Helping people with computers... one answer at a time.
It turns out that resetting an Windows account password is frighteningly easy, as long as you have access to the machine.
When I set up my machine I did set a password for the Administrator account, and then I promptly forgot it, since I never use that account. Now I need it. What can I do?
Do you have physical access to the machine?
You can reset any Windows password on that machine that you like.
And if that doesn't scare you, I really need to drive home a point.
First let's walk through what you need to do. The screen shots below are from my Windows Vista machine, but Windows XP and NT are also supported.
Obligatory caveat - this utility has been around for a while, and has a good reputation. However, as with any third party software that's going to operate on sensitive system areas, you are always at risk. Make sure you have a good backup of your machine prior to performing these operations. And of course use of utilities of this nature are entirely at your own risk.
First, download and burn to CD the Offline NT Password and Registry Editor. This is actually a highly customized version of Linux, that's designed to do exactly what the name implies: allow you to examine and edit the password information and registry of a Windows machine.
Boot from that CD you just burned. You'll end up with something like this on your screen:
Don't let all the stark plain text worry you, the process for what we're doing is actually pretty simple.
Here's the relevant portion of that screen, enlarged:
You can see that the utility has found multiple disks and/or partitions, and is asking which one I want to work on. In my case I know that the partition listed as the larger 1 (74207MB) is my Windows drive, so I enter 2 to select it and press Enter. Next:
After selecting the disk we want to use, the utility now asks us for the location of the registry. The utility has correctly guessed the location, Windows/system32/config, so all I need to is press Enter to move on.
Next it asks more specifically what it is we want to operate on:
In this case the default answer Password reset, which indicates which portions of the system are to be worked on, is the correct one so all I need to do is press Enter.
Now it asks what we want to do:
We're here specifically to operate on passwords, so once again the default answer of 1 is correct, and I simply press Enter.
Now things get interesting.
You can see here that the utility has listed all the user accounts on my machine: Administrator, Guest, and the account I actually login with, "LeoN".
It's asking which user account to operate on, and supplied "Administrator" as the default, so once again I press Enter, and we get to the reason we're here:
Now, obviously there are several choices here. My preference is to clear the password so that no password would be required to login, and of course make sure that the account is enabled. Once done, you can then login to the account in Windows and select a new password.
Use the "Quit" options and further prompts to save data to disk, exit the utility and reboot back into Windows.
Now, naturally, this has only been an overview of one type of operation. I recommend you familiarize yourself with the utility prior to using it, and review the documentation and FAQ on the web site.
So that was pretty simple, right? OK, maybe a little scary if you've never done something like that before, but you can see that it's pretty darned easy.
Reboot from CD, press enter (in most cases) a few times, and *poof* ... the administrator account password is reset and you have access once again.
So easy anyone could do it.
This is where you should be concerned.
Anyone with physical access to your machine can do what I've just described.
If you're in a position where folks with a motive or other random strangers can access your machine, you may want to rethink your physical security.
If it's not physically secure, it's not secure.
The ability to walk up with a CD, and "own" the machine with a reboot and a few keystrokes hopefully makes that pretty clear.