Sunday, September 21, 2008

Reset or recover Windows Administrator password

First off, this post is not meant to promote hacking in any way. Please use this information only if you legitimately need to recover an administrator password for a Windows computer that you own or are responsible for managing. If you're looking for information regarding resetting or recovering an admin password for Mac OS X, check out my other post. I know this works for Windows XP Home and Professional because I've used it multiple times. I believe it is supposed to work for Windows Vista as well, but I've never tried it so you'd have to test it at your own risk. One thing I do know is that if you try to modify the administrator password on a disk that is encrypted, all files will be unreadable until you return the password to the original as that's the only entry that will decrypt those files, so keep that in mind as well.

Ok, for starters, you're going to need to download the Ultimate Boot CD, which you can get here. You can then use the download to burn to a CD, which will create a bootable CD with a lot of useful programs you can use on the computer in question. I've used the UBCD numerous times to reset passwords or perform other maintenance.

Once you've downloaded the CD files, and burned the downloaded image to a CD, the next step is to insert the CD in the computer and turn it on. You'll need to make sure it boots from the CD. Most computers will by default. Otherwise you may have to try to figure out how to get into the BIOS to change the boot order, or look for a key to press to activate a one-time boot menu option, where you'd want to choose the CD-ROM drive.

After you get the UBCD loaded and running, you need to go to Filesystem Tools->NTFS Tools->Offline NT Password & Registry Editor. That is the program you'll need to run in order to modify the administrator password. Highlight it, press Enter, then follow the prompts.

When the NT Password Editor has loaded, read the prompts. Typically the default in [ ] is what you want, and if it is, just hit Enter to get to the next prompt. Once you get to where you can reset the password to what you want, the easiest thing to do is just use *, which means to blank the password out. Then use !, then q to quit. When asked if you want to save, be sure to use y to signify yes, otherwise the password will not be changed. You will then get a success/failure message. If it was successful, you can eject the CD and restart the computer. If it fails, feel free to try again, however it's more than likely that it won't work.

Once the computer has rebooted, let it go to the normal Windows login screen. Here you'll want to sign in with administrator (or whatever user account you reset) and leave the password field empty (or enter whatever you changed it to if you didn't blank it). If the computer was on a domain, make sure it's set to login locally. You can't reset domain accounts using this method, as they're stored in Active Directory and would need to be changed on a domain controller by a system administrator. Once logged in, you can go and reset the password to whatever you want, and reset whatever other account passwords you need to change.

This process is surprisingly simple, and pretty scary. Being so simple means that almost anyone could download the UBCD and break into your computer to get your files. In order to protect yourself, there are a few things you could do. The easiest would be to go into your BIOS and set three things: BIOS password, Hard drive password, and boot order to boot from the hard drive first. Setting those three things would render the UBCD useless. You could always go back into the BIOS and clear those settings so it goes back to normal if you don't like it that way. Setting the hard drive password also eliminates the possibility that you could put the drive in another computer to read the information from, which can be done otherwise without any need for an administrator password. Trust me, I used to work for a data recovery company and I bet that a lot of people don't even realize how easy it would be for someone to walk in and steal all the data from their computer without knowing any password for it. That's why I recommend those three BIOS settings, because they practically eliminate that possibility. The way I look at it is if they can get past those three, then they deserve to have my data

The creator of the Offline NT Password & Registry editor tool has his own instructions for using the tool to reset the password, so if mine were confusing or not thorough enough, feel free to check his page here.

No comments: