Win 2k Pro, pIV, 512 ram.

All was running well but in an attempt to stop being asked for the user password (which is known) the user deleted the user account. Now on bootup the password is still required but entering anything in the dialog box brings up the message:



The displayed User name is what it was before the account was deleted.

The original OS cd and coa are available. Any cure other than a full re-install?

Please note that password recovery info is NOT what's wanted, a method of reinstating the user account is.

Thanks

hmm was it the ONLY account on the system?

is their another admin access account?

It was the only user account. I understand that there was an Admin account but the pc always booted to the User account prior to its deletion.

Even after many years of dealing with computers I am still amazed at the numbers of ways that users find to destroy them!

From the information you have given so far, assuming a typical installation, there were three accounts on this computer:
1) The Administrator account (RID=500)
2) The Guest account (RID=501) normally disabled and locked
2) The "user account" (whatever it was called) (RID=1000 or greater)

Do not be swayed by the "user account" still being displayed on the login screen. All that tells you is the name of the last person to login, nothing more. It does not change, even if the account is destroyed, because it is only showing a value copied from the registry.

I know you have said that password recovery is not the issue here, but the password utility I have in mind will establish what user accounts still exist. You will need access to another computer with a CD-RW drive, then access to the broken computer.

Download and burn to CD, Petter Nordahl-Hagen's chntpw from his website. Read the instructions on his site thoroughly, then boot from the CD you have made. Follow the script that scrolls on-screen right through to editing users and passwords. At this point, a list will be shown, something like the following:
RID 0x1f4 Administrator
RID 0x1f5 Guest
RID 0x3e8 "user account"

You may see one, two, or all three of these depending upon what has been destroyed. It is not important to understand exactly what an RID is: just think of it as a user number. RID=500 (my top list) is the same as RID=0x1f4 (on-screen list) because 500 in base 10 = 0x1f4 in base-16 arithmetic.

By carefully following the on-screen prompts you can see this list and then exit without causing any damage. All you are doing is reading the disk. Depending on what you see, you could try logging in as the Administrator, or you could post your findings or further questions in this forum.

You haven't deleted the built-in admin account, as that's not possible by normal means atleast, so login to that account and from there restore the old account or create a new user account...

You log into the built-in admin account by typing the user-name: Administrator and then a blank password(unless you've configured a password...)

When you're into the built-in admin account, you can run 'net user' in a cmd prompt to see which accounts are still on the system...

I echo your sentiments especially as this user was usually very careful about what was done to the system.

I have run the program you suggested and the result is:

01f4 | Administrator | ADMIN | dis/lock |
01f5 | Guest........... | (blank) | dis/lock |

I have tried logging on to Administrator using both the known password and a blank, but get the same error message "The system could not log you on.... etc", the user claims not to know of any Administrator password. My understanding is that the account which was deleted was the user account with admin privileges which was setup when the OS was installed.

I guess the final solution will be to recover as much as possible then attempt to change the Administrator password and try booting again. If that doesn't work then I will format and re-install etc.... But will wait for your final guidance/suggestions...

Martin H - thank you for your suggestion, as you will see above it didn't work for me.

From what you have posted, both the remaining accounts are disabled and locked, preventing you from logging in. This can be fixed.

The CD you now have can clear all this, and reset the flags in the Registry to (re-)enable normal login. Again, since a script with prompts is running, you are guided through the procedure. Also you can now take the plunge and reset the password. By far the safest option is to choose a blank password, rather than attempt to set it to a particular name/word/phrase. You can always set/reset the password in the normal way, once you are logged-in.

Even if the password is already blank, it is best to ask the script to reset the disabled/locked status for Administrator, and also ask it to blank the password again.

In my experience re-enabling the locked account and blanking the Administrator password is very safe on Windows 2000. I have never yet lost a client's data. BUT it is always best not to be over-confident and to recover user data first. When you reboot, you will find that Windows first runs a chkdsk and checks the file system before the login screen appears. This is not a sign of a corrupted disk. The chntpw program has requested this, as a precautionary measure.

If all this fails, or you choose not to do it, you still have the option of a repair install of Windows, using the original Windows CD, without having to reformat the disk. The disadvantage of this is that you will lose all updates to Windows that have been issued since the date of the CD. Updating Windows to the present day is not a trivial matter but it is still better than reformatting the disk.

Schloss - only one word to describe CHNTPW and that's brilliant. The system is now booting, without password, to the Administrator account with full access to all files.

Many thanks for your help and guidance.