HOW TO: Get back in Windows after losing your password


----------------

Lost your Windows Password?Hey there GAS readers! AskTheAdmin here guest posting on how to recover YOUR Windows password. This is not meant as a how-to hack your friend, girlfriend, dog or lover’s computer, but as a way to get you back into your Windows machine as a last resort. If you have another username and password on this machine, use that. If you can have your administrator reset it for you – do that. But when all else fails there is always a back door!

First we will go over how to recover your password from a Windows XP/Vista/2000/2003/NT machine. I have heard that it also works on Server 2008 but I have not had a chance to test it for myself. You have to have physical access to the machine and be able to boot to a CD or Floppy drive. You also have to be able to download and burn the boot disk – meaning you will need another computer to get you into the machine whose password you somehow cannot remember.

So if you’ve warped your brain trying to remember that password and it just doesn’t come back to you, then you are ready to visit this website:


home.eunet.no/pnordahl/ntpasswd/

That is the home of the infamous Offline NT Password & Registry Editor. I have been using this guy for years now and it has always gotten me out of trouble. I’ve had plenty of late nights doing server rollouts, and in the morning, one machine’s password just seemed to elude me… but I digress.

So go and download yourself the latest version, which was 080802 at the time of this article. You can grab either the CD or Floppy image from the download page here. Once you have your image, you will need to burn it to a CD or write it to a floppy disk. Remember, whatever format you create, you need to be able to boot to it on the machine in question.

The CD download is a zip file containing a single ISO file. You will need a burning tool to burn this to disk. You can use Nero, ECDC or any of the free ISO burners like Free Iso Burner. The floppy zip file contains three files – a BIN, a BAT, and an EXE. You need to extract all three, then run the BAT file with a empty formatted floppy in the drive. Now that we have created our rescue tool, we need to restart the machine and boot on the CD or floppy. We also have to make sure the computer’s bios is set to check the drives for a bootable source. This can normally be done by pressing F2 (On Dell systems) or another key during boot. It is usually displayed on the screen right after the BIOS logo.

When your machine recognizes the boot CD, it might ask you to press any key to boot on it. Normally, the floppy disk will boot without intervention. This is when the magic starts.

You will see a small Linux-like operating system booting off of your media. This is called a “LIVE” operating system. This is how we will be able to access and modify your password on the partition.

NOTE: If you are on a Windows XP machine or newer, the user for which you will be changing the password cannot have any EFS encrypted files in his profile because they will become unreadable after the procedure… or at least until you can remember the original password. But having said that, let’s go change your password!

We will just hit enter to continue the booting process. This command prompt is there in case you need to load additional drivers to support your installation – this is usually not necessary, and 9 times out of 10, we just boot into our Linux environment.

First, we need to tell the program where our Windows installation is. Let’s just hit “l” to show probable NTFS partitions. Next, it will return a prompt if it finds multiple installations. If you only have one installation, you will see something like the following screen. In this case just hit enter to accept the default registry location.

Next, it will ask us what we want to do. We want access to our machine! We will choose 1 from this menu to allow us to recover or remove a password. We can also unlock accounts using this option.

Then, we will select 1 again to go to the password reset option as seen below

Now we will see all the user accounts on our windows installation. We will use the guest account in this instance and we will be BLANKING the password instead of changing it. This almost always works whereas changing the password does not always. So take it from me – just use a blank password and change it when you get back into the system! The less chances of failure, the better.

Type Guest and hit enter.

Hit 1 to blank the password, 2 to edit it, and 3 to promote the user to the “administrator” level. Option 4 will unlock a locked account.

You hit 1 and your account’s password is now blank. Don’t go restarting the computer yet though! We need to write the modifications back to the NTFS partition. At this point the changes are in memory but have not been applied.

Back out of the menus. I believe it is “!” then “Q” to quit.

You will then be prompted to write the changes back to the partition. Write your changes, reboot your system, log into your Windows installation with a blank password and GO CHANGE IT TO SOMETHING YOU WILL REMEMBER!

Do you have a better way of doing this? Another tool or method? Well then share it with our readers in the comments!





63 Responses to HOW TO: Get back in Windows after losing your password

    • Man, you rock!!! Thanks a lot for this one. Simple as hell. After a whole day of search.
      Million thanks. This should be the first option for all users. I fucking love you dude.

  1. Wow, great article Karl. I’ve used that password reset tool several times, so I can vouch for how well it works. I’ve ALWAYS had to reset to the admin password to blank though.

    • Wow you sure found it fast TJ! Thanks for the kind words and stopping by. This is the one tool that I have used since back in the day that I continue to use and recommend!

    • Did you wind up recovering your WP password? I have a few tricks up my sleeve for that one as well :)

      I am glad you liked the article. You Geeks sure are nice around here!!

        • *sigh*

          “Lost your password” is right there in the log-in screen… Enter your username or email and get either the password sent to you or an email link to reset the password (I can’t remember which).

          I didn’t realise it was that tricky?

          So long as you use the ‘secondary email’ fields on freemail accounts and use your real email for blogs/website accounts, you’ll be good to go if you ever lose your password.

          And if you aren’t using your real email for blogs/websites, there’s probably something less than savoury happening at your end of things anyway.

        • Dear Sir.i m forget my administrator paaword.so i request to u how about my password cracking.

  2. I’ve read your articles on other sites. They’re always a great read just like this one. Awesome how-to . I just tried this and it worked perfectly the first time…

  3. Wow, great article Karl. I've used that password reset tool several times, so I can vouch for how well it works. I've ALWAYS had to reset to the admin password to blank though.

    • Wow you sure found it fast TJ! Thanks for the kind words and stopping by. This is the one tool that I have used since back in the day that I continue to use and recommend!

  4. Fantastic article! I've lost my password to my wordpress blogs and other critical thingees, but have yet to mangle my windows. I'll print this article out should that happen!

    Thanks, Barbara

    • Did you wind up recovering your WP password? I have a few tricks up my sleeve for that one as well :)

      I am glad you liked the article. You Geeks sure are nice around here!!

        • *sigh*

          "Lost your password" is right there in the log-in screen… Enter your username or email and get either the password sent to you or an email link to reset the password (I can't remember which).

          I didn't realise it was that tricky?

          So long as you use the 'secondary email' fields on freemail accounts and use your real email for blogs/website accounts, you'll be good to go if you ever lose your password.

          And if you aren't using your real email for blogs/websites, there's probably something less than savoury happening at your end of things anyway.

        • Dear Sir.i m forget my administrator paaword.so i request to u how about my password cracking.

  5. I usually use ophcrack:

    ophcrack.sourceforge.net

    It’s worked to show me the windows password in many sticky situations.

  6. I've read your articles on other sites. They're always a great read just like this one. Awesome how-to . I just tried this and it worked perfectly the first time…

  7. I usually use ophcrack:

    ophcrack.sourceforge.net

    It's worked to show me the windows password in many sticky situations.

  8. Uhmm why go through all that trouble?? when any normal windows system you can boot it into safe mode F8 and use the administrator account ( which should not be password protected) and access the user accounts via the control panel and change the users password that way! .. The only way I see this being used here is if some moron passwords the Administrator account on a Windows machine to the point even in safe mode it wont let you in then the person needs to re think about how bad they really need that much security set!! ? I mean come on ! if I were a criminal and I were to break into a office or a house and think I would just sit down at a computer and try to break into it ? Hell no I would just take the whole machine ! and take the hard drive out and connect it to another machine if i really wanted the data that bad! but who does that these days ! Normal everyday users really need to ease up on the password stuff! LOL!! geeesh!

    • “…and use the administrator account ( which should not be password protected…”

      WHAT??!???! I am sorry but that is a huge security hole! You need to give you administrator account a password IMMEDIATELY! For real – it has nothing to do with a criminal breaking into your house and emailing your girlfriend nasty pictures – it is about websites and rootkits hitting your hard drive because you are using the default ADMINISTRATOR username and a blank password!

      You will get rooted in minutes on the internet with no protection!

      You should seriously rethink this PJ! If you don’t believe me ask someone else!

    • when any normal windows system you can boot it into safe mode F8 and use the administrator account ( which should not be password protected) and access the user accounts via the control panel and change the users password that way!

      BLASPHEMY! Please read Karl’s reply just before this one.

  9. Good to see Karl get some much deserved notoriety. I’ve enjoyed his Ask the Admin for years. Go Karl!

  10. Uhmm why go through all that trouble?? when any normal windows system you can boot it into safe mode F8 and use the administrator account ( which should not be password protected) and access the user accounts via the control panel and change the users password that way! .. The only way I see this being used here is if some moron passwords the Administrator account on a Windows machine to the point even in safe mode it wont let you in then the person needs to re think about how bad they really need that much security set!! ? I mean come on ! if I were a criminal and I were to break into a office or a house and think I would just sit down at a computer and try to break into it ? Hell no I would just take the whole machine ! and take the hard drive out and connect it to another machine if i really wanted the data that bad! but who does that these days ! Normal everyday users really need to ease up on the password stuff! LOL!! geeesh!

    • "…and use the administrator account ( which should not be password protected…"

      WHAT??!???! I am sorry but that is a huge security hole! You need to give you administrator account a password IMMEDIATELY! For real – it has nothing to do with a criminal breaking into your house and emailing your girlfriend nasty pictures – it is about websites and rootkits hitting your hard drive because you are using the default ADMINISTRATOR username and a blank password!

      You will get rooted in minutes on the internet with no protection!

      You should seriously rethink this PJ! If you don't believe me ask someone else!

    • when any normal windows system you can boot it into safe mode F8 and use the administrator account ( which should not be password protected) and access the user accounts via the control panel and change the users password that way!

      BLASPHEMY! Please read Karl's reply just before this one.

  11. Good to see Karl get some much deserved notoriety. I've enjoyed his Ask the Admin for years. Go Karl!

  12. Good article. I usually use ophcack but its clearly a lot easier to use this tool than to brute force your way in.
    I usually do the whole Safe Mode and then go into the Admin account thing because 80% of Windows users have no clue about security (some of them don’t even know they have a Admin acct).
    This method will probably get me out of all situations now, thanks!

  13. Good article. I usually use ophcack but its clearly a lot easier to use this tool than to brute force your way in.

    I usually do the whole Safe Mode and then go into the Admin account thing because 80% of Windows users have no clue about security (some of them don't even know they have a Admin acct).

    This method will probably get me out of all situations now, thanks!

  14. coming through courtesy of AskTheAdmin.com….Great article, I pray i’ll never have to use it though…LOL

  15. coming through courtesy of AskTheAdmin.com….Great article, I pray i'll never have to use it though…LOL

  16. Thank you for writing such a clear and concise article! In just a few short minutes I was able to change the administrator password on my child’s computer, and to think I only set an admin password to be sure that “he” didn’t mess up the operating system!

  17. Thank you for writing such a clear and concise article! In just a few short minutes I was able to change the administrator password on my child's computer, and to think I only set an admin password to be sure that "he" didn't mess up the operating system!

  18. Long time ago , I confronted with the similar problem. Finally, my friend Jane introduce the Windows Password Reset Kit 1.5. It help me access windows. It's worth a try!

  19. I realize a safe method to remove the password and it need no reinstalling Windows. The program is called Windows Password Seeker which has been recommended at about.com. You can Google Windows Password Seeker or download it from passwordseeker.com. It can reset almost all Windows passwords in seconds. It also compatible with windows 7.