Utilman.exe to cmd.exe and back

Let’s say you have a Windows (virtual) machine, for which you’ve forgotten your login info, but you want to enter it anyway, because of… reasons. 😀

How can you do it?

Note – if the disk/VM is encrypted, you’ll need the decryption key, of course (if you don’t have it, well… I’m sorry, the following won’t really help you).

Ok, if it’s a virtual machine and you only need to grab some data from it, it’s relatively easy – you’ll just mount the virtual disk, extract the data needed and done.

If you need access to the OS instead, you can maybe use the old trick with replacing the Utilman.exe with cmd.exe, which essentially gives you command prompt with local system permissions, which then gives you… well, everything you need.

One minor obstacle with doing this “hack” would be the fact that the owner of Utilman.exe is actually the TrustedInstaller, so your workflow would be like this:

  • (e.g. turn off the VM, mount the disk, …)
  • replace the owner of Utilman.exe
  • add yourself the needed permissions
  • replace the Utilman.exe with cmd.exe
  • do what you need (e.g. change the local Administrator’s password, set this account as active, …)
  • cleanup (replace the replaced Utilman.exe with the original one)

And we can do this with PowerShell:

And now you can login as local Administrator again and do the work you wanted to do in the first place. 😊

To leave things in (somewhat) the way we found them, we can use the following PowerShell:


Playing with folders and permissions

This one will be short and sweet. Smiješak

Imagine you have an Active Directory full of users. You also have a file server in your environment. And, as it happens, each of your users needs to have a folder created just for himself, on this file server. Each folder should have inheritance disabled and each user should get full permissions on his folder.

What do you do?

Well, we can manually create the required folders, or we can use a PowerShell script which will do it for us. Obviously, I’ve chosen PowerShell (maybe not the nicest script in the world, but it does the job), or this post would be… lame. Smiješak

So, the interesting part of this script goes like this (I’ve added a few empty lines to make comments more visible):