Raju Mopidevi 's Blog

Question: When I set up my machine I did set a password for the Administrator account, and then I promptly forgot it, since I never use that account. Now I need it. What can I do?

Windows NT stores its user information, including crypted versions of the passwords, in a file called 'sam', usually found in \windows\system32\config. This file is a part of the registry, in a binary format previously undocumented, and not easily accessible. But thanks to a German(?) named B.D, I've now made a program that understands the registry. 

This is a utility to (re)set the password of any user that has a valid (local) account on your Windows NT/2k/XP/Vista etc system. 
You do not need to know the old password to set a new one. 
It works offline, that is, you have to shutdown your computer and boot off a floppydisk or CD or another system. 
Will detect and offer to unlock locked or disabled out user accounts! 
There is also a registry editor and other registry utilities that works under linux/unix, and can be used for other things than password editing.

First download and burn the cd:  Bootable CD image

This is actually a highly customized version of Linux, that's designed to do exactly what the name implies: allow you to examine and edit the password information and registry of a Windows machine.

Boot from that CD you just burned. You'll end up with something like this on your screen:

Don't let all the stark plain text worry you, the process for what we're doing is actually pretty simple.

Here's the relevant portion of that screen, enlarged:

You can see that the utility has found multiple disks and/or partitions, and is asking which one I want to work on. In my case I know that the partition listed as the larger 1 (74207MB) is my Windows drive, so I enter 2 to select it and press Enter. Next:

After selecting the disk we want to use, the utility now asks us for the location of the registry. The utility has correctly guessed the location, Windows/system32/config, so all I need to is press Enter to move on.

Next it asks more specifically what it is we want to operate on:

In this case the default answer Password reset, which indicates which portions of the system are to be worked on, is the correct one so all I need to do is press Enter.

Now it asks what we want to do:

We're here specifically to operate on passwords, so once again the default answer of 1 is correct, and I simply press Enter.

Now things get interesting.


You can see here that the utility has listed all the user accounts on my machine: Administrator, Guest, and the account I actually login with, "LeoN".

It's asking which user account to operate on, and supplied "Administrator" as the default, so once again I press Enter, and we get to the reason we're here:

Now, obviously there are several choices here. My preference is to clear the password so that no password would be required to login, and of course make sure that the account is enabled. Once done, you can then login to the account in Windows and select a new password.

Use the "Quit" options and further prompts to save data to disk, exit the utility and reboot back into Windows.

Reboot from CD, press enter (in most cases) a few times, and *poof* ... the administrator account password is reset and you have access once again.

So easy anyone could do it.

Anyone.

This is where you should be concerned.

Anyone with physical access to your machine can do what I've just described.

If you're in a position where folks with a motive or other random strangers can access your machine, you may want to rethink your physical security.

If it's not physically secure, it's not secure.

The ability to walk up with a CD, and "own" the machine with a reboot and a few keystrokes hopefully makes that pretty clear.