Hello World,
I’m sure you’ve already encountered the situation. It can happen that after some time, you just forget about the admin password on some systems and you need to perform a reset action. I have to admit it, it happen to me quite recently. A customer called me back to fix a specific problem on a server that was installed one year ago. I had transmitted the user account and password information to the customer but unfortunately somebody change the admin password and nobody didn’t know anymore.
In such situation, you can use a plethora of tools in order to reset the administrator password. You can buy commercial software to reset such password or you can try to use some of the free tools available on the net. When you need to reset a password, most of the time, the procedure involves to reboot your computer (and the normal operating system) and to boot your system from a usb or live CD that load a mini OS in memory.
Note :
To reset password on Windows Core Edition, please read the following post : Tip : How to Reset Lost Password on a Core Server
Some Free Tools
One of the best tool I’m using when such problem occurs is the Offline NT Password & Registry Editor. The tool has a small footprint, quite easy to use. You can also easily create a bootable USB stick that will allow you to reset password from any machine that can boot from a USB. The tool has been around for some time and it’s still working great.
Another tool quite similar to the one mentioned above is the PC Login Now. The Offline NT Password tool is a command line oriented. The PC Login Now has a basic GUI and does the job as well. The footprint is a little bit bigger (60 MB).
As you can image, there are plenty of tools that can reset lost admin password. But, with this post, I want to show you that there is a way to use only Microsoft Tools to also reset a lost admin password.
Recorver your Lost Password using system privileges !
This is not really a new trick or a new way that I’ve invented. Back in the days where NT4 was the main Operating system present in enterprise, this tip was already available. Indeed, it was possible to replace the logon.scr file and get a command prompt access running under system priviliges and make modifications to your system.
The same principle applies to Windows 7 and Windows 2008 R2. You cannot use anymore the logon.scr file but you have to use a file called sethc.exe. It’s a file that used by the Sticky Key. Let’s details the operations:
-
Step 1 : Boot your system from WinPE or WinRE (Windows Recovery Mode).
-
Step 2 : In the WinPe or WinRE environment, you need to identify the partition where your operating system is loaded (in our example, we will say d:\). I generally use the diskpart command to identify the system partition
-
Step 3 : In this step, you make a copy of the d:\Windows\System32\sethc.exe file to the root drive (in our example D:\)
-
Step 4 : In this step, you make a copy of the d:\Windows\System32\cmd.exe and rename the copy with the name sethc.exe
-
Step 5 : Now, you simply reboot your machine
-
Ste p 6 : At the login screen, you simply type 5 times on the SHIFT key (this will enable the sticky key)
-
Step 7 : You will see a command prompt displayed. Within this command, you have enough rights to reset a user password or create a new user account with admin rights
-
Step 8 : Now, you can choose to reset the password of the admin account (or any other user account) or simply create a new one and make it member of the appropriate group
-
-
To get a list of available users on the computer, you simply type net user in the command prompt
-
To reset the password of an existing user account, type the following net user administrator <NewPassword>
-
If you do not want to change the existing user accounts, guess what, you can even create a new user account and make it member of the administrators group. To do this, from the command prompt, you create a new user account by typing the following command
Then simply add this user to a group that has admin rights (normally the Administrators or on a domain controller Domain Admins can work as well)
After that, you will be able to login to your system. It’s amazing how simple it is to hack your own system
Final Words
I love this trick. Using nothing else other than what Windows Operating System is offering, it’s possible to reset a password and get access to your system. Again, I’m not the guy who has found out this trick. I’m just sharing the info with you guys. Finally, don’t use it for illegal purposes.
That’s it for this post !
See ya
Disclaimer :
Use this tip on system where you have legal access. I’m not encouraging you to crack or Hack system where you have no authorized access. This post is intended for educational purposes
Boot your system from WinPE or WinRE (Windows Recovery Mode)…
But it will need an administrator password to logon… What’s wrong?
Tnx for your help!
Hello There,
if you use a WINPE boot cd, the system will not (and should not) prompt you for a password.
With WINRE, Since Windows 7, Microsoft has changed the design and you are indeed prompted for a password.
So, I will need to update the post in order to reflect this change.
hope this help
See ya
I got it. I’ve created and used a System recovery cd in Windows 7. Boot it and you will not be asked for any admin password.
Tnx!
sir,
i have this sotware and booted from win server 2008 r2 using disk part command but it’s not showing that my scsi os installed harddisk. what should i do now help me sir plsssssssssssssssssssss
sir,
i have this sotware and booted from win server 2008 r2 using disk part command but it’s not showing that my scsi os installed harddisk. what should i do now help me sir plsssssssssssssssssssss
Hello there,
No Panic ! The WinPe disk probably does not have the drivers for your SCSI Disk. You will need to inject these drivers into the WInPE disk. You have 2 options : Offline and Online.
In offline mode, you will basically customize your WinPE disk installation and inject custom drivers before creating your WinPE cd. The online mode allows you to add drivers on the fly from the WINPE environment. If you have the drivers for your scsi, place them in a usb stick and from within winpe use the command drvload. see here.
When the drivers are loaded, you should be able to list your scsi disk and you should be able to proceed with the operatios
You will need to google a little bit to see how the drvload.Exe is working. Sorry, I have not time for the moment. maybe in the future, I’ll be posting information about this
Hope this help
See Ya
Griffon, thnx this process is successful for me.
No Problem
Happy to see that this post is still useful
Till next time
See ya
Year 2015 now…we used the trick today. Worked as expected, thanks for this info!
After resetting the admin password do I need to delete one of the sethc.exe files?
Hello,
In the post, we indeed performing a backup of the original files. When you are done, It would be wiser indeed to remove the sethc.exe file that give you access to the command prompt in the login prompt window
Hope this help
Till next time
See ya
Neat blog! Is your theme custom made or did you download it from somewhere? A theme like yours with a few simple tweeks would really make my blog jump out. Please let me know where you got your design. Thanks eabcbkcdkkabkfkf
@Smith,
check footer of the web page, you have all the needed information
Till next time
See ya
Used this post to get into a 2008 R2 server. Still works.
Had an old (but upgraded to maximum until MS ceased support) W7 system with long forgotten admin password. Tried to use password recovery tools with rainbow tables etc, didn’t help. Finally this trick did it, w00t! Thanks a lot.