Hey there GAS readers! AskTheAdmin here guest posting on how to recover YOUR Windows password. This is not meant as a how-to hack your friend, girlfriend, dog or lover’s computer, but as a way to get you back into your Windows machine as a last resort. If you have another username and password on this machine, use that. If you can have your administrator reset it for you – do that. But when all else fails there is always a back door!
First we will go over how to recover your password from a Windows XP/Vista/2000/2003/NT machine. I have heard that it also works on Server 2008 but I have not had a chance to test it for myself. You have to have physical access to the machine and be able to boot to a CD or Floppy drive. You also have to be able to download and burn the boot disk – meaning you will need another computer to get you into the machine whose password you somehow cannot remember.
So if you’ve warped your brain trying to remember that password and it just doesn’t come back to you, then you are ready to visit this website:
That is the home of the infamous Offline NT Password & Registry Editor. I have been using this guy for years now and it has always gotten me out of trouble. I’ve had plenty of late nights doing server rollouts, and in the morning, one machine’s password just seemed to elude me… but I digress.
So go and download yourself the latest version, which was 080802 at the time of this article. You can grab either the CD or Floppy image from the download page here. Once you have your image, you will need to burn it to a CD or write it to a floppy disk. Remember, whatever format you create, you need to be able to boot to it on the machine in question.
The CD download is a zip file containing a single ISO file. You will need a burning tool to burn this to disk. You can use Nero, ECDC or any of the free ISO burners like Free Iso Burner. The floppy zip file contains three files – a BIN, a BAT, and an EXE. You need to extract all three, then run the BAT file with a empty formatted floppy in the drive. Now that we have created our rescue tool, we need to restart the machine and boot on the CD or floppy. We also have to make sure the computer’s bios is set to check the drives for a bootable source. This can normally be done by pressing F2 (On Dell systems) or another key during boot. It is usually displayed on the screen right after the BIOS logo.
When your machine recognizes the boot CD, it might ask you to press any key to boot on it. Normally, the floppy disk will boot without intervention. This is when the magic starts.
You will see a small Linux-like operating system booting off of your media. This is called a “LIVE” operating system. This is how we will be able to access and modify your password on the partition.
NOTE: If you are on a Windows XP machine or newer, the user for which you will be changing the password cannot have any EFS encrypted files in his profile because they will become unreadable after the procedure… or at least until you can remember the original password. But having said that, let’s go change your password!
We will just hit enter to continue the booting process. This command prompt is there in case you need to load additional drivers to support your installation – this is usually not necessary, and 9 times out of 10, we just boot into our Linux environment.
First, we need to tell the program where our Windows installation is. Let’s just hit “l” to show probable NTFS partitions. Next, it will return a prompt if it finds multiple installations. If you only have one installation, you will see something like the following screen. In this case just hit enter to accept the default registry location.
Next, it will ask us what we want to do. We want access to our machine! We will choose 1 from this menu to allow us to recover or remove a password. We can also unlock accounts using this option.
Then, we will select 1 again to go to the password reset option as seen below
Now we will see all the user accounts on our windows installation. We will use the guest account in this instance and we will be BLANKING the password instead of changing it. This almost always works whereas changing the password does not always. So take it from me – just use a blank password and change it when you get back into the system! The less chances of failure, the better.
Type Guest and hit enter.
Hit 1 to blank the password, 2 to edit it, and 3 to promote the user to the “administrator” level. Option 4 will unlock a locked account.
You hit 1 and your account’s password is now blank. Don’t go restarting the computer yet though! We need to write the modifications back to the NTFS partition. At this point the changes are in memory but have not been applied.
Back out of the menus. I believe it is “!” then “Q” to quit.
You will then be prompted to write the changes back to the partition. Write your changes, reboot your system, log into your Windows installation with a blank password and GO CHANGE IT TO SOMETHING YOU WILL REMEMBER!
Do you have a better way of doing this? Another tool or method? Well then share it with our readers in the comments!