Reset a Windows User password

Test

This method uses grub4dos and the ISO file for the Offline NT Password and Registry Editor clears or resets a users password.

This is just a quick guide on how to make a bootable USB drive (e.g.flash memory pen drive) which will allow you to boot from it and reseta Windows XP/Vista/7 user account password. This is useful if a userhas forgotten their Windows user password or you need to boot a systemin an emergency and you do not know the users password (e.g. a memberof staff has left work and you need to gain access to their work PC).

FIRST WARNING: There is a very small but real possibility thatthis operation could make the target computer inaccessible (especiallyif you don't know what you are doing!). I suggest you make a backup ofthe disk first if the data on that disk is really important.

SECOND WARNING: If a drive volume has been encrypted (EncryptedFile System or EFS) , as the encryption key is based on the userpassword, if you reset the user password you will NEVER be able toaccess the files on tah encrypted volume again. For this reason do NOTuse this to reset the password if you think a volume may use anencypted filesystem. Beware!!! Resetting a user's or administrator'spassword on some systems (like Windows XP) might cause data loss,especially EFS-encrypted files and saved passwords from within InternetExplorer. To protect yourself against EFS-encrypted file loss youshould always export your Private and Public key, along with the keysfor the Recovery Agent user. If you are unsure, try ophcrackfirstto see if you can find out the users password - ophcrack isnon-invasive and will not alter any files on the target system.

Note: As you can see from thedescription below - it is easy to clear a users Windows password. It iseven easier to access files on an unencrypted system. For this reasonWindows PCs that need to be secure should use an encrypted filesystem -however be warned that should an emergency arise and you really need toaccess the files on that system - you can't unless you know the password(that is why it is called 'Secure')! So before you use an Encypted Filesystem or a product such as TrueCrypt or RM EasiLock/DesLock, thinkabout what data is stored on that PC and what would happen if youneeded to access that data but did not know the password (e.g. MrsJones got run over by a bus and only she knew the password to youraccounts computer).

• Create a bootable USB drive using RMPrepUSB (download from this website):Select your USB drive then set 1=MAX, 2=WinInst, 3=WinPE,4=FAT32 (or NTFS) + Boot as HDD, untick the Copy Files box - then click 6 Prepare Drive
• Click on Install grub4dos button (choose Yes=PBR (and repeat again and choose No=MBR for max compatibility)
• Downloadthe Offline NT Password and Registry Editor ISO file and copy the iso file to the USB Drive  using cd version cd110511.iso
• Using Notepad, create a menu.lst file on the USB drive with the following contents:
  
  title Windows Password reset
  find --set-root /cd110511.iso
  map /cd110511.iso (0xff)
  map --hook
  chainloader (0xff)
  
  Your USB drive should now contain 3 files: menu.lst, cd110511.iso and grldr
• Eject the drive (using RMPrepUSB, or right-click - Eject or SafelyRemove Hardware from system tray). You can check it boots correctlyfirst using RMPrepUSB F11 (run QEMU).
  

---

To use the USB pen to reset a user account password:

• Switch on the target PC/notebook and boot from the USB drive (change BIOS boot order settings if required)
• At the grub4dos menu, just press {Enter} to select the Windows Password reset option
• When the system boots, press {Enter} again as prompted.
  
  
  
• STEP 1 - The 'Candidate Windows partitions found:' text will inform you if it found any possible Windows installations.
  Enter the number of the partition that the Windows installation that you wish to reset (e.g. '1').
  
  
• 
  
  

  
  
  
  
  
  
• You should now be asked to enter the path to the registry - it is normally already set for you - e.g.:
  What is the path to the registry directory? (relative to windows disk)
  [WINDOWS/system32/config] :
  Windows/system32/config is the usual place for the Windows registry and SAM files - you will be warned if this cannot be found.
• Press {Enter} (or change the path as required and press {Enter})
• STEP 2 - You will now be prompted for which part of the registry you want - type '1' for Password Reset.
• STEP 3 - Type '1' for Password edit.
• A list of users will now be displayed:
  
  

  
  
  
  
  The Locked column indicates a disabled account (dis/locked) or one with no password set (BLANK).
  Accounts with Admin rights are shown in the Admin? column.
• Type in the name of the user account you
  want to reset the password on. Note that the Administrator account
  (RID=01fd) on Vista and Windows 7 is normally disabled, so choose a
  different Admin account.
• Type '1' to clear (blank) the user password.
• Type '!' to finish the editing - you now need to save the changes to disk and make the change permanent...
• Type 'q' to quit and press 'y' to save the changes.
• Type 'n' if you don't want to do another edit - ignore the message 'sh: can't access tty; job control turned off',
  remove the USB drive and  and press CTRL-ALT-DEL to reboot and test the changes.
  

Note: The Offline NT and Password Registry Editor is also included on the Ultimate Boot CD (UBCD) under the menu Hard Disk - Data Recovery.