DelphiFAQ Home Search:

How to get into Windows when you lost the Administrator password

 

comments9 comments. Current rating: 5 stars (2 votes). Leave comments and/ or rate it.

Question:

I lost the Administrator password and do not have any other account. How can I get into my Windows installation, reset the admin password and create new user accounts?

Answer:

First some introduction information. Windows NT - from now on NT - came out in the late 80ies and brought the file system NTFS = New Technology File System. NTFS is superior to MS-DOS's, Windows 95 and Windows 98 file system. For this article most relevant is that you give access rights - typically on directory level. Certain folders may be accessible only to certain users.
The administrator can access all folders and the execution of some programs requires admin rights, which makes the admin account very important.

So there you are, in front of that NT box with a NTFS partition/ hard disk and you want that admin password and don't know it. Here's my toolbox of dirty tricks:
  1. The official way - I guess this is what Microsoft would answer:
    "Reinstall Windows NT"

    Takes a minimum of 30 minutes. Works guaranteed, but you lose your settings. To fully restore the settings, it would take days.

  2. A quickie for read access: NTFSDOS.EXE

    This is a nice little tool that I use since it came out in 1996. It's FREE and I love it! To use it, you need a MSDOS boot floppy. Go to a Win98 computer that carries DOS 7.0 - this version does long file names. At the DOS prompt create a bootable floppy with
    format a: /s
    Get NTFSDOS.EXE from http://www.sysinternals.com and put the 40kB small EXE file on the boot floppy.
    Then have the NT computer boot from that floppy (you might need to change the BIOS to make it boot from floppy instead of from hard disk right away).
    After booting, you'll be at the DOS prompt. Run the program NTFSDOS and it will mount all NTFS partitions that it can find.
    This is supposed to work even for the latest version, NTFS5. I have only NTFS4 on my computers, so I cannot verify this.

    You can now read any file/ execute any console program, e.g. you can copy stuff over to your floppy disk or to a network drive, but no write access. And of course you won't find out the encrypted admin password.

    Such a tool just bypasses the security that the operating system grants.

  3. Read & write access with "NTFSDOS Pro" ($149) or better "ERD Commander" ($250 - $325)

    Available at http://www.winternals.com/
    Works basically like NTFSDOS as described in 2), but you get write access. ERD 'pro' can replace the unknown admin password with a new one.

  4. Dirty trick - slip the system a command prompt!

    This one gives you full read/write access, and admin access. It does not work on Windows 2000 anymore.
    So, you sit and stare at the login prompt for a while, and the screen saver will come up. Here comes our attack. We replace the screensaver with a different program which will not ask for a password.
    Usually you can log in with a guest or regular user account. Do that and go to the directory WindowsSystem32 and replace the login screensaver with the command line prompt.

    cd \Windows\System32
    ren logon.scr login.bak
    copy cmd.exe logon.scr


    To save time, you might want to change the time out in the registry from 900 seconds to something shorter, but that goes to far in an epinion. (search under HKEY_USERSDEFAULT)

    Then reboot, and just wait for the screensaver to come up. It will be the command line prompt and you'll have access to the computer. Full access! You can run the user manager, create a new account and give it admin privileges or just change the admin password...

    Also don't forget to restore the original screen saver.


Advice for administrators who want to protect their computers:
  1. Put a password on your BIOS and disable booting from floppy or CD-ROM. This rules out NTFSDOS and Co.
  2. Maybe even physically lock your computer so that the hard disk cannot be removed and put in a different computer where the attacker can boot from floppy disk
  3. I don't know how to protect your machine against the last attack. It obviously only requires a working regular account.


Finally a note to Linux fans. Bypassing the OS with a boot floppy is independent from Windows a threat. I bet there are or will be tools that mount a Linux ext2 partition from DOS. Just a matter of time and demand.



Comments:

2009-09-18, 17:40:48
anonymous  
rating
awesome thnx :)
2009-11-20, 20:58:55
anonymous from China  
Last month , i lost my windows administrator password. Eventually , I solved my problem with the help of windows password key. It works perfectly to reset any local user account to a blank password.
Just an easy to use bootable CD/DVD . It can also be used on a USB Flash Drive. You can download it from: http://www.lostwind..word.com/.
2009-12-08, 21:58:26
anonymous  
hi... i have a similar problem. I'm a greek and recently sloved it by windows password key 8.0. It works very prefect to regain your password .Also use bootable CD/DVD.
I have download it from this website : http://www.lostwind..sword.com



Keywords:
2009-12-24, 19:03:08   (updated: 2009-12-24, 19:05:15)
PWRecovery from China  
rating
Forgot or lost Windows password? reset Windows 7 password with Password Unlocker Bundle, one of whose functions is to recover windows password for Windows NT 4.0, Windows 2000, Windows XP, Windows 2003 Server, Windows Vista, Windows 7. ect. This password recovery Bundle ( http://www.password..locker.com ) is based on friendly GUI, even a computer novice can control the whole process freely. Besides, password unlocker bundle saves a lot trouble. It helps to create a windows password reset CD, with which, you can remove the admin password ( http://www.password..s/wpu.html ) even you have logged out the computer, yet no reinstalling, no data loss!
Password Unlocker Bundle is a professinaol password recovery kit, which contains series of password recovery tools: Windows password recovery, PDF password recovery, MS documents password recovery, MS Excel password recovery, WinZIP/ZIP password recovery, WinRAR/RAR password recovery, MS SQL password recovery, Internet password recovery, Windows Live/MSN password recovery, MS Access password recovery, Outlook password recovery, and Outlook Express password recovery, etc., No matter you are at home or in office ,the bundle helps to reset the password we forgot or lost. To grasp the opportunity.
2010-01-19, 01:43:37
anonymous from China  
I ever used a windows password recovery software to reset windows administrator password to blank,it need not to reinstall or reformat the windows os, with no data lose,the tool is 'Any Windows Password Recovery 3.0 ',its easier,you could have a try.

The link to windows password recovery soft:
http://www.anypassw..load.html
2012-12-26, 21:43:13
anonymous from China  
Well, I had met the headache things that I had forgotten Windows administrator assword. The login screen rejected my passwords. I was frustrated because there was very important data on my disk and I couldn't reinstall the OS. ............. However, I fortunately got to know the Windows Password Recovery Tool and solve my promblem. You can have a try any of them.
Windows Password Recovery Tool ( http://www.windowsp..covery.com )
2013-05-17, 01:50:04
[hidden] from United States  
The experience that I fogot windows password happened to me a few weeks ago.
My classmate recommend me to take use of the Reset Windows Password utility,
which is very smart and just take me a short time to reset a newly password.
it’s great!
http://www.top-pass..sword.html
2016-10-15, 05:57:40
ffansszi from China  
UUkeys Windows Password has worked fine for us on customer machines. Worst case is unlock the admin account, then change the user password in command line. If it is an online account, you have to do it online:
http://www.uukeys.c..sword.html
2017-06-25, 21:24:00
Naskeer from China  
You may try some free software to recover the password, for example, try Ophcrack, a professional software to recover windows 10 password, if it does not help, try this windows password unlocker, which can help you create a password reset disk and reset the password, see details here:how to reset windows 10 password
https://www.recovery..sword.html

 

 

NEW: Optional: Register   Login
Email address (not necessary):

Rate as
Hide my email when showing my comment.
Please notify me once a day about new comments on this topic.
Please provide a valid email address if you select this option, or post under a registered account.
 

Show city and country
Show country only
Hide my location
You can mark text as 'quoted' by putting [quote] .. [/quote] around it.
Please type in the code:

Please do not post inappropriate pictures. Inappropriate pictures include pictures of minors and nudity.
The owner of this web site reserves the right to delete such material.

photo Add a picture: