I have an XP Pro workstation that has the user names hidden. I have the local admin password but not the name and it was changed from the default. Does anyone know how I can find out the local admin name without having admin rights? I do have domain rights. Thanks!
Generally, a simple way to enumerate the accounts of a local machine uses the WMIC. Enter "wmic useraccounts" on a command line to see a list of local user accounts. I doubt that domain rights only are enough to do so, but you might try it anyway. Alternatively, do you happen to have enough rights to grab a copy of "%SystemRoot%\system32\config\SAM.bak"? If so, you might be able to attach it to the registry of a different computer (where you have local administrative rights) and get the user name from there. [Edit: Forgot something: If the machine's null session shares have not been nailed shut, you might have luck using this tool (please remove the spaces in the URL): http :// ntsecurity.nu / toolbox / winfo / ]
Ophcrack.. if you know the password, you need not do anything more than load the disk, no need to progress to cracking. The user accounts will be shown immediately on load...If all goes correctly..LOL