RE: SAM file editing

["Wertheimer, Ishai" <iwertheimer () kpmg com>]

Pat,

There is a Linux boot disk that can edit a local SAM file. You can boot the
target machine with it and change a specific password directly.


Ishai Wertheimer
Manager - Information Risk Management Services
KPMG Somekh Chaikin


-----Original Message-----
From: Russell, Pat [mailto:pat.russell () jlspecialty com]
Sent: Friday, June 22, 2001 1:46 PM
To: pen-test () securityfocus com
Subject: SAM file editing


Is it possible to edit the SAM file in NT4.0 without using an external
program?  I have an incident where someone gave himself administrative
rights the domain but insists "all" he did was modify the SAM file on the
local machine.  This doesn't sound right but I am not sure.  Thanks for any
help...

Pat Russell
Process Control & Automation Engineer
J&L Specialty Steel, Inc.
pat.russell () jlspecialty com 

*****************************************************************************
The information in this email is confidential and may be legally privileged.
It is intended solely for the addressee. Access to this email by anyone else
is unauthorized. 

If you are not the intended recipient, any disclosure, copying, distribution
or any action taken or omitted to be taken in reliance on it, is prohibited
and may be unlawful. When addressed to our clients any opinions or advice
contained in this email are subject to the terms and conditions expressed in
the governing KPMG client engagement letter.         
*****************************************************************************