Search Windows Registry

Perhaps even more interesting is that RegScanner offers some very useful search options. For instance, you can limit your search to keys that were modified within a certain time range. This is helpful if you installed a program recently and you only want to find Registry keys that belong to this program.

Moreover, you can limit your search to specific base keys (HKEY_LOCAL_MACHINE, HKEY_CURRENT_USER, etc.) and to Registry types (REG_SZ, REG_DWORD, etc.). Also useful is that RegScanner can show the values that belong to keys that contain the search term. You can also restrict the search results to show only keys (no values).

Find Windows Registry entries

What I like about RegScanner is that you can launch another search within the found entries. This is helpful with complex search patterns—for example, if you have to narrow your search to entries of a specific vendor.

Edit Windows Registry

Once you found the Registry entry, you can edit it in regedit by pressing F8 or through RegScanner’s context menu. This distinguishes RegScanner from the Registry editor RegAlyzer, which I reviewed a while back. RegScanner is merely a Registry search tool and not a Registry editor.

Delete Registry entries

However, you can delete Registry entries (keys/values) conveniently with RegScanner. The Registry search tool allows you to mark entries in the result window by clicking them while pressing the CTRL key. You can then delete the entries in one go. This feature comes in handy if you want to quickly get rid of the Registry entries of a certain application.

Export Registry entries

You probably know that you can export Windows Registry entries with regedit to .reg files, which you can then import on another machine. You can also do this in RegScanner. However, this nifty Registry search tool also allows you to select multiple Registry entries in the results pane and then export them into one .reg file. You can also copy multiple entries to the Windows clipboard or to a text file.

I tested RegScanner v1.82.

RegScanner

• Regedit as offline Registry editor (2)
• Free Registry Defrag – Defragment the Windows registry (3)
• FREE: CCleaner – Improve Windows performance by removing unnecessary files and registry entries (5)
• FREE: EMSA Register DLL Tool – Register programs with a GUI (2)
• FREE: AccessEnum – Displays directory and registry permissions (0)

For me, the biggest advantage is that I can run HyperV on it. There are many virtualization products that run under Windows 7, but none of them runs as smoothly and as seamlessly as HyperV does. With almost any of those products, I ran into stability, performance, or manageability issues.

Besides that, I see configurations where people run Windows 7 and a virtualized Windows Server 2008 R2 on their workstation. Very often, this Server has only a single limited task; e.g., delivering AD services, run SharePoint, etc. If they would use Windows Server 2008 R2 instead of Windows 7, there would be no need to have a virtualization environment at all. The spare resources could be used elsewhere.

It often seems that some people believe that Windows Server 2008 R2 can’t run Desktop applications properly. This isn’t true at all – I haven’t run into any driver issues even with the Laptops I installed Windows Server 2008 R2.

To have a proper Desktop experience, I recommend the following configuration changes:

1. Install “Wireless LAN Service”

Windows Server 2008 R2 doesn’t have the WLAN AutoConfig utility installed out of the box. If you want to use WLAN, make sure to add the Feature “Wireless LAN Service” in the “Server Manager”.

2. Logon without pressing Ctrl+Alt+Del

This is just a small annoyance, but can be fixed easily: Open “Local Security Policy” under “Administrative Tools”. In the editor, expand “Local Policies” and click “Security Options”. In the right pane, search and enable “Interactive logon: Do not require CTRL+ALT+DEL”.

3. Disable “Shutdown Event Tracker”

When you shut down Windows Server 2008, you are asked to give a reason for the shutdown. This is quite annoying, so I would recommend disabling it: Open the “Group Policy Editor”. In the “Local Computer Policies”, browse to “Administrative Templates/Computer Configuration/System”, locate the policy “Display Shutdown Event Tracker” and disable it.

4. Grant users the shutdown right

Windows Server is preconfigured to disallow users the shutdown of the system. If you work without an administrator account, this is quite uncomfortable. To grant users the shutdown- privilege, you have to follow these steps: Open the “Group Policy Editor”. In the “Local Computer Policies”, browse to “Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment” and add the User to the “Shut down the system” policy. If you want to grant this right to every user, enter “Interactive” in the “Select Users or Group” dialog.

5. Disable “Internet Enhanced Security”

This feature is one of the most annoying I know. It is the first – and only – security option I disable right after the installation process has finished, because the Enhanced Security makes the Internet Explorer practically unusable: Open the “Server Manager” and locate “Security Information”. In the menu on the right-hand side, click “Configure IE ESC”. In the window that pops up, select “Off” for either administrators or users, depending on how you want to configure your workstation.

6. Enable Sound

Sometimes you want to listen to podcasts or other stuff on your workstation. However, Windows Server doesn’t automatically start the audio service, so you have to configure it: Open the service management console and locate the service “Windows Audio”. In the properties dialog, set the “Startup type” to “Automatic”. If you don’t want to wait for the next reboot, you have to click on “Start” to directly launch the service.

7. Prioritize Applications

Windows 2008 R2 Server usually prioritizes background processes. This is not a favorable setting for workstations, because you want your applications to be as responsive as possible. To give applications top priority, you have to follow these steps: Open “Start Menu” and choose “Properties” from the context menu of “Computer”. Click on “Advanced Settings”, and in the freshly opened window, click on the button “Settings” under “Performance”. In the “Advanced Tab”, choose “Program” under “Processor Scheduling”.

8. The Desktop Experience feature

If you want a shiny Aero-capable workstation with multimedia support, you have to add the feature “Desktop Experience”. It includes the following Windows 7 components: Windows Media Player, Desktop themes, Video for Windows (AVI support), Windows SideShow, Windows Defender, Disk Cleanup, Sync Center, Sound Recorder, Character Map, and Snipping Tool. There are no themes installed by default, but you can visit Microsoft Windows 7 Theme homepage and download your favorite theme.

Now finish setting up the missing software and start to enjoy your new workstation. It will feel a bit awkward to use Windows Server 2008 R2 at first, but after you get used to it, I assure you that you’ll agree with me that there is no better OS for a workstation than Windows Server 2008 R2.

• Active Directory Recycle Bin – Restoring deleted AD objects in Windows Server 2008 R2 (2)
• Active Directory Recycle Bin – Restore AD objects in Windows Server 2003/2008 (0)
• Windows Server 2008 R2 Server Core – Sconfig and other new features (2)
• How to raise the Active Directory domain functional level to Server 2008 R2 – Part 1 (0)
• Windows Server 2008 R2 – All 4sysops reviews (0)

One of the disadvantages of WSUS is that clients can only pull updates. With WuInstall , you can push urgent updates to clients at your convenience. This lets you control exactly when Windows clients and servers receive specific updates.

Actually, WuInstall also pulls the updates from a WSUS server or Windows Update. However, since the updates are installed whenever you run the command on a client, you can write a script that centrally forces machines to download and install updates immediately. Thus, essentially, you can push Windows updates to clients with WuInstall.

The problem with this procedure is that, depending on the size of your network, quite a few machines will start downloading updates simultaneously. If you have no WSUS server, then your Internet connection might get clogged.

WuInstall’s new cache feature allows you to download Windows updates to a network share. Clients can then get their updates from this central location. This procedure is particularly useful for branch offices where you have no local WSUS server. Even though WuInstall works perfectly with WSUS, this new caching feature also allows you to replace WSUS with your own script-based patch management software.

This command caches the updates to a central network share:

wuInstall /install_cache \\your_server\network_share

This not only downloads the updates but also installs them on the client where you run the command. If you run the same command on a second client, it will check first whether the updates are already available on the network share. If they are, it will just start with the installation. If they are not, it will download them first to the cache, so other clients can get them from there in the future.

WuInstall offers quite a few command options that let you control which updates will be pushed to clients. If you use these options together with the new cache feature, WuInstall will only download the corresponding updates. Hence, if you have different patch management rules for the computers in your network, the cache will only contain the updates that have been required at least once. I think this an efficient way to manage updates.

The WuInstall documentation describes the main features of this nifty patch management command. The WuInstall Pro page gives you an overview of the new features. Please note that there is also a free version of WuInstall that doesn’t offer the new caching feature.

• FREE: Remote Reboot X – The ultimate WSUS companion tool (0)
• Contest: WuInstall 1.2 Pro – Install Windows updates on the command line and in scripts (7)
• FREE: WuInstall – Install Windows updates using a command line script (6)
• FREE: Secunia PSI – Scan for software vulnerabilities (3)
• FREE: Belarc Advisor – Builds a profile of your PC (3)

However, if you just have to read the data from your USB stick on Windows XP or Vista, there is a simple solution for that limitation. It is called BitLocker to Go Reader and can be downloaded here. It is quite interesting that the tool does not need Windows XP Professional or Windows Vista Business to run since BitLocker to Go is only included in the Enterprise and Ultimate versions of Windows 7. Despite that, there is one other limitation: The tool only works with FAT file systems. So if you use NTFS on your USB sticks, you have to convert it to FAT before you can use them with BitLocker to Go Reader.

Once you have installed the application, it recognizes BitLocker-protected USB sticks and flash cards as soon as you plug them into the computer. You are automatically asked to enter the password for the device. After you have entered the correct password, you can access the encrypted data.

• SysKey – Prevent Windows password cracks (1)
• 3 ways how to prevent cleaning lady hacks (4)
• Kon-Boot – The fastest way to remove a Windows password (8)
• FREE: CleanAfterMe – Erase computer history (5)
• FREE: Service and Scheduled Task User Manager – Change service accounts passwords (0)

I will first show you what you can do with the SysKey utility and then discuss how much extra security SysKey protection really brings.

The SAM database is part of the Windows Registry and stores information about user accounts such as user names and password hashes. The corresponding Registry file is located in c:\windows\system32\config. Since Windows NT 4 SP3, the SAM file is partly encrypted. The SysKey utility allows you to move the SAM encryption key off the computer and/or configure a startup password.

Using the SysKey utility

To launch the SysKey utility, type “syskey” at the Start Search prompt of Windows Vista or Windows 7, or use the “run” option of the Windows XP Start Menu.

To move the SAM encryption key off the computer, you have, click “Store Startup Key on Floppy Disk.” The tool claims that you will need to insert a floppy disk on startup, which is not really true. Modern computers no longer have floppies, and this storage medium isn’t reliable enough anyway. You can also store the SAM encryption key on a USB flash drive.

However, the USB stick has to be mounted on drive “A:”. You can assign this drive letter to your thumb drive in Windows Disk Management. If the drive letter A is not available, you have to first disable the floppy disk in the computer BIOS.

The SysKey utility will then allow you to store a file with the name StartKey.Key on your USB drive. This file contains the SAM encryption key. Without it, you won’t be able to log on in the future. Thus, whenever you boot up your computer, you have to insert this USB stick. Windows will always automatically load the encryption key from drive A:, and if you set a password with the SysKey utility, you will have to enter this password whenever you boot up the computer.

What extra security does the SysKey utility bring?

First of all, neither storing the SAM encryption key on an external drive nor protecting it with a password can prevent tools such Kon-Boot or the Trinity Rescue Kit from manipulating the SAM database. These tools are still able to set an empty password on all accounts. However, after such a manipulation, it is not possible to boot up Windows without the encryption key on the USB drive or without the startup password.

Hence, this method will prevent the majority of wannabe hackers from logging on to the computer with administrator privileges. It won’t, however, stop real hackers. As long as an attacker has physical access to an unencrypted system drive, everything is doable because every system file can be replaced as I demonstrated in my article about the Sticky Key trick. By the way, this trick will no longer work if you secure the SAM encryption key because an attacker wouldn’t be able to reach the logon screen without access to the encryption key.

So does it make sense to protect all your PCs with the SysKey utility? I don’t think so. The fact that the tool tries to store the encryption key on a floppy disk shows that this method is a bit outdated. It is too much hassle for your users to mess with a USB stick or to use an additional password compared to the extra protection the tool offers.

However, I think, the SysKey utility is still useful in some environments. For instance, you can use the tool to protect laptops or servers where you don’t want to disable booting from external drives or where many people would have the time to open the PC and access the system drive. It might also make sense to protect your own PC this way. Wouldn’t it be embarrassing if your colleague’s eight-year-old daughter hacks your PC while you take a coffee break?

The point is that 99% of all kids out there who call themselves hackers know about Kon-Boot and the myriad of similar tools, but they don’t know how to handle SysKey. SysKey was originally introduced to prevent hackers from cracking passwords in the SAM database with brute force attacks. And popular hacking tools such SAMInside still can’t handle a protected SAM encryption key.

Of course, SysKey can’t stop the bad guys and gals disguised with vacuum cleaners from shoving some nasty rootkits on the system drives of your PCs. But BitLocker will do the job in 99.999% of all such attacks. Thus, I believe encrypting all hard drives in your organization is a must!

• FREE: BitLocker to Go Reader – Read Files Protected with BitLocker under Windows XP (1)
• 3 ways how to prevent cleaning lady hacks (4)
• 12 ways how to reset the Windows administrator password – Windows 7, Vista, Windows XP (151)
• Kon-Boot – The fastest way to remove a Windows password (8)
• FREE: CleanAfterMe – Erase computer history (5)

Why would a cleaning lady be interested in hacking your computers, you might wonder? Well, your company simply doesn’t pay her enough to resist the generous offer of the nice guy with the thick glasses who explained to her so patiently how to insert the CD. After all, it can’t be that bad to just turn on a computer for a few seconds. Even her vacuum cleaner consumes more power. She probably doesn’t know that the nearsighted young man works for one of those fast-growing industrial espionage syndicates that has been hired by one of your company’s competitors from far east (or far west).

So what can you do to prevent cleaning lady attacks, aside from bribing her with better pay? You can do at least three things:

1. Disable booting from external drives in the BIOS

This is an absolute must if security does matter at all in your company. Of course, it is inconvenient for admins to change the BIOS settings every time they have to boot up from a DVD to install a new OS image or to troubleshoot the PC. And if you deployed hundreds or thousands of PCs without disabling booting from external drives, it can mean a considerable effort to change these settings afterwards. However, well-known PC manufacturers offer central management tools for this purpose. Don’t forget to disable booting from USB drives and via PXE, too. If you really need to boot from external media, you should at least make sure that this is only possible if no operating system is installed on the hard disk. In this case hot plug for SATA drives has to be disabled. Of course you also have to configure a secure BIOS password.

2. Encrypt hard drives

Unfortunately, disabling booting from external drives isn’t enough. First of all, there are BIOS hacking tools. It is very unlikely that the cleaning lady will take this hurdle, but who knows whether the guy with the thick glasses could have foreseen this. Second, it is still possible to open the computer and connect the hard drive to a netbook to perform the hack. Okay, the cleaning lady has to put aside her vacuum cleaner for this task. However, if the system drive is encrypted, this attack will fail as well. My choice would be BitLocker, but, of course, there other options. Although ways probably exist to crack BitLocker, doing so can’t be accomplished on the fly and needs considerably more effort and expertise than even the gifted hacker with the thick glasses might have.

3. Secure the SAM database with the SysKey utility

The problem with hard drive encryption is, of course, that it can increase license and management costs considerably. Hard drive encryption is still uncommon in many organizations, most likely because many IT pros are downplaying the risks. Depending on the size of your network, deploying BitLocker can’t be accomplished overnight.

By contrast, securing the Security Accounts Management Database (SAM) with the Windows SysKey utility is a simple solution that could at least stop a cleaning lady from logging to the PC. Essentially, this tool allows you to protect Windows either with an additional password or by moving the SAM database encryption key to a secure place. In my next post, I will discuss SysKey in more detail.

• FREE: BitLocker to Go Reader – Read Files Protected with BitLocker under Windows XP (1)
• SysKey – Prevent Windows password cracks (1)
• 12 ways how to reset the Windows administrator password – Windows 7, Vista, Windows XP (151)
• Kon-Boot – The fastest way to remove a Windows password (8)
• FREE: CleanAfterMe – Erase computer history (5)

First you have to download it here. During setup, the tool checks your software and hardware configuration. Depending on this configuration it offers to install different so-called troubleshooters. After you choose which of these troubleshooters to install, you are asked if you want to create an online account. (The benefit of having an online account is that you have access to Fix it Center Online.) Here is a picture of the Troubleshooters that were selected for my system:

Click Next to finish the setup. When you start the program, you see a list of the troubleshooters that have been installed on your configuration and a button labeled Run next to them.

After you click the Run button, you are asked if the fixes should be applied automatically or if you want to manually choose which fixes to apply. If you previously chose to create a Fix it Center Online account, every action you take here and every fix that is applied is logged in the online platform. If you attach different Fix it Centers with the same account, the tool tracks the actions for each computer so you get an automatically generated and centralized report inventory for your computer problems. Here‘s a screenshot of the platform:

In the screenshot, you can see the results of an “Im prove performance, safety and security in Internet Explorer” Troubleshooter run. As you can see, the tool does perform useful checks and automatically fixed some problems. For an inexperienced user, and even for professional Service Desk staff in certain situations, the Microsoft Fix it Center would have provided some solutions. But you can also see that other problems wouldn’t have been solved. The time when computers solve their problems themselves hasn’t yet arrived.

The bottom line is that Microsoft Fix it Center is very useful for home users or small companies with no professional in-house support, as it is capable of fixing common problems. The integrated direct link to Microsoft support, the approach of a personalized support center, and the Fix it Center Online are big pluses for enterprise use. However, if you consider that running Microsoft Fix it Center on an enterprise level creates additional maintenance costs, I think the main advantage won’t be in cost reduction but in a better structured and organized problem solution. All in all, the application points in the right direction, and with additional features and Troubleshooters it might become a very valuable tool in the future. After all, it’s still in beta.

• FREE: Windows Memory Diagnostic – A memory diagnostic tool (0)
• How to disable Windows Error Reporting (0)
• Disable Windows Error Reporting? (4)
• Free Windows Error Reporting (WER) viewing tool – AppCrashView (0)
• Windows Error Reporting (WER) – View .wer files (0)

If you forgot the admin password and have no other account with administrator rights, things can get tricky. The methods and free tools explained here can reset the Windows password for all Windows versions—that is, for Windows 7, Vista, Windows XP, Windows 2000, Windows Server 2003, and Windows Server 2008 R2. In this article I only talk about the Windows client editions, but the methods also work for the corresponding server versions. The methods described here are not for resetting lost domain administrator passwords.

As system administrator, you are usually confronted with this problem if users have admin rights on their machines. Even if you don’t have to reset a password now, you should get acquainted with this issue. Rest assured that sooner or later a user will bug you with this problem. I must admit that I managed to forget my password more than once.

Note that I published this article a few years ago, but since then I updated it several times and added a few new methods. Not much of the original article is left except the numerous comments below. As you can see, forgetting the Windows password is a common problem.

1. Use your password reset disk to recover the Windows password

Vista and Windows 7 allow you to create a password reset disk, which enables you to reset your password without much hassle. The problem with this option is that you have to create the reset disk before the password is lost. Thus if you don’t have a password reset disk, this option is not for you. You can find a description of how to create a password reset disk here.

2. Restore Windows 7 or Windows Vista to a previous state

If you configured a new password recently and can still remember the password you used before, then you can restore Windows to a point in time before you changed the password. The Restore function of Windows 7 and Windows Vista will make sure that you don’t lose personal data. However, programs that have been installed since the corresponding restore point have to be installed again. All you need for this procedure is a Windows 7 or Windows Vista setup DVD. A detailed description of this method can be found here. If you are uncertain what System Restore is doing with your computer, read this first. This approach doesn’t work with Windows XP.

3. Boot up Windows XP in Safe Mode and log on with the built-in administrator account

When you installed Windows XP, you had to set a password for the Administrator account. If you still know this password, you can boot up in Safe Mode (by pressing F8 when your computer starts) and log on with the Administrator account. Read this Microsoft Knowledge Base article for more information about Safe Mode. Note that whenever you reset the password for a user using another account, this user will no longer be able to access files that have been encrypted with EFS (Encrypted File System). Stored credentials in the Windows Vault and Internet Explorer will also no longer be available. This method doesn’t work in Vista and Windows 7 because the administrator account is disabled by default in Safe Mode with these Windows versions. Below you will learn how to enable the built-in admin account in Windows 7 and Vista.

4. Use the Sticky Keys trick to reset the Windows 7, Windows Vista, and Windows XP password

The Sticky Keys trick to restore a forgotten administrator password is reliable, easy to carry out, and does not require third-party software. All you have to do is boot up from a Windows 7 or Windows Vista setup DVD, launch the Windows Recovery Environment (RE), and then replace the sethc.exe file with cmd.exe. You can also use this method for Windows XP, but you have to use a Vista or Windows 7 DVD.

5. Offline enable the built-in administrator account in Windows 7 and Vista

This method is useful if no other user account on this machine has administrator privileges. You also need a Windows setup DVD (Vista or Windows 7). With this DVD you can boot up Windows RE and edit the Registry to offline enable the built-in administrator account. Also read my article about the offline Registry editor if you don’t know how to edit the Registry in offline mode. After you enable the built-in Administrator, you can log on with this account without requiring a password and then reset the Windows password of any user account.

6. Get Petter Nordhal-Hagen’s free ntpasswd tool to reset the Windows password

The downside of this option is that you have to create a password reset CD first. Then you can boot up with this CD and manipulate the Security Accounts Manager (SAM) database. Please note that resetting the password with third-party tools can also cause data loss as described in option 4. Also note that this tool comes without any warranty. However, I’ve been using it quite a few times and never had any problem with it. The latest version also supports Windows Vista and Windows 7. The advantage of this method is that it is quick if you already have the password CD in your tool box. Thus it is useful for admins who have to perform this procedure often. In all other cases I recommend option 4. You can download the tool here.

7. Use the free Trinity Rescue Kit (TRK) to recover the admin password

The Trinity Rescue Kit (TRK) is a troubleshooting solution that belongs in every admin’s tool box. Please read my review of the Trinity Rescue Kit for more information. This great tool allows you to reset the password of Windows XP, Vista, and Windows 7. It works similar to ntpasswd. After you have booted up with the TRK CD, you have to enter the command winpass -u user_name and then follow the instructions. Sometimes setting a new password doesn’t work; in this case, just set an empty password.

8. Use the free Kon-Boot tool to remove Windows passwords

I reviewed the free Kon-Boot tool a few days ago, and I can’t really recommend it because it crashed two Windows 7 installations during my test. I mention this free password reset tool here for the sake of completeness and because it is quite famous. Its main advantage is that it is very quick. You only have to boot up from the Kon-Boot CD and the tool will do the rest for you. It removes passwords from all accounts.

9. Use the free NTPWEdit tool to reset the Windows password

Especially if your computer doesn’t have a CD or DVD drive, you have to create a bootable Windows USB flash drive and then you can use the free Windows password reset tool NTPWEdit. Don’t forget to add NTPWEdit to the USB stick before you boot up.

10. Use Microsoft Diagnostics and Recovery Toolset to reset the administrator password

MSDaRT is a toolset from Microsoft that allows you to repair a Windows installation. This tool is only available for Microsoft volume customers, TechNet Plus subscribers, and MSDN subscribers. You can easily recover an admin password with its Locksmith tool. Please check out my review about MSDaRT for more information.

11. Get a commercial password reset tool

Many commercial tools are available that allow you to reset the Windows administrator password. Technically, they do the same as the free tools. Some of them might be easier to use or come with better instructions than the free tools. But before you spend money, I recommend trying the other options I described in this article. I don’t want to recommend a particular tool here. However, I would prefer a tool where the vendor offers support in case you run into problems. Be careful—there are many black sheep exploiting desperate people by selling overpriced tools.

12. Reinstall Windows

This might sound like a joke, but in some cases this is the best method. For instance, if you don’t want to lose your EFS-encrypted files or stored credentials by resetting your password, but you desperately need the computer, you can just install Windows a second time. You will have access to all the files of the previous installation. Just make sure that you don’t overwrite the original Windows installation during the Windows setup. This allows you to boot up the original Windows installation at a later time. I am sure you will remember your forgotten Windows password sooner or later. As to my own experience, the old password will pop up in your mind right after you finish the installation and go to configure your new administrator password.

Please let me know in a comment below if you’ve heard of another option for resetting the Windows password.

• SysKey – Prevent Windows password cracks (1)
• 3 ways how to prevent cleaning lady hacks (4)
• Kon-Boot – The fastest way to remove a Windows password (8)
• Forgot the administrator password? The Sticky Keys trick (23)
• Offline enable the built-in administrator account in Windows 7 and Vista (6)

The free version supports up to 10 servers. The product also has a commercial version that supports unlimited number of servers, features long-term archiving storage and distributed data collection for highest performance. The long-term archiving of event logs is required by compliance regulations, e.g. SOX and HIPPA require 7 years of data, PCI requires 1 year.
Features and benefits:

• Event Log Archiving
• Event Log Consolidation
• Real-Time Alerting
• Web-based Reporting
• Includes predefined reports for regulatory compliance

Event Log Manager

• Free Windows Error Reporting (WER) viewing tool – AppCrashView (0)
• FREE: NT Toolkit – 28 useful admin tools (0)
• FREE: Total Network Monitor – A sophisticated network monitoring software (3)
• FREE: Kiwi Syslog Server – A Syslog daemon for Windows (2)
• FREE: CorreLog Windows Agent – A Syslog client (0)

Shortly after the CD drive starts spinning, you will see the Kon-Boot welcome screen. At this point, you have to press a key for Kon-Boot to continue. Somehow this destroys the beauty of this tool because it would certainly be even cooler to hack Windows without touching a key.

After you press a key, a second “I-am-so-proud-to-be-hacker-screen” appears. You have to wait here until the ego screen finishes its display, and then Kon-Boot will finally do what it is supposed to do. The last part is very quick and only takes a fraction of the time that the tool needs to display its hello-world screens.

You don’t receive a message that informs you whether the mission has been accomplished. Kon-Boot just reboots Windows and sets an empty password for all accounts it finds, enabling you to log on to any of the local accounts without a password.

I think, this would be the perfect password remove tool for all those desperate computer laymen who want to access their computer as quickly as possible without bothering their heads with terms such as system drive or SAM database.

However, I can’t really recommend this tool. I have tried the tool on a couple of Windows 7 machines and it failed several times. On Windows 7 Ultimate, it simply wasn’t able to remove the password, and crashed a freshly installed Windows 7 Home Premium computer. It worked consistently fine, however, on Vista and Windows XP.

The publisher claims that the recently updated version also supports Windows 7, and reports on the web appear to confirm this. So perhaps all my Windows 7 installations just had something in common that Kon-Boot didn’t like. If you have tried the tool on Windows 7, please let me know in a comment below.

Before you try the tool, you should know that some antivirus vendors identify Kon-Boot as malware. This is probably because its publisher markets Kon-Boot as a hacking tool. It is no wonder that Microsoft’s Security Essentials also classifies the tool as dangerous. It is kind of disrespectful to crack Windows on the fly.

On the other hand, I don’t understand why Microsoft doesn’t put a stop to such tools. It is true that a computer is much easier to crack if you have physical access. However, removing a administrator password appears to me to be too easy. Microsoft certainly could add one or two security levels that would prevent such easy hacks.

I mostly reviewed Kon-Boot to demonstrate how important it is to ensure that computers in your network can’t be hacked within a few seconds by a cleaning lady. Even though tools such as Kon-Boot won’t give an attacker access to domain accounts, it is no big deal to install a Trojan with a keylocker on all your desktops and just wait until users or domain administrators enter more interesting passwords.

In one of my next posts, I will show you what you can do to prevent cleaning lady hacks.

PS: Also check out the options you have to reset a Windows password.

• FREE: BitLocker to Go Reader – Read Files Protected with BitLocker under Windows XP (1)
• SysKey – Prevent Windows password cracks (1)
• 3 ways how to prevent cleaning lady hacks (4)
• 12 ways how to reset the Windows administrator password – Windows 7, Vista, Windows XP (151)
• FREE: CleanAfterMe – Erase computer history (5)