Adventures in Disabling VgaSave


This story is long and probably amusing to people who aren’t me. I’m posting it for your enjoyment. Chalk this one up in the “worst personal IT experience so far” column…

I was at a friend’s place and her roommate’s DVD player on her notebook computer wasn’t working properly. It said something like “requires DDraw, cannot use the current display mode”.

So I thought maybe she didn’t have the latest version of DirectX. I went to the Windows Update web site, and before I could check to see if she had installed DirectX I had to download a bunch of security updates. Install updates and reboot three times only to discover that she doesn’t need a DirectX update. D’oh.

So I check the video driver. Blank. Blank? Yep. I click on Adapter –> Properties and it says “VgaSave”. I was like WTF? So I go to the laptop’s manufacturer (Acer) to get the real video drivers, try to install them and it says that the current drivers are in use, so I have to disable them to install the new ones. OK, so I disable VgaSave.

I still can’t install the new drivers, and I install a notebook status tool from Acer thinking that maybe it can fix the driver problem. After installation it wants a restart, so I restart.

On reboot the machine shows the product screen (Acer), then the Windows loading bar animating and then nothing. Blackness. OK, I had no idea what was wrong at this point so I try to boot into safe mode. Nope, doesn’t work. Command prompt? Nope. I can’t do anything. Everything else still works though. I can hear the sound, and the computer is thinking like it’s booting up.

So I look up VgaSave online and find this page on Wikipedia. Crap! I just screwed the pooch completely.

Luckily, the computer’s owner has a good sense of humour (and some blind faith)! I look up how to fix this problem. Apparently VgaSave is a fallback video service for NT operating systems. When your video card doesn’t work, or you use Safe Mode, it uses VgaSave. If you disable this service you have no fallback! That’s where I was.

So I needed to re-enable the service and I read that I can do this through the NT Recovery Console (RC), which requires the administrator password. I boot up the RC and try a blank Administrator password. No go. I ask the notebook’s owner for some possible passwords. No dice. I try stupid common ones like password, god, etc. Nope.

The last Windows install on this machine was done by CompuSmart, a computer repair shop in Ottawa. They would have set the Administrator password on install, probably to blank. But blank didn’t work! So I search the net more info…

Apparently because of security, XP changed the way it stores passwords internally. This changed sometime between the original release of XP and now, though I couldn’t pinpoint exactly when. The RC I was using was from the XP CD (SP 1a) and I thought maybe it read the passwords the old way. So I downloaded the bootdisk maker from Microsoft’s web site to get the new RC. It’s SIX DISKS and it takes about 5 minutes to make ’em all.

I make the six disks on another machine and take them to the notebook. Using boot disks takes a long time, probably ten minutes. I get to disk 5 and it won’t read. I redo the disks with the same disks and disk 5 is still toast. I redo them AGAIN with a new disk for disk 5 and I get an error that a file on the disk was corrupted: means bad boot disk maker!

At this point I was calm on the outside, snapping on the inside and thanking God I’m not an IT administrator and actually do this for a living. At that point it was late so I gave up for then, and took the machine with me.

So today I’m still fooling around with it some more. The blank Adminstrator password doesn’t work with XP Home boot disks. It doesn’t work with XP Home SP1, XP Pro SP1, XP Home SP2 boot disks. I actually made the boot disks for them all. No dice.

I call up CompuSmart and ask them about the Administrator passwords for new systems. The dude said “we leave them blank”. Ok. The blank passwords didn’t work on any version of RC! I was stuck.

At this point, I was at my last resort: use a 3rd party utility to change the Adminstrator password. Microsoft obviously does not recommend doing this — the only ways Microsoft recommends changing the Adminstrator password is through the GUI in XP or a password reset disk. Obviously I couldn’t get in the GUI — and who actually makes recovery disks? Not students. I was out of official options.

So I downloaded a neat little tool called the Offline NT Password and Registry Editor (ONTPRE). It actually boots into Linux(!), and edits the Windows registry, including the SAM file that contains all of the users and passwords.

So I get into ONTPRE and check out the users. Administrator is disabled and locked. Good lord, Compusmart lied to me. My urge to tear my hair out after this ordeal is wrestled to the ground by a feeling of relief. I didn’t have to reformat. That is good news. Thank you, ONTPRE!

So I boot up RC (with the six boot disks, natch), use the blank Administrator password and voila, I’m in the RC. To enable VgaSave again, I just typed.


at the RC command line.

Rebooted the machine and everything is back to normal. Will I try to screw with this machine some more to actually get the drivers working properly? Hell yes, because now I know how to fix it if I screw up again. Ha. 🙂

update: after yet ANOTHER hiccup, this time installing XP service pack 2, I’m all done. I got an error midway through the installer and had an error dialog that wouldn’t go away, so I had to force quit the installer. Then Windows Update thought I had the full SP2, so I had to uninstall the partial and redo the install again.

You should have seen the spyware that Ad Aware found on this machine. I’ve never seen that much on one computer before. Now IE is hiding and Firefox is on the desktop. If you don’t want spyware or random popup windows, you should use Firefox too.