I have a customer with a Windows 10 PC which is blocking attempts to login, using (as far as he knows) the same Windows password that always worked. The
PC is set to use a Microsoft account rather than a local account (I knew
there was a reason why I set my Win7 and Win10 PCs to use local accounts!)

Is there any way of bypassing Windows security to be able to access the browser's list of saved IDs and passwords for websites?

Unfortunately, any attempt to reset the password is stuck in a deadly
embrace: the only "back door" is to send a code in an email to a Talktalk address whose password he doesn't know because he never uses it: it's always saved and supplied by his browser. The "back door" for Talktalk offers to
send its code to 1) the same address (circular argument!), 2) a BT Internet address whose password he doesn't know, 3) a mobile phone number that he no longer has access to. Attempts to reset the BT Internet email password seem
to disappear into a black hole: I seem to have changed the password successfully but the new username/password don't let me in. I have a feeling
of chasing my tail :-(

Talktalk seemed to be very unhelpful. It doesn't help that the email account
is "orphaned": it exists as an email address but there is no longer a
broadband account associated with it, because he changed in the past to use
BT Internet for broadband. So we can't use the bank account that pays the TT direct debit as a form of validation.

(For the future, I will make damn sure that he has a written record of all
the details which work, and that "back door" validation codes are sent to *other* email accounts and not the the same one whose details I've
forgotten. All the "circular references" and references to phone numbers
that no longer exist happened long before I was involved...)

Any suggestions? A password reset utility would get him into the PC, but
maybe at the expense of not allowing access to browser-saved usernames/passwords, so it would solve on problem but leave another
(accessing his emails) still remaining. And reinstalling Windows would lose everything of the personalisation, even if I first saved his c:\users\<username> tree structure.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

NY wrote:

I have a customer with a Windows 10 PC which is blocking attempts to
login, using (as far as he knows) the same Windows password that always worked. The PC is set to use a Microsoft account rather than a local
account (I knew there was a reason why I set my Win7 and Win10 PCs to
use local accounts!)

[snip]

It should be possible to create a "local administrator" account, see:

<https://www.isumsoft.com/windows-10/create-administrator-account-when-cant-sign-in-windows-10.html>

Google might find other ways ...


--
Graham J

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Mon, 27 Feb 2023 14:03:15 -0000, "NY" <me@privacy.invalid> wrote:

I have a customer with a Windows 10 PC which is blocking attempts to login, >using (as far as he knows) the same Windows password that always worked. The >PC is set to use a Microsoft account rather than a local account (I knew >there was a reason why I set my Win7 and Win10 PCs to use local accounts!)

Is there any way of bypassing Windows security to be able to access the >browser's list of saved IDs and passwords for websites?

Unfortunately, any attempt to reset the password is stuck in a deadly >embrace: the only "back door" is to send a code in an email to a Talktalk >address whose password he doesn't know because he never uses it: it's always >saved and supplied by his browser. The "back door" for Talktalk offers to >send its code to 1) the same address (circular argument!), 2) a BT Internet >address whose password he doesn't know, 3) a mobile phone number that he no >longer has access to. Attempts to reset the BT Internet email password seem >to disappear into a black hole: I seem to have changed the password >successfully but the new username/password don't let me in. I have a feeling >of chasing my tail :-(

Talktalk seemed to be very unhelpful. It doesn't help that the email account >is "orphaned": it exists as an email address but there is no longer a >broadband account associated with it, because he changed in the past to use >BT Internet for broadband. So we can't use the bank account that pays the TT >direct debit as a form of validation.

(For the future, I will make damn sure that he has a written record of all >the details which work, and that "back door" validation codes are sent to >*other* email accounts and not the the same one whose details I've
forgotten. All the "circular references" and references to phone numbers
that no longer exist happened long before I was involved...)

Any suggestions? A password reset utility would get him into the PC, but >maybe at the expense of not allowing access to browser-saved >usernames/passwords, so it would solve on problem but leave another >(accessing his emails) still remaining. And reinstalling Windows would lose >everything of the personalisation, even if I first saved his >c:\users\<username> tree structure.

I believe there are password recovery programs around. Do a search for

Windows password recovery<

KenW

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2/27/23 09:55, this is what Graham J wrote:

NY wrote:

I have a customer with a Windows 10 PC which is blocking attempts to login, using (as far as he knows) the same
Windows password that always worked. The PC is set to use a Microsoft account rather than a local account (I knew
there was a reason why I set my Win7 and Win10 PCs to use local accounts!)

[snip]

It should be possible to create a "local administrator" account, see:

<https://www.isumsoft.com/windows-10/create-administrator-account-when-cant-sign-in-windows-10.html>

Google might find other ways ...

I've seen this before (the site & directions), and it sounds like it should work.
--
Al

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2/27/23 09:03, this is what NY wrote:

I have a customer with a Windows 10 PC which is blocking attempts to login, using (as far as he knows) the same Windows
password that always worked. The PC is set to use a Microsoft account rather than a local account (I knew there was a
reason why I set my Win7 and Win10 PCs to use local accounts!)

Is there any way of bypassing Windows security to be able to access the browser's list of saved IDs and passwords for
websites?

Unfortunately, any attempt to reset the password is stuck in a deadly embrace: the only "back door" is to send a code in
an email to a Talktalk address whose password he doesn't know because he never uses it: it's always saved and supplied
by his browser. The "back door" for Talktalk offers to send its code to 1) the same address (circular argument!), 2) a
BT Internet address whose password he doesn't know, 3) a mobile phone number that he no longer has access to. Attempts
to reset the BT Internet email password seem to disappear into a black hole: I seem to have changed the password
successfully but the new username/password don't let me in. I have a feeling of chasing my tail :-(

Talktalk seemed to be very unhelpful. It doesn't help that the email account is "orphaned": it exists as an email
address but there is no longer a broadband account associated with it, because he changed in the past to use BT Internet
for broadband. So we can't use the bank account that pays the TT direct debit as a form of validation.

(For the future, I will make damn sure that he has a written record of all the details which work, and that "back door"
validation codes are sent to *other* email accounts and not the the same one whose details I've forgotten. All the
"circular references" and references to phone numbers that no longer exist happened long before I was involved...)

Any suggestions? A password reset utility would get him into the PC, but maybe at the expense of not allowing access to
browser-saved usernames/passwords, so it would solve on problem but leave another (accessing his emails) still
remaining. And reinstalling Windows would lose everything of the personalisation, even if I first saved his
c:\users\<username> tree structure.

If you want the browser passwords, I'd boot a live Linux CD, copy the browser profile folder like %APPDATA%\firefox to
the /home/mint/.mozilla/firefox folder on the live cd while it's running. You could then launch firefox and see the
passwords etc.

You don't says what browser.
--
Al

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

NY <me@privacy.invalid> wrote:

I have a customer with a Windows 10 PC which is blocking attempts to login, using (as far as he knows) the same Windows password that always worked. The PC is set to use a Microsoft account rather than a local account (I knew there was a reason why I set my Win7 and Win10 PCs to use local accounts!)

Is there any way of bypassing Windows security to be able to access the browser's list of saved IDs and passwords for websites?

If security were easy to bypass, it wouldn't be worth a gnat's fart.

Not matter which type of account you create when installing Windows, an administrator account ("Administrator") is always created. To see for yourself, in an elevated command shell run:

net users

You might have to unhide the Administrator account. I don't have the
steps memorized, so do a search on "windows 10 show administrator
account". As I recall, just because it is hidden does not prevent you
from logging into it.

Reboot the computer, and at Windows login try to log into Administrator.
I don't remember being asked for the password for the Administrator
account during setup. I was asked for my Microsoft account and started
with that.

Considering the lack of expertise as a sysadmin for the user you are
trying to help, I suggest someone more knowledgeable do the log into Administrator. If the user fucks the Administrator account, you're
looking at a reinstall of Windows.

If the user trusts you with their logins, you could use your web browser
to log into the user's Microsoft account. Since his local login doesn't
work, the online login might fail, too. However, there should be a
"Forgot Password" option. The reset e-mail would go to his e-mail
account (depends on what he specified for that), and you would have to
log into his e-mail account to see the link or new password.

This user has no access to another computer himself, like another family member's computer, a computer at work, a friend's computer, an Internet
cafe, etc?

There isn't a "Forgot Password" link in the Windows login screen? The following article mentions a "Reset password" link on the sign-in
screen. The problem is if the user has forgotten their login password
then perhaps they also forgot their answers to the security questions.

https://support.microsoft.com/en-us/windows/change-or-reset-your-windows-password-8271d17c-9f9e-443f-835a-8318c8f68b9c#WindowsVersion=Windows_10

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2023-02-27 16:31, Big Al wrote:

On 2/27/23 09:03, this is what NY wrote:

I have a customer with a Windows 10 PC which is blocking attempts to
login, using (as far as he knows) the same Windows password that
always worked. The PC is set to use a Microsoft account rather than a
local account (I knew there was a reason why I set my Win7 and Win10
PCs to use local accounts!)

Is there any way of bypassing Windows security to be able to access
the browser's list of saved IDs and passwords for websites?

...

If you want the browser passwords, I'd boot a live Linux CD, copy the
browser profile folder like %APPDATA%\firefox to the /home/mint/.mozilla/firefox folder on the live cd while it's running.
You could then launch firefox and see the passwords etc.

You don't says what browser.

I was going to suggest something like this. It should work if firefox
has a local master password. If this is not set, I don't know if the
login/pass data is protected or not.

--
Cheers, Carlos.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2/27/23 09:03, this is what NY wrote:

I have a customer with a Windows 10 PC which is blocking attempts to login, using (as far as he knows) the same Windows
password that always worked. The PC is set to use a Microsoft account rather than a local account (I knew there was a
reason why I set my Win7 and Win10 PCs to use local accounts!)

Is there any way of bypassing Windows security to be able to access the browser's list of saved IDs and passwords for
websites?

<snip>


When access to password managers is so easy, one would think that people with thin memories would use a password
manager. I use Bitwarden, and I can access it from anywhere, so I store my Windows login password there too.
--
Al

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

"Big Al" <Bears@invalid.com> wrote in message news:ttiibl$39kfd$2@dont-email.me...

If you want the browser passwords, I'd boot a live Linux CD, copy the
browser profile folder like %APPDATA%\firefox to the /home/mint/.mozilla/firefox folder on the live cd while it's running. You could then launch firefox and see the passwords etc.

Hmmm. Yes, Firefox saves everything in nice files that you can copy from one
PC to another (I did it when I got a new laptop and copied my
saved-passwords list from my old laptop). I have a nasty feeling that he may not be using FF.

You don't says what browser.

I don't know what browser (and the customer wouldn't have a clue). I imagine
it will be the Windows default: probably Edge. Few non-techies install third-party browsers, and if they do, they tend to install Google Chrome.


The good news is that I managed to persuade Talktalk to add the customer's *current* mobile phone number as a get-out-of-jail password-recovery
mechanism. They said it would take up to three days for the change to take effect (though I'll try sooner than that!) but hopefully I can then do a password-recovery on the customer's Talktalk email password, and once we
have access to his email, I can use the Windows password-recovery to send a code to his Talktalk email. So the end *may* be in sight.

I'll also set the Windows recovery to use his mobile phone number and a newly-created gmail account, and set Talktalk to use that gmail account - anything to break the deadly embrace of defining email address X as the recovery address for the password of account X ;-)

It was a case of one damn thing after another: each email account used
either itself, or else another account for which we didn't have the
password, or else an obsolete mobile phone number which he couldn't even *remember* let alone access. He'd kept a record of account details and passwords - but unfortunately all the entries were out of date and didn't
help :-(

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

"VanguardLH" <V@nguard.LH> wrote in message news:1oomtpbw2hlgn$.dlg@v.nguard.lh...

There isn't a "Forgot Password" link in the Windows login screen? The following article mentions a "Reset password" link on the sign-in
screen. The problem is if the user has forgotten their login password
then perhaps they also forgot their answers to the security questions.

I did try that: Windows tries to use the email/phone detail that you
configured when you created the user, but if offers to use a browser
instead, with a long URL of random characters. Brilliant: took some typing
and checking, but I did it. However the information that it asked for (name, date of birth, previous passwords allocated before the current unknown one, etc) was not sufficient for it to authorise recovery of the password. It may even have been asking for some information that the customer had never set.

I'm glad I wasn't responsible for setting up the various systems so as to
use the same address for recovery as the one that I was trying to access, or
to use a mobile phone number that no longer existed. It's a matter of
thinking "I've changed my phone" or "I no longer have access to this email"
and changing the places where those details are used for recovering a
password on something unrelated.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2/27/2023 9:03 AM, NY wrote:

I have a customer with a Windows 10 PC which is blocking attempts to login, using (as far as he knows) the same Windows password that always worked. The PC is set to use a Microsoft account rather than a local account (I knew there was a reason why I

set my Win7 and Win10 PCs to use local accounts!)

Is there any way of bypassing Windows security to be able to access the browser's list of saved IDs and passwords for websites?

Unfortunately, any attempt to reset the password is stuck in a deadly embrace: the only "back door" is to send a code in an email to a Talktalk address whose password he doesn't know because he never uses it: it's always saved and supplied by his

browser. The "back door" for Talktalk offers to send its code to 1) the same address (circular argument!), 2) a BT Internet address whose password he doesn't know, 3) a mobile phone number that he no longer has access to. Attempts to reset the BT
Internet email password seem to disappear into a black hole: I seem to have changed the password successfully but the new username/password don't let me in. I have a feeling of chasing my tail :-(

Talktalk seemed to be very unhelpful. It doesn't help that the email account is "orphaned": it exists as an email address but there is no longer a broadband account associated with it, because he changed in the past to use BT Internet for broadband. So

we can't use the bank account that pays the TT direct debit as a form of validation.

(For the future, I will make damn sure that he has a written record of all the details which work, and that "back door" validation codes are sent to *other* email accounts and not the the same one whose details I've forgotten. All the "circular

references" and references to phone numbers that no longer exist happened long before I was involved...)

Any suggestions? A password reset utility would get him into the PC, but maybe at the expense of not allowing access to browser-saved usernames/passwords, so it would solve on problem but leave another (accessing his emails) still remaining. And

reinstalling Windows would lose everything of the personalisation, even if I first saved his c:\users\<username> tree structure.


Ah, yes. A password recovery spiral.

For a local account, there were some hacks to cause an administrator command prompt
to appear on the screen at startup. This allows a user to access the "password" command
and change a lowly local account password. Some of the easy methods have been blocked
for that, so it is not quite as easy to fix things as it used to be. And that's *only*
for a local, that won't fix an MSA.

And you've already experienced what a recovery is like, when the comms channel for the account is not working any more. Still, the person in this
situation, can review the information here.

https://www.digitalcitizen.life/how-reset-password-your-microsoft-account/

It could be that the account has been blocked, because "too many attempts
have been made to get in". Or, the account really could have been compromised, using a known password for the same individual.

This is not the same thing, but I had a gmail that was blocked on me. I
let it sit for six months, and then when I logged in, it worked :-)
How is that for a recovery strategy :-/ Even if they did the simple
things, like make the password string visible while it was being typed
in, that would be a start at improving the statistics.

*******

And I don't really want to address how to "make this bulletproof",
except to make a disparaging reference to a product. Someone makes
a security key that you plug into a USB port, and that can be tied
to a Microsoft account. Mechanically, the product is poorly made, and
looking at it, you would ask yourself what were they thinking. Then,
on the product web site, it will say "you should buy two of these, OK ?"
Yet, as a marketing exercise, they don't enumerate the reasons
why they think you should buy two. Undoubtedly the tech support
phone number is ringing off the hook, from the customers that
only bought one of the keys, and now their life is a shambles
because the key doesn't work :-)

So yes, there's a lot to be said for having a local account.

"In The Wizard of Oz (1939), Dorothy Gale comes to learn that
there's "no place like C:\users\home"
"

Who will stop this madness, I wonder...

Paul

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

NY <me@privacy.invalid> wrote:

"VanguardLH" <V@nguard.LH> wrote in message news:1oomtpbw2hlgn$.dlg@v.nguard.lh...

There isn't a "Forgot Password" link in the Windows login screen? The
following article mentions a "Reset password" link on the sign-in
screen. The problem is if the user has forgotten their login password
then perhaps they also forgot their answers to the security questions.

I did try that: Windows tries to use the email/phone detail that you configured when you created the user, but if offers to use a browser
instead, with a long URL of random characters. Brilliant: took some typing and checking, but I did it. However the information that it asked for (name, date of birth, previous passwords allocated before the current unknown one, etc) was not sufficient for it to authorise recovery of the password. It may even have been asking for some information that the customer had never set.

I'm glad I wasn't responsible for setting up the various systems so as to
use the same address for recovery as the one that I was trying to access, or to use a mobile phone number that no longer existed. It's a matter of thinking "I've changed my phone" or "I no longer have access to this email" and changing the places where those details are used for recovering a password on something unrelated.

This user doesn't have a smartphone he uses to web browser and perhaps
have e-mail apps on it to the same MS account?

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

NY wrote on 2/27/2023 2:16 PM:

I'll also set the Windows recovery to use his mobile phone number and a newly-created gmail account, and set Talktalk to use that gmail account - anything to break the deadly embrace of defining email address X as the recovery address for the password of account X ;-)

A MSA(Microsoft Account) has multiple configurations for:
a. Signing on
b. Security

Where (a) signing on by default is the MSFT Account email address and
password via web site url account.microsoft.com
Where (b) is the security configurable settings for
notification(including password reset/account reactivation etc)


For (a) the sign-in setting are in the MSA online account under 'Your
Info' category
- only the MSA email address is recommended, not the phone
- for the same reason, folks change phone providers/phone numbers/email
Note: even though a 3rd party email account is no longer available from
the provider, that MSA logon for that email account is not lost(i.e. the
MSA for the account once created for use as an MSA remains independent
from the provider email account(active or inactive or deleted or no
longer available)
- another reason to not configure a phone for sign-in...and a common
problem when doing so, folks forget to update the MSA sign-in for a no
longer avaialble phone number with the new one(required deleting the old
and adding the new, not editing the old)

For (b) - the configurable settings are under the online MSA in the
'Security' section.
=> this is the location one configures notification options where an alternate phone number and text capable phone number is entered.
- yes, that phone number has to be updated to but not tied to signing
in. Notification methods are and should be separate from sign-in methods.
Note: If nothing is configured in this section(alternate email or phone,
then password recovery via this route won't be available.

An MSA does require one to sign-on using that MSA at least once every two
years and sign on should be done in a browser at account.microsft.com or outlook.com or onedrive.com. Optionally if one has a subscription to
M365 and that MSA is also the owner of the M365 account, then signing on
in Office and using Office Outlook for that email account(configured automatically with the Exchange protocol) will meet the time limit
requirements for signing on with the MSA to retain the account's active
status.
- If not signed on in the 2 yr time frame, the account goes into
inactive status for 60 days then permanently/automatically deleted.
- Another good reason to sign-in on the web UI when having an M365 Office(Personal or Family) - Office requires that MSA to be signed in for
use to retain full usage rights. Likewise another reason to always
consider setting up (b) options if the MSA goes inactive/locked/etc.

In your customer's case...if that MSA was never used to sign-in in the
web UI(options noted above) then his account may have went inactive or
even expired - the latter doesn't seem likely if attempts to reset the
password provided those Talktalk or BT internet options. Inactive may
have been the issue, which would require one to sign-in in the web UI at account.microsoft.com to reactivate/validate the email as active.

There are other reasons for not being able to access an account.
- Account locked(Can be unlocked by use of any phone number provided as
long as text message capable to send a numeric code for unlocking. The
phone number does not have to associated with that Email account signon
or notification settings)
- Hacked or Compromised(online tool available to regain control and reactivate for use)

Good luck with the 'get-out-of-jail' mobile number.

It was a case of one damn thing after another: each email account used
either itself, or else another account for which we didn't have the
password, or else an obsolete mobile phone number which he couldn't even *remember* let alone access. He'd kept a record of account details and passwords - but unfortunately all the entries were out of date and didn't help :-(

Happens quite often(all the above).

--
...w¡ñ§±¤ñ

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 27/02/2023 14:03, NY wrote:

I have a customer with a Windows 10 PC which is blocking attempts to
login, using (as far as he knows) the same Windows password that always worked. The PC is set to use a Microsoft account rather than a local
account (I knew there was a reason why I set my Win7 and Win10 PCs to
use local accounts!)

Is there any way of bypassing Windows security to be able to access the browser's list of saved IDs and passwords for websites?

Unfortunately, any attempt to reset the password is stuck in a deadly embrace: the only "back door" is to send a code in an email to a
Talktalk address whose password he doesn't know because he never uses
it: it's always saved and supplied by his browser. The "back door" for Talktalk offers to send its code to 1) the same address (circular
argument!), 2) a BT Internet address whose password he doesn't know, 3)
a mobile phone number that he no longer has access to. Attempts to reset
the BT Internet email password seem to disappear into a black hole: I
seem to have changed the password successfully but the new
username/password don't let me in. I have a feeling of chasing my tail :-(

Talktalk seemed to be very unhelpful. It doesn't help that the email
account is "orphaned": it exists as an email address but there is no
longer a broadband account associated with it, because he changed in the
past to use BT Internet for broadband. So we can't use the bank account
that pays the TT direct debit as a form of validation.

(For the future, I will make damn sure that he has a written record of
all the details which work, and that "back door" validation codes are
sent to *other* email accounts and not the the same one whose details
I've forgotten. All the "circular references" and references to phone
numbers that no longer exist happened long before I was involved...)

Any suggestions? A password reset utility would get him into the PC, but maybe at the expense of not allowing access to browser-saved usernames/passwords, so it would solve on problem but leave another (accessing his emails) still remaining. And reinstalling Windows would
lose everything of the personalisation, even if I first saved his c:\users\<username> tree structure.

I've used the freeware Offline NT to reset a local account password before
- https://pogostick.net/~pnh/ntpasswd/

Major Geeks notes that their zip contains the files to run from either a
DVD (& presumably CD) or USB
- https://www.majorgeeks.com/files/details/offline_nt_password_and_registry_editor.html

Link wraps.

--
Regards
wasbit

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2023-03-02 22:23, NY wrote:

...

And I wrote down all the passwords, together with a description of what
each one was used for, and said "keep these safe and remember to update
these pieces of paper if you change the email/Windows passwords or your mobile phone number in future".

I buy a new small notebook, where I write some details about the
configuration, keys or procedures needed to enter boot or bios config,
and login/passwords, then give it as a gift to the person.

Don't loose it.

However, it can happen that the user rips the pages and reuses the
notebook. Fortunately, she kept the pages safely. I bought a new
notebook and transferred the notes. Told not loose or rip the pages.

:-D

I may keep a copy of it.

--
Cheers, Carlos.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 27/02/2023 14:03, NY wrote:

I have a customer with a Windows 10 PC which is blocking attempts to
login, using (as far as he knows) the same Windows password that always worked. The PC is set to use a Microsoft account rather than a local
account (I knew there was a reason why I set my Win7 and Win10 PCs to
use local accounts!)

Is there any way of bypassing Windows security to be able to access the browser's list of saved IDs and passwords for websites?

Unfortunately, any attempt to reset the password is stuck in a deadly embrace: the only "back door" is to send a code in an email to a
Talktalk address whose password he doesn't know because he never uses
it: it's always saved and supplied by his browser. The "back door" for Talktalk offers to send its code to 1) the same address (circular
argument!), 2) a BT Internet address whose password he doesn't know, 3)
a mobile phone number that he no longer has access to. Attempts to reset
the BT Internet email password seem to disappear into a black hole: I
seem to have changed the password successfully but the new
username/password don't let me in. I have a feeling of chasing my tail :-(

Good news in this saga. I broke the deadly-embrace of "forgotten
password" mechanisms without needing to bypass Windows security or
create a new Admin account.

I managed to talk to someone from TalkTalk whom I persuaded to change
the mobile phone number used for account recovery from an obsolete
number to the user's current number. It needed a few security questions answering as proof.

So I could then:

- do the Talktalk "forgotten password" routine, sending a reset code by
text to the user's phone, thus gaining access to his incoming emails

- do the Windows "forgotten password" routine, sending a reset code by
email to TalkTalk

- log in to Windows using the newly created password

It turned out that the PC was Win 11, not Win 10 - no way of
distinguishing them when the customer doesn't know what version of
Windows he has and the start-from-cold screens as far as the password
screen don't display the version.


I was surprised that it went through some of the stages that you get
when you create new Windows user, so I was pleasantly surprised to see
that the Downloads, Pictures, Documents etc folders still had the
contents that he's placed there before he lost access. Control Panel |
Users showed that there was only one used defined (and it was an Admin
account) and c:\users showed only one user profile directory (apart from
the standard "Public" and "Default" ones).

I could even have looked up the TalkTalk password in his browser's saved passwords list. If it had been Firefox I'd have done it because I know
exactly where to look; since he used Edge, and the password had already
been changed, it wasn't worth that hassle of investigating Edge's
equivalent menus for something that was only of academic interest.



As to why it happened, goodness knows. He swears blind that he used the original Windows password when he used logged on to the PC on Friday,
then brought it out of sleep (not even startup from having been
shutdown) on Saturday and the same password was rejected. All rather
worrying.

Could a Windows update have affected it? I noticed that Windows had
downloaded V22H2 of Win 11, together with a few other things that I
forgot to note down from Windows Update | Update History. That took a
*long* time to install - I went home, hand my lunch and came back a few
hours later, having left the PC to do its thing.


And I wrote down all the passwords, together with a description of what
each one was used for, and said "keep these safe and remember to update
these pieces of paper if you change the email/Windows passwords or your
mobile phone number in future".

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

NY wrote:

[snip]

Could a Windows update have affected it? I noticed that Windows had downloaded V22H2 of Win 11, together with a few other things that I
forgot to note down from Windows Update | Update History. That took a
*long* time to install - I went home, hand my lunch and came back a few
hours later, having left the PC to do its thing.

And I wrote down all the passwords, together with a description of what
each one was used for, and said "keep these safe and remember to update
these pieces of paper if you change the email/Windows passwords or your mobile phone number in future".

So now you absolutely MUST create a Local Admin account with a password
that only you know - and write down securely - so that at least you can
get into the computer when your customer next forgets his password.

Having done that I think you can use this Local Admin account to set a
new password for the user's Microsoft Account, so that - with the
internet disconnected - you can log into his account when he next
forgets his password. When you later connect to the internet you may be prompted to set up the new password for the Microsoft website, and this
may still require knowledge of the old forgotten password, but you might
at least be able to use more of the password recovery tools.

I think it is possible that a W11 update broke his machine - I've seen something on the web about M$ accounts being locked out but I can't
remember what. If he uses OneDrive and has stored a file there which M$ doesn't like (e.g. kiddie pron, perhaps a pic of a small child in the
bath) then he might never get back his MS account.

Use of OneDrive does not remove the need for a local backup that is
totally under the control of the user.



--
Graham J

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 3/2/2023 4:23 PM, NY wrote:

As to why it happened, goodness knows. He swears blind that he used the original Windows password when he used logged on to the PC on Friday, then brought it out of sleep (not even startup from having been shutdown) on Saturday and the same password

was rejected. All rather worrying.

Could a Windows update have affected it?

Obviously, he had Windows 11 installed over Windows 10, very very recently. Golly, I wonder how that happened. Yet another mystery for the XFiles.

Look in C:\Windows.old for proof. If you have a Windows.old, then
the Windows has changed versions on you. Windows.old will auto-delete
after some number of days. (You can "revert" to Win10 again, if
Windows.old still exists.)

There are people who will claim this can't happen, unless you "click something".
Dunno. It's all just too suspicious.

Paul

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Thu, 2 Mar 2023 18:02:14 -0500, Paul <nospam@needed.invalid> wrote:

On 3/2/2023 4:23 PM, NY wrote:

As to why it happened, goodness knows. He swears blind that he used the original Windows password when he used logged on to the PC on Friday, then brought it out of sleep (not even startup from having been shutdown) on Saturday and the same password

was rejected. All rather worrying.

Could a Windows update have affected it?

Obviously, he had Windows 11 installed over Windows 10, very very recently. >Golly, I wonder how that happened. Yet another mystery for the XFiles.

Look in C:\Windows.old for proof. If you have a Windows.old, then
the Windows has changed versions on you. Windows.old will auto-delete
after some number of days. (You can "revert" to Win10 again, if
Windows.old still exists.)

There are people who will claim this can't happen, unless you "click something".
Dunno. It's all just too suspicious.

My sister's Win 10 laptop magically showed up one morning, a few weeks
ago, proudly wearing Win 11. I grilled her pretty hard but she insists
that she saw nothing at all to suggest that an upgrade was going to
happen.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)