Requirements

<< Click to Display Table of Contents >>

Navigation:  System and Data Recovery Programs > Proactive Password Auditor >

Requirements

Windows 2000, Windows XP, Windows Vista, Windows 7, Windows 8, Windows Server 2003/2008/2012 (32-bit or 64-bit)

 

Please note that some features (such as dumping password hashes from memory or registry) are available only with Administrator privileges. If no administrative privileges are available, or if the Administrator's password is lost, forgotten or expired, or if the Administrator's account is locked or disabled, you may use Elcomsoft System Recovery to reset or change passwords to any user local or Active Directory accounts, enable/unlock disabled/locked accounts, dump password hashes into the text file and more.

 

Extra requirements for dumping password hashes from the memory:

 

The value of 'RestrictAnonymous' must be set to 0 or 1 in the following key:

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA

 

Remote access to the registry by domain users also should NOT be restricted using the following key:

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg

 

Both the local and remote computers must have File and print sharing (i.e., the Workstation and Server services) enabled.

 

The remote system should have the Admin$ share (a hidden share that maps to the \windows directory), or another share with the same properties defined.

 

Windows XP/Windows Server 2003 issues: If the remote machine you are about to dump password hashes from is running Windows XP SP2+ or Windows Server 2003+, the Network access: Sharing and security model for local accounts security policy should be set to Classic - local users authenticate as themselves. It can be done using the Group Policy Editor (gpedit.msc) under the following branch: Local Computer Policy | Computer Configuration | Windows Settings | Security Settings | Local Policies | Security Options.

 

If, for some reason, PPA fails to dump from the remote computer, please try to connect to ADMIN$ resource manually in Windows Explorer: Tools | Map Network Drive. If the connection is performed successfully, PPA should work; if not, you may need to check filerewall settings on the remote computer. If manual connection to ADMIN$ also fails, it means that the ADMIN$ share is not enabled, or security policy described above is set to Guest only - local users authenticate as Guest, or you are using wrong authentication credentials.

 

In the domain environment, it is recommended to start PPA under the domain administrator's account.