restore which reads, "Class not registered (0x80040154)". This repeats endlessly and there is no getting in to System Restore. Bummer.

Ok fine, we will just do this Rambo style and insert the installation CD I said to myself. Again I am greeted with an error message. "0x000000e9 I/O error" . It goes on to say something about errors with removable storage or hard drives or cd roms which may be failing. Well I dont have any removable storage connected, and I am pretty sure my hardware is good to go. Anyways, I am guessing the disc is bad. I tried to get the autorun.inf to load in Windows and it gives me corruption error messages there, so I guess the disc is bad. Double bummer. :cry:

I also tried doing the whole F8 thing at boot up and looking for some options there and there was nothing that seemed helpful. Triple bummer. :sa:

I guess my question is, what now? Honestly I wouldnt even mind reformtting at this point. I would rather not, but I have all my important stuff on a separate partition so its no biggy if I have to. Although that will be difficult when my disc wont even take me into Repair/Install. I am really just looking for a way to elevate my original account to Administrator priviledges from a guest account, or some way to run a repair on my Vista installation and get things back to normal or how I had them before all this, also diffucult without a working Repair disc. Any ideas?

Sorry for the novel, but being a PC fix it man myself, thee is nothing worse than those who provide too little information.

Flavius · Dec 13, 2008

jakt said:
we will just do this Rambo style and insert the installation CD I said to myself. Again I am greeted with an error message. "0x000000e9 I/O error"

+

how I had them before all this, also diffucult without a working Repair disc. Any ideas?

So I don't know how to add you to Administrators group but I know how to remotly enable build-in Administrator account by using DVD Vista,or by using LiveCD build on any Windows-if you can't boot DVD Vista you have to create LiveCD on Vista of course on other computer ->to do it I suggest to use WinBuilder ->WinBuilder
If you'll have LiveCD yo have to boot it and load to registry SAM file from C:\Windows\System32 to HKLM for example as REM_SAM (your choose)...

see more:
1.How to edit registry remotly ->http://www.vistax64.com/general-discussion/191151-cant-delete-registry-key-2.html (from post 17)
2.Post 2 from this thread http://www.vistax64.com/vista-account-administration/183835-how-enable-system-administrator.html

But if you'll gain administrative rights I don't know what later....You may have registry corrupted :confused:

wysiwyg · Dec 13, 2008

jakt said:
I am really just looking for a way to elevate my original account to Administrator priviledges from a guest account,

Have you tried lusrmgr.msc...select Users...Administrator

Flavius · Dec 13, 2008

wysiwyg said:
jakt said:

I am really just looking for a way to elevate my original account to Administrator priviledges from a guest account,

Click to expand...

Have you tried lusrmgr.msc...select Users...Administrator

How he can do that then he lost administrative previlleges

?

jakt said:
My original Administrator account had been demoted to a guest account. This is the only account available at my log in screen. Looking under my Users folder, I see my old user account folder jakt, and a second folder called jakt.jakt-pc. (This is in the format of <user>.<domain>) All my data remains. Files are all there, programs all still run fine, drivers still intact. Under my Local Users and Groups in Computer Management, I see only two users in my Administrators usergroup. S-1-5-21-XXXXXXXXXX-XXXXXXX-1000 and S-1-5-21-XXXXXXXXXX-XXXXXX-500. I believe this is my previous SID before running the NewSID utility. No clue where this came from, or how to log in under this account, or if it is even possible to use this account.

wysiwyg · Dec 13, 2008

I can be accessed from a guest account.

Flavius · Dec 13, 2008

wysiwyg said:
I can be accessed from a guest account.

Yes but only to read (he has already).Only administrators can modified anyone there.Whats happend if any limited user can add yourself to administrators group -you seem prefer permissions escalation :D

Brink · Dec 13, 2008

Hello Jakt, and welcome to Vista Forums.

Usually when there is not an administrator account available, you can boot into Safe Mode which should log on as the built-in Administrator account. From within the built-in Administrator account you shoul be able to change the account type back to administrator for your account.

Hope this helps,
Shawn

jakt · Dec 13, 2008

Brink said:
Hello Jakt, and welcome to Vista Forums.

Usually when there is not an administrator account available, you can boot into Safe Mode which should log on as the built-in Administrator account. From within the built-in Administrator account you shoul be able to change the account type back to administrator for your account.

Hope this helps,
Shawn

Well this is what happens in safe mode...

At the log in screen I am shown jakt and Other Users. Jakt was obviously demoted to guest so I click other users, type in Administrator and log in. I check the permissions on this account and it is guest as well. No admin privilidges even on the failsafe admin account.

coolnewyorker · Dec 13, 2008

Safe mode will show the hiding built in Administrator and all other users. Log in as administrator, go to Control Panel to User Accounts and change any one's account.

BTW, there is also built in Guest Account that has to be turned on if need be for....guests. And it is always Standard account. There is only one Guest account, the rest are other names (NOT Guest) who use the same PC (Users)and can be either Standard or Administrator

Kenz · Dec 14, 2008

Hi Jakt,

I just ran into the exact same problem last night. Ran NewSid and it froze, I closed it and restarted the computer and found my personal account (the only account on this computer, and with admin privilege) turned into a guest account, and all my files locked up in "C:\User\Oldaccount\" and only now able to access the new "c:\user\oldaccount.oldaccount-homepc\"

Here are the list of things I have tried, with no luck:

1. Logged onto safe mode and into the hidden Administrator account, and found that it too was demoted to guest privileges (So now I don't have any account on Vista with admin powers)

2. Tried to perform windows system restore, but the program refused to run. (Gives a Class not registered (0x80040154) error). Then I also tried the F8 options and startup repairs, nothing seems to work.

3. Used a linux-based offline registry editor and checked "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList", found my new profile there under the new SID with its ProfileImagePath pointed to "c:\user\oldaccount.oldaccount-homepc". I changed that value to "c:\user\oldaccount" and restarted, but windows simply gave me an error, something along the lines of "failure to load account" and automatically created a temporary account (another guest),

Not sure what else I can do at this point, I finally managed to pull my files from c:\user\oldaccount using a linux boot disc. There are several things that I think might help but have no idea how to do:

1. I can see my old profile listed under the old SID in the aforementioned registry path, so I wonder if I can change the SID back. NewSid won't work without an admin's account so I will have to either change it manually in the registry using the linux boot disc, or find another SID changer that can change the windows registry SID in a linux environment. I have no idea about both.

2. I'm considering reinstalling windows at this point, but my HP pavilion only comes with a recovery partition, with the option of a factory restore. I guess that will delete all of my files. I have two partitions aside from the recovery drive, C: and D:. Will a factory restore wipe both? Is there any way to reinstall vista without deleting all my files? I don't mind reinstalling all the software, but it would be a pain to back up all the saved files onto a removable.

I would appreciate any help and tips, this problem is seriously driving me crazy

thanks

Flavius · Dec 14, 2008

Kenz said:
Logged onto safe mode and into the hidden Administrator account, and found that it too was demoted to guest privileges

If registry is very seriously damaged DVD Vista can reject use System Restore

If you have any registry copy - not *.reg file only registry files (even very old,on allive system fresh registry copy create ERUNT->ERUNT and NTREGOPT):BCD-Template,COMPONENTS,DEFAULT,SAM,SECURITY,SOFTWARE,SYSTEM replace original files in C:\Windows\System32\config and then use System Restore ...but you surly haven't any copy

Another rescue for you can be if you ever previous times used System Restore -after every procedure System Restore remains old registry files (also in C:\Windows\System32\config):BCD-Template_PREVIOUS,COMPONENTS_PREVIOUS,DEFAULT_PREVIOUS,SAM_PREVIOUS,SECURITY_PREVIOUS,SOFTWARE_PREVIUS,SYSTEM_PREVIUS

if you have these files rename them (cut "_PREVIOUS") and replace oryginal registry files and use System Restore

Of course there are also old registry copies in C:\Windows\System32\config\RegBack but these files are quickly overwriten by system and probably are completly unuseful

....for you

coolnewyorker · Dec 14, 2008

This is the first time I heard built in Administrator can be demoted. Is this a virus stuff? Can it be deleted manually thru regedit?

If not, what the heck....clean install. Start from clean slate factory setting and be more prudent afterwards when installing non-factory softwares...specially the free ones.

Flavius · Dec 14, 2008

coolnewyorker said:
This is the first time I heard built in Administrator can be demoted. Is this a virus stuff? Can it be deleted manually thru regedit?

If not, what the heck....clean install. Start from clean slate factory setting and be more prudent afterwards when installing non-factory softwares...specially the free ones.

There are no any virus surly.You seem underestimate how dangerous is tool NewSID :eek:-it not only penatrate in SOFTWARE hive but also in SAM,SECURITY hives (see describe NewSID v4.10 )- apart of them this tool is not designed for Vista

Kenz · Dec 14, 2008

@Flavius: One thing I don't understand is why the system won't load my profile after I editted the registry to point it to the original user account path. Is it somehow protected even when I editted it outside of Windows (using a linux boot cd)? Or am I missing something here.

Any idea what exactly NewSID does? I can try change things manually by editting the registry on the boot system if I know where SID is saved.

Flavius · Dec 14, 2008

Kenz said:
@Flavius: One thing I don't understand is why the system won't load my profile after I editted the registry to point it to the original user account path. Is it somehow protected even when I editted it outside of Windows (using a linux boot cd)? Or am I missing something here.

You have no ability to edit everything in SAM and SECURITY without meaning what you use because almost all informations in these keys are encrypted -probably you have damaged informations about users group - and nobody know how to fix.Only few people in MS can fully read SAM,SECURITY. I suggest hurry and check you have in folder C:\Windows\System32\config\RegBack any registry copy before everything happens,if you didn't many times ran system after crash may you do it.

Any idea what exactly NewSID does? I can try change things manually by editting the registry on the boot system if I know where SID is saved.

I don't know more than what is in official link.(my previous post)

coolnewyorker · Dec 14, 2008

Do I miss something here? I confess I know nothing of SID. The link Flavius supplied tells me SID forewarns users or users forewarned by microsoft against its use, why use it? Or is there a wrong/correct way of running this program...wrong way is kinda fatal?

It sounds like Microsoft's defense against bootlegging? Well, at least I learn from FORUM to stay away from SID. Thanks, Flavius.

BTW, in medical parlance, SID is also very bad news.

Kenz · Dec 14, 2008

huzzah

I managed to fix everything using the HP system restore. Since it's used before WinVista login, there was no admin privilege restrictions.

Everything seems fine now. Hopefully this helps with your problems too, try see if you can run system restore outside of vista

AntiNewSID · Nov 16, 2011

Kenz,
Hi, I am new here and I really seeking help to an issue that appears to be truly beyond my control. Could you tell me a little bit more how you managed to fixed your HP PC? I have a similar problem as the one you had. I also have a HP PC and has vista home premium OS. Unfortunately, when I bought this PC, it didn't come with any CD/DVD, just the PC, speakers, and keyboard/mouse. I didn't mind at the time, but now I lament not having a windows vista CD/DVD, or some other way to reinstall the complete system. Well, after running NewSID.exe and screwing my PC, I had no choice but to run the HP recovery system. Fortunately, I did saved all my files in advance, including windows/system32/config/RegBack. By the way, ll the regback files have an ".OLD" at the end. After initiating the Recovery System, it gave an error as the one you described in your posts. It also advised me to contact my "administrator" if the error persisted...but I AM THE ADMINISTRATOR! I have been the administrator for over 4 years. Anyway, the Recovery System was my last hope, now I don't have any idea how to regain my administrative rights. I have been demoted to the "guess" status, which I don't mind, but it's just the principle that I have no control over MY OWN files, downloads, programs, etc. I can't even run WinBuilder after I downloaded because I don't have "administrative privileges." Is there any hope to resolve this issue?

Lottiemansion · Nov 17, 2011

Hi,

I would start again with the recovery of the system & don't run NewSID.exe or the recover the reg back up.

You will need to re-installl all the additional software from new. Sorry

AntiNewSID · Nov 18, 2011

Hi Lottiemansion,
Thank you for the advice, but I have tried the recovery procedure already. It didn't work. This is what I got when I tried the HP recovery:
Recovery Manager
Factory Image Recovery
Error 0x400110020000100A
If this issue continues, please contact HP Support.

OK, this was supposedly my last hope. I logged into vista again and tried the "Restore Files" application. It gives me options, and any option I picked gave me an error: "There was an unexpected error: Class not registered (0x80040154) Please close System Restore and try again." So I tried again, and of course, it didn't work. I also tried to download the Recovery files from the HP website, but since I don't have any "privileges", I couldn't run any of the drivers/programs. Actually, I can't install ANY program at all. Any suggestion?

Administrator account gone...totally stumped!

New Member

My Computer

Expelled

My Computer

Member

My Computer

Expelled

My Computer

Member

My Computer

Expelled

My Computer

My Computers

New Member

My Computer

Banned

My Computer

New Member

My Computer

Expelled

My Computer

Banned

My Computer

Expelled

My Computer

New Member

My Computer

Expelled

My Computer

Banned

My Computer

New Member

My Computer

New Member

My Computer

My Computer

New Member

My Computer