I’m sure you’ve already encountered the situation. It can happen that after some time, you just forget about the admin password on some systems and you need to perform a reset action. I have to admit it, it happen to me quite recently. A customer called me back to fix a specific problem on a server that was installed one year ago. I had transmitted the user account and password information to the customer but unfortunately somebody change the admin password and nobody didn’t know anymore.
In such situation, you can use a plethora of tools in order to reset the administrator password. You can buy commercial software to reset such password or you can try to use some of the free tools available on the net. When you need to reset a password, most of the time, the procedure involves to reboot your computer (and the normal operating system) and to boot your system from a usb or live CD that load a mini OS in memory.
To reset password on Windows Core Edition, please read the following post : Tip : How to Reset Lost Password on a Core Server
Some Free Tools
One of the best tool I’m using when such problem occurs is the Offline NT Password & Registry Editor. The tool has a small footprint, quite easy to use. You can also easily create a bootable USB stick that will allow you to reset password from any machine that can boot from a USB. The tool has been around for some time and it’s still working great.
Another tool quite similar to the one mentioned above is the PC Login Now. The Offline NT Password tool is a command line oriented. The PC Login Now has a basic GUI and does the job as well. The footprint is a little bit bigger (60 MB).
As you can image, there are plenty of tools that can reset lost admin password. But, with this post, I want to show you that there is a way to use only Microsoft Tools to also reset a lost admin password.
Recorver your Lost Password using system privileges !
This is not really a new trick or a new way that I’ve invented. Back in the days where NT4 was the main Operating system present in enterprise, this tip was already available. Indeed, it was possible to replace the logon.scr file and get a command prompt access running under system priviliges and make modifications to your system.
The same principle applies to Windows 7 and Windows 2008 R2. You cannot use anymore the logon.scr file but you have to use a file called sethc.exe. It’s a file that used by the Sticky Key. Let’s details the operations:
Step 1 : Boot your system from WinPE or WinRE (Windows Recovery Mode).
Step 2 : In the WinPe or WinRE environment, you need to identify the partition where your operating system is loaded (in our example, we will say d:\). I generally use the diskpart command to identify the system partition
Step 3 : In this step, you make a copy of the d:\Windows\System32\sethc.exe file to the root drive (in our example D:\)
Step 4 : In this step, you make a copy of the d:\Windows\System32\cmd.exe and rename the copy with the name sethc.exe
Step 5 : Now, you simply reboot your machine
Ste p 6 : At the login screen, you simply type 5 times on the SHIFT key (this will enable the sticky key)
Step 7 : You will see a command prompt displayed. Within this command, you have enough rights to reset a user password or create a new user account with admin rights
Step 8 : Now, you can choose to reset the password of the admin account (or any other user account) or simply create a new one and make it member of the appropriate group
To get a list of available users on the computer, you simply type net user in the command prompt
To reset the password of an existing user account, type the following net user administrator <NewPassword>
If you do not want to change the existing user accounts, guess what, you can even create a new user account and make it member of the administrators group. To do this, from the command prompt, you create a new user account by typing the following command
Then simply add this user to a group that has admin rights (normally the Administrators or on a domain controller Domain Admins can work as well)
After that, you will be able to login to your system. It’s amazing how simple it is to hack your own system
I love this trick. Using nothing else other than what Windows Operating System is offering, it’s possible to reset a password and get access to your system. Again, I’m not the guy who has found out this trick. I’m just sharing the info with you guys. Finally, don’t use it for illegal purposes.
That’s it for this post !
Use this tip on system where you have legal access. I’m not encouraging you to crack or Hack system where you have no authorized access. This post is intended for educational purposes