Summary: It turns out that resetting an Windows account password is frighteningly easy, as long as you have access to the machine.
When I set up my machine I did set a password for the Administrator account, and then I promptly forgot it, since I never use that account. Now I need it. What can I do?
•
Do you have physical access to the machine?
Good.
You can reset any Windows password on that machine that you like.
And if that doesn't scare you, I really need to drive home a point.
•
First let's walk through what you need to do. The screen shots below are from my Windows Vista machine, but Windows XP and NT are also supported.
Obligatory caveat - this utility has been around for a while, and has a good reputation. However, as with any third party software that's going to operate on sensitive system areas, you are always at risk. Make sure you have a good backup of your machine prior to performing these operations. And of course use of utilities of this nature are entirely at your own risk.
First, download and burn to CD the Offline NT Password and Registry Editor. This is actually a highly customized version of Linux, that's designed to do exactly what the name implies: allow you to examine and edit the password information and registry of a Windows machine.
Boot from that CD you just burned. You'll end up with something like this on your screen:
Don't let all the stark plain text worry you, the process for what we're doing is actually pretty simple.
Here's the relevant portion of that screen, enlarged:
You can see that the utility has found multiple disks and/or partitions, and is asking which one I want to work on. In my case I know that the partition listed as the larger 1 (74207MB) is my Windows drive, so I enter 2 to select it and press Enter. Next:
After selecting the disk we want to use, the utility now asks us for the location of the registry. The utility has correctly guessed the location, Windows/system32/config, so all I need to is press Enter to move on.
Next it asks more specifically what it is we want to operate on:
In this case the default answer Password reset, which indicates which portions of the system are to be worked on, is the correct one so all I need to do is press Enter.
Now it asks what we want to do:
We're here specifically to operate on passwords, so once again the default answer of 1 is correct, and I simply press Enter.
Now things get interesting.
You can see here that the utility has listed all the user accounts on my machine: Administrator, Guest, and the account I actually login with, "LeoN".
It's asking which user account to operate on, and supplied "Administrator" as the default, so once again I press Enter, and we get to the reason we're here:
Now, obviously there are several choices here. My preference is to clear the password so that no password would be required to login, and of course make sure that the account is enabled. Once done, you can then login to the account in Windows and select a new password.
Use the "Quit" options and further prompts to save data to disk, exit the utility and reboot back into Windows.
Now, naturally, this has only been an overview of one type of operation. I recommend you familiarize yourself with the utility prior to using it, and review the documentation and FAQ on the web site.
•
So that was pretty simple, right? OK, maybe a little scary if you've never done something like that before, but you can see that it's pretty darned easy.
Reboot from CD, press enter (in most cases) a few times, and *poof* ... the administrator account password is reset and you have access once again.
So easy anyone could do it.
Anyone.
This is where you should be concerned.
Anyone with physical access to your machine can do what I've just described.
If you're in a position where folks with a motive or other random strangers can access your machine, you may want to rethink your physical security.
If it's not physically secure, it's not secure.
The ability to walk up with a CD, and "own" the machine with a reboot and a few keystrokes hopefully makes that pretty clear.
Related:
Article C3379 - May 12, 2008
Sounds interesting and possibly useful. ...
However,
1) the site you link to never loads, always gives me 'timeout' error (i do not get that error for any other website).
2) the computer that we have lost admin PW to is Dell D400 mini laptop which has NO CD & NO Floppy. But does (according to F2 setup) support USB boot.
3) would simply copying whatever is on that reset ISO (if i can get it from someplace else) to USB drive allow the USB to boot and reset?
Thx for all your good tips n helps.
2) I believe that there was a USB boot image, but I can't be sure without seeing the site.
3) No, in general I don't believe that a CD boot image can simply be extracted onto a USB device would work.
12-Dec-2008
I went and bought a $650.00 and locked myself out a month after I had. That was last year, so instead of buying a new start up disk or going to eBay Im going to try this.
Posted by: Barry Eason at January 1, 2009 12:55 AM************Barry***********
I have an emachine and this doesn't seem to work. Does anyone know of something that will work on the emachine? TKS in advance. BTW, the computer I was trying to download cd from had trojans and when I got rid of them then I could download.
Posted by: Granny Brenda at January 14, 2009 4:36 PMI download the program, ut it is asking me for a license key before I can get into my passwords. How can I get this key? What key would it want?
Posted by: Rebecca at January 29, 2009 7:37 AMMany thanks for this great tool. I used it to successfully reset the Administrator password on my old laptop (Windows XP) that I hadn't used for sometime. However, I subsequently became "daring" and chose to disable syskey. The result is that no user (including the administrator) can now log on to the computer. Is there anyway I can re-enable syskey or any other way of logging to the computer? Passwords for all users are currently shown to be blank and I cannot change them. Many thanks for your assistance.
Posted by: Ted at February 9, 2009 12:45 PMWill removing the battery from the motherboard lose all previously set password?
08-Apr-2009
Umm... I have a rather interesting issue. The machine i'm trying to get access to the administrator account for DOES NOT HAVE AN ADMINISTRATOR ACCOUNT! None of the Usernames can be identified as the ADMIN account, not even the account "Administrator". How do I get one?
Posted by: Ryan at August 21, 2009 8:48 AMI am such a n00b, and can't figure out how to "boot" my pc with the cd :s Help? :D
Posted by: Cancara at August 22, 2009 2:31 AMLeo,
If the laptop has Encryption Plus Hard Drive software, how do I boot from the CD after authenticating at the Encryption layer?
Thanks.
Posted by: Sam at September 11, 2009 9:44 PM26-Sep-2009