How can I recover a deleted password?

Answer

1. Now open a device where you haven’t been logged in on Google Chrome before.
2. Open the Google Chrome browser on this device.
3. Watch for a pop-up about deleting all passwords, and confirm that you want to delete your passwords by clicking Delete All Passwords on the prompt window.
4. Once again, open Settings on this screen to verify that no syncing is occurring with the Google account attached to these deleted passwords [as it was when we went through previous steps].
5. On another computer or mobile device now, sign into this google account as well.
6. Now open the other device where you deleted your passwords.

If you don’t know your password, all is not lost. You can use a program called ntpasswd to add a new user with no password (or to change an existing account). This will allow you to log on and then you can run the pwunconv command which will convert your old encrypted passwords into plain text so that they can be edited by hand and re-encrypted. See the detailed instructions for info on how to recover these older versions of passwords. Also see this article: Recovering NT4 Password using UNIX .

How do I create or modify an account?

To create a user account in Windows NT 4, first log on as Administrator or another privileged user, then type:

ntpasswd <username>

This will create and disable an account for <username>. To enable the user to log on, type:

net localgroup Users [<domainname>]\<username> /add

Net User is now used to add or modify users of NT systems. Previously, NetUserAdd was used. If you still have scripts using NetUserAdd, you can use this Microsoft Knowledge Base article (Q140422) to convert them over.

You may need to run ntconfig as well in order to configure a workstation so that it will boot into Windows NT 4 instead of 3.x or 9x, so that network drives are accessible and other services are started at startup.

What is the NTLM Domain/Workgroup setting?

This refers to where logons will be processed. If you keep it at WORKGROUP, then any user can log on from any computer (or even if they are not logged on). This should probably only be enabled for Terminal Servers or Citrix systems that are providing access to client computers.

If you set your NTLM domain to something other than WORKGROUP, users must log on from the same workstation each time in order to get access. See Setting Up Active Directory and Domains for information about creating NT domains and using ADAM or Active Directory Services. Remember that a domain controller will need to be running Windows NT 4 SP4 + MS03-026, Windows 2000 or later and Active Directory Services.

Here is a brief discussion on the subject from a Microsoft employee:

Originally posted by “Microsoft Support” ([email protected]) at www.microsoft.com/support: The Domain / Workgroup settings are unclear in their use and function for NT4-based systems. A computer that is set to domain logon server can service users from any workstation within a specified Active Directory (AD) domain; all other computers will need to be located on the same network segment as the user’s workstation in order for successful authentication to occur. This requirement may remain even if all clients and servers reside within the same NT domain. The concept of a workgroup allows for users to log on from any computer within the network, or even one that is remote. One drawback to the use of workgroups is that user accounts are not replicated through Active Directory (AD). Thus, if you create a local account on a server and then try to access resources from another client computer, you will be prompted for an NT password before access is granted. Memberships in authenticated groups can also be added locally rather than through AD as well.

If your goal is to have a domain environment where authentication occurs via Kerberos (similar to Windows 2000 servers), this means that all servers and clients must reside within the same domain and follow separation rules outlined by NT4AD. This means that clients and servers cannot be in the same workgroup. Therefore, to set NT4AD up for a domain environment, you must specify a domain logon server or an NT4-based DC as the system’s logon server.

If you want your users to get their access through passwords, you are better off having them all on one computer (since they can share accounts), but keeping the Domain / Workgroup settings at WORKGROUP where it is easier to manage local user accounts. If you have many computers in various locations and all of those are being used by the same employees, this would be acceptable also as long as they have hard drives with network maps that connect them all together and everyone has the latest versions of password files on them.

If you need to set up a domain environment, keep in mind that a NetBIOS name is limited to 15 characters which will allow only for about 16 users (including the computer name). That means that if you have more than about 50 computers or users, then you are better off using an AD instead of a NT 4 domain because it can easily handle thousands of users/computers with ease.

For Windows 2000 Server and Small Business Server, also known as “Windows 2000 Advanced Server,” the maximum length is 24 characters including the double byte version (30 names per node). This would allow for over 6000 computers and users!

To enable your system as an NTLM logon server:

Go to Control Panel, and click on the Network icon. Click Only for this user under Advanced Settings. Select Enable advanced security services (NLS) support from Tcpip network protocols and select Microsoft domain security mode.

To enable an NT4 system to work in a mixed domain with other systems using NTLM authentication:

Set up your NT 4 SP 5 servers as an “NTLMSSP” server – see instructions above or here.

For Server 2003/2000 / XP Professional Workstations:

1) Logon as a Domain Administrator, if you are not already logged on as one

2) Click Start at the bottom left of your screen, then right-click My Computer at the top of the Start menu. Select Properties from the drop-down menu.

3) Click the Computer Name tab at the top of this window, then click Change in the box next to your computer’s name.

4) In the dialog box that opens, look for DNS Suffix For This Connection under DC Locator Options and make sure it is blank. If there is a DNS suffix listed here, remove it by highlighting it with your mouse and pressing Delete on your keyboard – (Doing so will not affect any existing network connections)

5) Click Apply/Ok. Your domain controller should now appear in Network Neighborhood as “WORKGROUP” unless you changed its display name beforehand. Also, Windows NT 4 server systems in your domain will no longer be listed in Network Neighborhood.

6) Now let’s set up Security Settings by going back to My Computer and clicking on the Advanced tab at the top of this window, then selecting the Performance sub-Options under MS Networking Services.

7) Click on Edit in the box next to Client For Microsoft Networks and make sure that Disable This Service is NOT checked. If it is checked, click on Disable This Service, then click Apply/Ok. (This setting may also be referred to as “Client for MS Networks” instead of “Client for Microsoft Networks”)

8) Click Edit again and checkmark File And Print Sharing, which should now appear in a list below Client For Microsoft Networks under Advanced Settings.

9) Click Apply and close all open windows. Your system should now be able to connect to any other domain controller on your network using NTLM authentication and allow for the sharing of folders, printers, etc.