Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

On a new HP computer, it changed the boot account to HP


  • Please log in to reply
10 replies to this topic

#1 kephyr

kephyr

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:03:46 AM

Posted 02 November 2014 - 03:28 PM

I have a client with a new HP desktop with Window 8.1. I set it up for her to boot to the desktop with a local log-in using her name and no password. After using it for a few days, it started booting to the Start screen using the account name "HP" and we have no idea what the password is.  Everything is totally locked up with this account name. We can't even see her account. I used a couple different Password recovery software disks and none of them can touch this HP account and don't find her name anywhere. I ran recovery and set everything back to "as delivered."  I set up her account again with no password and booting to the desktop. She called me back last night to tell me it did the same thing again.

 

Does anyone have any idea what is going on here? An HP admin account taking over the computer on its own? Or is there some flaw in Windows 8.1 that doesn't like have a no password start up account? I haven't seen anything like this anywhere and haven't found anything searching on the internet.

 



BC AdBot (Login to Remove)

 


#2 JohnC_21

JohnC_21

  • Members
  • 24,301 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:46 AM

Posted 03 November 2014 - 11:36 AM

I have never heard of this. The only thing I would think could cause a user account to disappear and another account  password protected to take it's place would be if a person was able to access the computer remotely. Does the client use a router and if they do is the default user name and password still used? Remote access to the router should be disabled too. And WPA2 with AES should be the encryption method. WEP can be broken in minutes. Looking at the logs of the router would determine if somebody else was accessing the router. I would also set the client's account as a Limited User. Give a administrator account a strong password. The client could access the Limited Account without a password but would need it to install a program.  Having no password, it's too easy to just click okay on the UAC and let anything install.

 

For the problem of the HP account, look at this software. It would allow you to enable the hidden Administrator Account. Using this SuperUser account should allow you to delete the HP account. Here is a guide on it's use but the guide shows an older version of the software.



#3 kephyr

kephyr
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:03:46 AM

Posted 03 November 2014 - 12:31 PM

I am going to try another pass at getting the password, but enabling the hidden Admin account might be a better way around it. If I can't get or change the password for this HP account, I'm going to have her return the computer.

 

I've never seen anything like this either. I don't know if this is something caused by all the bloatware that HP puts in the machine or if it's an Win8 problem with just using a local account to log on. But I'm not that experienced with Windows 8 as I have advised all of my clients to stay away from it.

 

This is a desktop computer and is using only cabled ethernet. The router is a modem/router combination from the cable company that I can't access either (the access code printed on the label doesn't work), so maybe someone has hacked into it, but is that really very likely?



#4 JohnC_21

JohnC_21

  • Members
  • 24,301 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:46 AM

Posted 03 November 2014 - 12:59 PM

If the access code on the router does not work that I would be highly suspicious that somebody had hacked it. It's possible a hard reset on the Modem/router would take things back to default but I couldn't say for sure. I think the client should contact the cable company and tell them the access code on the router does not work and see what they say.

 

Edit: If the modem/router has wireless capabilities, I would disable wireless because the client only uses Ethernet. One less way for somebody to hack the modem/router. Is the client the only person in the household? It's always possible that someone with physical access to the computer did this.


Edited by JohnC_21, 03 November 2014 - 01:04 PM.


#5 kephyr

kephyr
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:03:46 AM

Posted 04 November 2014 - 08:28 PM

Finally got back to her computer.  The account didn't change; it still is logging her in as Dorothy. The problem is that it now wants a password when none was ever set for it. I have four different password reset/recovery boot disks and none of them work. I've booted up with xPUD and can't see the partition where Windows is loaded. I can see the Recovery partition OK.  So I'm thinking that HP has some kind of special boot partition from which it launches Windows.  Or is it the UEFI boot routine that Microsoft put in?

 

I thought I would try to boot from a Windows setup disk to try to get to a command prompt in the Recovery console, but it doesn't load the USB mouse and keyboard.

This is really puzzling!



#6 JohnC_21

JohnC_21

  • Members
  • 24,301 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:46 AM

Posted 04 November 2014 - 10:29 PM

By using the Offline Registry Editor I linked to you were not able to enable the Hidden Administrator Account? The computer would be UEFI. The computer also has a GPT disk and not MBR. In UEFI you need to Disable Secure Boot and Fastboot. Also enable Legacy Boot or it could be called CSM boot. Then return to SecureBoot UEFI Boot and Fasboot if that was disabled after repair.

 

I am surprised xPUD could not see the Windows Partition. You can try FatDog64. I think you would have better luck with that than xPUD. It supports booting UEFI but still need to disable Secure Boot and Fastboot.

 

Windows 8 would have a EFI System Partition which is FAT32, a Windows Reserved Partition, and then the partition with the OS along with the Recovery Partition. You will not see the Windows Reserved Partition in Disk Management, only by using DiskPart will you see it.

 

When the computer was first used, the client did not set up a Windows Live Account, correct? If she did not, I don't know how Windows would now want a password for here account.



#7 kephyr

kephyr
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:03:46 AM

Posted 11 November 2014 - 09:51 AM

Been playing with this off and on for a week now.

 

The Offline Registry Editor wouldn't load. It would get to a certain point and then error out. This also happens with some of the other Password recovery disks I've found.   FatDog64 is the only one so far that has completely loaded linux and can see the disk with Windows on it. However, it sees it as a read-only file system. I cannot write anything to the disk so I can't change or delete the password.  I ran the chntpw.static file from the ORE in a terminal program from a command line and got back a "read error: Read-only file system  Unable to open/read a hive, exiting."

 

When it was first set up, it was not done with a Windows Live account. I have no idea how any of this happened.

 

It looks like my only choice now it to run system recovery and start all over again. This time I'll set her up with a Live account and set passwords so at least we know what they are.



#8 kephyr

kephyr
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:03:46 AM

Posted 11 November 2014 - 08:03 PM

Made another discovery on this. Tried a different system rescue disk which booted another flavor of linux and had a tool to change read/write privileges on ntfs disks.  When I tried it, I got a message saying "Windows is hibernated. Unable to mount"

 

Possibly this happened because Windows went into hibernation mode even though this is a desktop unit. I never looked at the power settings. Is this a new thing with Windows 8 that it hibernates on desktop units?



#9 JohnC_21

JohnC_21

  • Members
  • 24,301 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:46 AM

Posted 11 November 2014 - 09:29 PM

I would be interested to know which linux tool you used to change read/write privileges on the drive. I never had trouble with read write issues using Puppy which FatDog is based on. FatDog and Puppy auto logs in a root. I know Hibernate writes to disk. You can hibernate desktops in Windows 7 using the power settings but I don't think it is activated by default in 7 or 8.

 

http://www.pcadvisor.co.uk/how-to/windows/3428879/how-activate-hibernation-mode-in-windows-7-8/

 

 

Hybernate mode in Windows 8

Just like in Windows 7, the hibernation mode is usually nowhere to be found in the default configuration. Unlike Windows 7 however, it has since been granted a dedicated option to turn it on or off in the energy settings, making the activation process slightly more comfortable.

First, head on into the control panel and search for the entry "Power options". Search on the left side for the option "Choose what the power buttons do" and click it. In the following window, activate the option "Change settings that are currently unavailable", which will likely require you to confirm administrator rights. After the window has refreshed itself, scroll down to the bottom to find all different options to turn off your computer neatly summed up in the "Shutdown settings" section. If the box for "Hibernate" isn't ticked, remedy that and click on "Save changes".

Tip: You can also bind the hibernate setting to the power or sleep button on the side of your PC or laptop. Simply select it in the corresponding drop-down menus in the "Power and sleep button settings" section

 


Edited by JohnC_21, 11 November 2014 - 09:30 PM.


#10 kephyr

kephyr
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:03:46 AM

Posted 12 November 2014 - 09:42 PM

OK. So I've managed to fix it. I downloaded the Windows ADK and created a WinPE boot disk. That got me a command prompt so that I could use the routine I found here:

 

http://pcsupport.about.com/od/windows-8/a/reset-password-windows-8.htm

 

And just in time, as I got a phone call from a new client who has a Acer laptop that did the same thing:  Windows 8.1 set up with a local account only, where the computer either goes to sleep or hibernates and wakes up demanding a password different from the one the user set up.

 

On both machines I went through all the settings and made sure that they would never Hibernate and not require a password waking up from Sleep.

 

But I tried more linux based password reset routines than I care to think about. Used to work on Unix machines 20-25 years ago and forget most of it, and that's why I've never gotten into linux much, so I'm not sure why none of them worked.



#11 JohnC_21

JohnC_21

  • Members
  • 24,301 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:46 AM

Posted 12 November 2014 - 09:53 PM

Thanks a lot for the link and an update on this. I knew about the net user command to give a password but not thq idea of giving the Ease of Access the command prompt. Good to know about the hibernate issue with Windows 8. After seeing all these problems with WIndows 8, I like my Ubuntu Unity more and more. It's been rock solid.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users