|
WE HAVE MOVED. Please see our NEW Computer Forums |
11-8-2009: Sorry for the inconvenience. We finally upgraded to vBulletin 3 !! See you there, Larry Windows Password Reset Disks/Tools etc.Go to the Tech-Forums Discussion Home PagePosted by: Warez Monster Since a lot of members lately have forgotten their password to login to their system or are working on locked system, here are a few tools that are free to unlock and reset the admin or any password for Windows. [URL=http://www.loginrecovery.com/image.exe]loginrecovery[/URL] [URL=http://home.eunet.no/~pnordahl/ntpasswd/bd050303.zip]Bootdisk image[/URL] [URL=http://home.eunet.no/~pnordahl/ntpasswd/cd050303.zip]Bootable CD image[/URL] [URL=http://www.openwall.com/john/dl/john-16w.zip]John the Ripper (v1.6)[/URL] [URL=http://prdownloads.sourceforge.net/austrumi/austrumi-0.9.2.iso?download]Austrumi [/URL] How can I change the Recovery Console or Directory Restore Safe Mode Administrator password on a Domain Controller? Featured Product: Windows XP/2000/NT Key - Easy to use utility to reset Windows 2003/XP/2K/NT local and domain controller administrator passwords. Download FREE version now! When you promote a Windows 2000 or Windows Server 2003 Server-based computer to a domain controller, you are prompted to type a Directory Service Restore Mode Administrator password. This password is also used by Recovery Console, and is separate from the Administrator password that is stored in Active Directory after a completed promotion. The Administrator password that you use when you start Recovery Console or when you press F8 to start Directory Service Restore Mode is stored in the registry-based Security Accounts Manager (SAM) on the local computer. The SAM is located in the %SystemRoot%\System32\Config folder. The SAM-based account and password are computer specific and they are not replicated to other domain controllers in the domain. For ease of administration of domain controllers or for additional security measures, you can change the Administrator password for the local SAM. To change the local Administrator password that you use when you start Recovery Console or when you start Directory Service Restore Mode, use one of the following methods: Method #1 If Windows 2000 Service Pack 2 or later is installed on your computer, you can use the Setpwd.exe utility to change the SAM-based Administrator password. To do this: At a command prompt, change to the %SystemRoot%\System32 folder. To change the local SAM-based Administrator password, type setpwd and then press ENTER. To change the SAM-based Administrator password on a remote domain controller, type setpwd /s: servername and then press ENTER, where servername is the name of the remote domain controller. When you are prompted to type the password for the Directory Service Restore Mode Administrator account, type the new password that you want to use. Note: If you make a mistake, repeat these steps to run setpwd again. Method #2 On Windows 2000, if you do know the Directory Service Restore Mode Administrator password you can easily change it to something else by using the following method: Shut down the domain controller on which you want to change the password. Restart the computer. When the selection menu screen is displayed during the restart process, press F8 to view advanced startup options. Select the Directory Service Restore Mode option. After you successfully log on, use one of the following methods to change the local Administrator password: At a command prompt, type the following command: net user administrator * or Use the Local User and Groups snap-in (Lusrmgr.msc) to change the Administrator password. Shut down and restart the computer. You can now use the Administrator account to log on to Recovery Console or Directory Services Restore Mode using the new password. Method #3 On Windows 2000, if you do not know the Directory Service Restore Mode Administrator password you can easily change it to something else by using the following method: At a command prompt, type the following command: net user administrator 123456 This will change the local administrator's password to 123456. You can now use the Administrator account to log on to Recovery Console or Directory Services Restore Mode using the new password. Method #4 On Windows Server 2003, the setpwd or NET USER trick won't work. Here, if you want to change the Directory Service Restore Mode Administrator password you'll need to use the following method: Click, Start, click Run, type ntdsutil and then click OK. At the Ntdsutil command prompt, type set dsrm password At the DSRM command prompt, type one of the following lines: To reset the password on the server on which you are working, type reset password on server null The null variable assumes that the DSRM password is being reset on the local computer. Type the new password when you are prompted. Note that no characters appear while you type the password. or To reset the password for another server, type reset password on server <servername> where <servername> is the DNS name for the server on which you are resetting the DSRM password. Type the new password when you are prompted. Note that no characters appear while you type the password. At the DSRM command prompt, type q. At the Ntdsutil command prompt, type q to exit. You can now use the Administrator account to log on to Recovery Console or Directory Services Restore Mode using the new password. How can I change my user-account password from a remote computer? Featured Product: Windows XP/2000/NT Key - Easy to use utility to reset Windows 2003/XP/2K/NT local and domain controller administrator passwords. Download FREE version now! You can change a Windows User Account password that is on any Windows computer from any other Windows computer regardless of whether the User Account is on a workstation, a stand-alone server, or a Windows domain controller. Additionally, it makes no difference whether the password being changed from a workstation, a stand-alone server, or a Windows domain controller. This is true for any NT 4.0, W2K, XP Pro and Windows Server 2003 computer. You do not have to be logged on from the User Account Database that contains the Username, and you do not have to be currently logged on with that Username. This procedure is especially useful if you want to change your password in a User Account Database or security accounts manager (SAM) that is not in your default logon domain. To change your password: Press CTRL+ALT+DEL to bring up the Windows Security dialog box. Press the Change Password button. Enter the User name whose password you wish to change. In the From dialog box, click either the computer name or domain name in the drop-down list box, or type the computer name or domain name that contains the User Account Database where the user name exists. Type the appropriate password in the Old Password, New Password, and Confirm New Password box. You should receive a message indicating "Your password has been changed." This procedure is allowed even if the User Right "Access this computer from network" is disabled for the group Everyone. Changing a password does not use resources on the server. The ability to change a password without requiring the user to be logged on allows a user to change his or her password outside of the user's logon hours, or when the password has expired and the user is not able to log on. How can I change my user-account password from a Command Prompt? Featured Product: Windows XP/2000/NT Key - Easy to use utility to reset Windows 2003/XP/2K/NT local and domain controller administrator passwords. Download FREE version now! You can change a Windows User Account password that is on any Windows computer from any other Windows computer regardless of whether the User Account is on a workstation, a stand-alone server, or a Windows domain controller. Additionally, it makes no difference whether the password being changed from a workstation, a stand-alone server, or a Windows domain controller. This is true for any NT 4.0, W2K, XP Pro and Windows Server 2003 computer. To change a user's password at the command prompt, log on as an administrator and type: net user danielp * /domain (This is only an example, use your own username) When you are prompted to type a password for the user, type the new password, not the existing password. After you type the new password, the system prompts you to retype the password to confirm. The password is now changed. Alternatively, you can type the following command: net user danielp 123456 /domain When you do so, the password changes without prompting you again. This command also enables you to change passwords in a batch file. Note: If you type these commands on a member server or workstation and you don't add the /domain switch, the command will be performed on the local SAM and NOT on the DC SAM. For example, to change the administrator's password type: net user administrator 123456 Note: Non-administrators receive a "System error 5 has occurred. Access is denied" error message when they attempt to change the password. Forgot the Administrator password - Alternate Method - The LOGON.SCR trickFeatured Product: Windows XP/2000/NT Key - Easy to use utility to reset Windows 2003/XP/2K/NT local and domain controller administrator passwords. Download FREE version now! This is another trick that will easily work in Windows NT 4.0 and some versions of Windows 2000. The principal is that you need to install a second instance of your OS to your HD, then manipulate the default screen saver (the one that's used if you don't move your mouse while the CTRL-ALT-DEL box appears) for the original OS. For free 3rd party tools read Forgot the Administrator's Password?. Update: You can also discuss these topics on the dedicated Forgot Admin Password - Related Discussions forum. Windows Server 2003 Domain Admin password This tip will NOT work for Windows Server 2003. This is because of changes in the service account with which the process runs. In Windows 2000 it was run in the Local SYSTEM account (LSA) privileges, while in Windows Server 2003 it is run with the LOCAL SERVICE account, thus resulting in far less privileges than it used to have in W2K and NT 4.0. The reason 2 new account have been introduced in 2003 is that SYSTEM Account has way too many power over the system and the system could be compromised by exploiting almost any system service. The Microsoft's solution was to introduce 2 less powerful accounts (LOCAL SERVICE and NETWORK SERVICE) and make some services run in the context of those accounts instead of LSA. To successfully reset the Domain Admin password on Windows Server 2003 Active Directory please read the Forgot the Administrator's Password? - Reset Domain Admin Password in Windows Server 2003 AD page. Windows 2000 Domain Admin password To successfully reset the Domain Admin password on Windows 2000 Active Directory please read the Forgot the Administrator's Password? - Reset Domain Admin Password in Windows 2000 AD page. The LOGON.SCR trick To successfully reset the local administrator's password on Windows NT and some versions of Windows 2000 follow these steps: Install an alternate copy of Windows NT or Windows 2000. You must install this instance of NT/2000 on a different folder than WINNT, otherwise you'll end up with the same bad situation. Use ALTWINNT for example. It is best that you install the alternate instance of the OS into a different partition than the one you have your original installation. You'll delete this folder anyway, and it's best that you just format that partition after you're done. Formatting the partition will be much easier than deleting individual files and folders. Also, if you lost your password on NT - install a new instance of NT, not Windows 2000, as doing so will ruin your old NT installation (because of the difference between the NTFS versions). Same goes for W2K, XP and Windows Server 2003. Always install the same OS. Note: On Windows NT 4.0 machines that were installed out-of-the-box you do not have to install a fresh copy if you still have access as a regular user to the system. E.g. if you can log-on as a regular, non-administrator user, you can still manipulate the file's permissions. This is simply because NT's default permissions are set for Everyone - Full Control. This is not true on W2K/XP/2003 machines. Another note: Reader Mike wrote: In the article you mention installing the OS on top of the existing OS to do the logon screensaver manipulation. I wanted to mention that this can also be accomplished by removing the hard drive, placing it as a slave on another computer (XP and W2K play nicely) and then accessing the file system. Of course you need a second computer, but for some folks it may be an easier solution. Thanks, Mike That's correct, and it will work for you unless you converted the disk to a dynamic disk, on the original OS. In that case you will no longer be able to boot the old OS, even if you do manage to access the files from the other computer. Boot the alternate install. Use Control Panel/System/Startup (for NT) or Control Panel/System/Advanced/Startup and Recovery for W2K to change the default boot instance back to your original install. Lamer note: If you don't do that you'll end up booting into the alternate installation next time you turn on your computer. You don't want that, do you? Open Explorer. Browse to your original Windows NT/2000 folder, navigate to the %systemroot%\System32 sub-folder. Lamer note: %systemroot% is a system variable used to point to the folder where NT/2000 is installed, usually \WINNT in NT/2000, or \WINDOWS in XP/2003. Save a copy of LOGON.SCR, the default logon screen saver, anywhere you like. Just remember where you've placed it. You can also just rename the file to something you'll remember later, I user LOGON.SC1. Lamer note: To rename a file use the REN command in the Command Prompt window, or just select the file in Windows Explorer and press F2. Delete the original LOGON.SCR from the %systemroot%\System32 sub-folder. It is not necessary to delete the file if you renamed it, you can leave it there. Note: You might not be able to delete the LOGON.SCR file because of permission settings. Regular users can only read and execute the file, not delete it. If that is the case (and it is in W2K, XP and Windows Server 2003) then you need to take ownership of the file and give the EVERYONE group FULL CONTROL permissions. Lamer note: In order to take ownership of a file right-click it, select Properties, select the Security tab, click Advanced, and then click on the Owner tab. Select one of the users found in the list, click ok all the way out. In order to change the LOGON.SCR permissions follow the previous instructions, in the Security tab click Add and browse to the Everyone group. Add it and make sure you give it Full Control. Click Ok all the way out. Make a copy CMD.EXE in the %systemroot%\System32 sub-folder. CMD.EXE is located in %systemroot%\system32. Lamer note: In order to copy a file via GUI, select the file, right-click and chose Copy, then go to the destination folder, right click the folder name and select Paste. You can also use the keyboard by typing CTRL-C to Copy, CTRL-V to Paste. Rename the copy of CMD.EXE to LOGON.SCR. Lamer note: See step #5. Shutdown and restart your computer. Boot into the original install. Wait for the logon screen saver to initiate - around 15 minutes. Oh, and no, do NOT move your mouse while you wait, duh... After the screensaver is initiated, instead of running the normal LOGON.SRC actual screensaver, it will run the renamed CMD.EXE file (which is now called LOGON.SCR), and will actually open a CMD prompt in the context of the local system account. In step #7 you could have used EXPLORER.EXE instead of CMD.EXE, and in that case a My Computer window will pop up. Note: As noted earlier on this page, there is a way to make the wait time shorter, but you'll need to dig into the Registry for that. Open the CMD.EXE prompt (it should already be opened if you've used CMD.EXE in step #7) and type: net user administrator 123456 This will reset the local administrator (or domain admin if you are doing this trick on a DC) password to 123456. Lamer note: You can, of course, use ANY password you want... Delete the LOGON.SCR from %systemroot%\System32. Rename the saved default screen saver from step 5 back to LOGON.SCR. If you wish to remove the alternate install: Delete its' folder. ATTRIB -R -S -H c:\BOOT.INI Edit c:\BOOT.INI and remove the alternate install's entries. If you've used a different partition to install the alternate install then now you can simply delete or format that partition if you don't need it anymore, plus edit c:\BOOT.INI and remove the alternate installation entries. This trick has been tested a zillion times. Don't bother to tell me it doesn't work, it does (for Windows NT and some versions of Windows 2000), and that's a fact. Forgot the Administrator's Password? - Reset Domain Admin Password in Windows Server 2003 AD.Featured Product: Windows XP/2000/NT Key - Easy to use utility to reset Windows 2003/XP/2K/NT local and domain controller administrator passwords. Download FREE version now! Note: In order to successfully use this trick you must first use one of the password resetting tools available on the Forgot the Administrator's Password? page. The reason for that is that you need to have the local administrator's password in order to perform the following tip, and if you don't have it, then the only method of resetting it is by using the above tool. Read more about that on the Forgot the Administrator's Password? page. Update: You can also discuss these topics on the dedicated Forgot Admin Password - Related Discussions forum. Lamer note: This procedure is NOT designed for Windows XP since Windows XP is NOT a domain controller. Also, for a Windows 2000 version of this article you should read the Forgot the Administrator's Password? - Change Domain Admin Password in Windows 2000 AD page. Reader Sebastien Francois added his own personal note regarding the changing of Domain Admin passwords on Windows Server 2003 Active Directory domains (HERE). I will quote parts of it (thanks Seb!): Requirements Local access to the Domain Controller (DC). The Local Administrator password. Two tools provided by Microsoft in their Resource Kit: SRVANY and INSTSRV. Download them from HERE (24kb). Step 1 Restart Windows 2003 in Directory Service Restore Mode. Note: At startup, press F8 and choose Directory Service Restore Mode. It disables Active Directory. When the login screen appears, log on as Local Administrator. You now have full access to the computer resources, but you cannot make any changes to Active Directory. Step 2 You are now going to install SRVANY. This utility can virtually run any programs as a service. The interesting point is that the program will have SYSTEM privileges (LSA) (as it inherits the SRVANY security descriptor), i.e. it will have full access on the system. That is more than enough to reset a Domain Admin password. You will configure SRVANY to start the command prompt (which will run the 'net user' command). Copy SRVANY and INSTSRV to a temporary folder, mine is called D:\temp. Copy cmd.exe to this folder too (cmd.exe is the command prompt, usually located at %WINDIR%\System32). Start a command prompt, point to d:\temp (or whatever you call it), and type: instsrv PassRecovery "d:\temp\srvany.exe" (change the path to suit your own). It is now time to configure SRVANY. Start Regedit, and navigate to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\PassRecovery Create a new subkey called Parameters and add two new values: name: Application type: REG_SZ (string) value: d:\temp\cmd.exe name: AppParameters type: REG_SZ (string) value: /k net user administrator 123456 /domain Replace 123456 with the password you want. Keep in my mind that the default domain policy require complex passwords (including digits, respecting a minimal length etc) so unless you've changed the default domain policy use a complex password such as P@ssw0rd Now open the Services applet (Control Panel\Administrative Tools\Services) and open the PassRecovery property tab. Check the starting mode is set to Automatic. Go to the Log On tab and enable the option Allow service to interact with the desktop. Restart Windows normally, SRVANY will run the NET USER command and reset the domain admin password. Step 3 Log on with the Administrator's account and the password you've set in step #2. Use this command prompt to uninstall SRVANY (do not forget to do it!) by typing: net stop PassRecovery sc delete PassRecovery Now delete d:\temp and change the admin password if you fancy. Done! How can I open protected MS Word or Excel files if I lost (or never knew) the password for opening them?Featured Product: Windows XP/2000/NT Key - Easy to use utility to reset Windows 2003/XP/2K/NT local and domain controller administrator passwords. Download FREE version now! Loosing a password for an important document could become a real problem. At best, it means that you loose some time recovering the password or retyping all the data. Current password recovery solutions offer brute-force tools which try about 300 000 passwords per second. Sounds optimistic? This number means that recovering a password that consists of 8 upper or lowercase letters and digits will take more than few weeks. 12 characters password could take centuries to recover. Hopefully there is a way to restore data without recovering password. And almost instantly. How is that possible Protected MS Word/Excel documents are encrypted with the help of RC4 algorithm, on a key, computed by a password. For the standard encryption MS Office uses relatively short 40 bit key. This allows the sorting out of all 2^40 key values, to find a true value of the key, and to decrypt the document. Such an approach requires considerable (several days) computer time but always leads to a success. Pre-computing encryption keys and using knowledge of MS Office document's structure makes recovery process almost instant. Still sounds odd? Visit [url]www.decryptum.com.[/url] This is the first instant recovery service for the password protected MS Word and Excel files. The site claims to have the following functionality: All Word/Excel 2003/2002/2000/97 files protected with original 40 bit encryption are supported Instant decryption - under 3 minutes per file, regardless of file password No software to download and install - service is web-only Free online preview of encrypted file content Secure service - all file submissions are encrypted by SSL protocol Lets go through the recovery process with the test file called decrtyptum-test.xls. The file is protected with the password "DecryptumPWD", but we will pretend we do not know that. After clicking "Start Decryption" you will be prompted to agree with "Service And Confidentiality Agreement". On next screen you should enter PIN number. Lets leave PIN number entry field empty to run the service in demo mode. Step three - uploading the file through SSL encrypted channel. Now we should wait for the file to be decrypted. It takes about 30-40 seconds. Not so long. And here we have the preview of the file. Now you can consider if the file is worthwhile paying for decryption. Nice, huh? Although there are other offline methods of cracking open a protected MS Office file, this method has proven to be one of the most cost effective methods that I know of. What is the Windows XP Password Reset Disk and how can I use it? Featured Product: Windows XP/2000/NT Key - Easy to use utility to reset Windows 2003/XP/2K/NT local and domain controller administrator passwords. Download FREE version now! To protect user accounts in the event that the user forgets the password, every local user should make a password reset disk and keep it in a safe place. Then, if the user forgets his or her password, the password can be reset using the password reset disk and the user is able to access the local user account again. The Forgotten Password Wizard lets you create a password reset disk that you can use to recover your user account and personalized computer settings if you forget your password. How to create the password reset disk The steps to perform this task differ depending on whether your computer is a member of a network domain or is part of a workgroup (or is a stand-alone computer). If you're using Windows XP in a workgroup (and not in a domain), you have the option to create a password reset disk. To create the password reset disk go to the Start menu, Control Panel, User Accounts. Click your account name. Under Related Tasks located on the left side of the window, click Prevent a forgotten password. In the Forgotten Password Wizard, follow the instructions as they appear on the screen. When the wizard starts, click Next. Select the drive that contains the media you want to create the information on (you can use a diskette or a Zip disk), and click Next. Type your current password, and click Next. Click Finish. The password reset disk contains only one file called userkey.psw, which is an encrypted version of your password. If you change your password, the password reset disk is useless, you must repeat this procedure. How to use the password reset disk If you made a password reset disk for your local user account through the Forgotten Password Wizard, you can use it to access the computer, even if you have forgotten your password. The following steps will only work if you are in a workgroup environment, using the Welcome screen. At the Welcome screen, click your user name, and then type your password. If you have forgotten your password, the Did you forget your password message is displayed. Click use your password reset disk to start the Password Reset Wizard. Follow the instructions in the Password Reset Wizard to create a new password. Log on with the new password, and then store your password reset disk in a safe place in case you need it to reset your password in the future. You do not need to make a new password reset disk. Posted by: LaZyFLiP Dengg...this is a freakin long post. But nice one! Posted by: Trifid Lets hope that people use it for legit reasons. And if they are search for it. sticky? Posted by: Warez Monster STICKY!! Posted by: SHAWN cliff notes? Posted by: nuke I think this should be sticky. Posted by: Warez Monster Same here... Posted by: H4x3r man sticky this....this is awesome stuff..... Posted by: boo [u]Press CTRL+ALT+DEL to bring up the Windows Security dialog box. Press the Change Password button. Enter the User name whose password you wish to change. In the From dialog box, click either the computer name or domain name in the drop-down list box, or type the computer name or domain name that contains the User Account Database where the user name exists. Type the appropriate password in the Old Password, New Password, and Confirm New Password box. [/u] wow thats all i got to do? that can come in handy Posted by: shorak What if one does not know the administrative username? -Me- Windows XP Idiot Posted by: Warez Monster its in there somewhere... Posted by: office politics [QUOTE][i]Originally posted by shorak [/i] [B]What if one does not know the administrative username? -Me- Windows XP Idiot [/B][/QUOTE] i tried running the John the Ripper app once here at work. I was trying to get a list of usernames & passwords for my network. I was able to pull a copy of the SAM but couldnt figure out out to run the dictionary attack against it. prolly easier to run one of those login recovery boot cds Posted by: brrymnvette [QUOTE][i]Originally posted by csamuels [/i] [B]i tried running the John the Ripper app once here at work. I was trying to get a list of usernames & passwords for my network. I was able to pull a copy of the SAM but couldnt figure out out to run the dictionary attack against it. prolly easier to run one of those login recovery boot cds [/B][/QUOTE] If you tried to rip my admin p-word and used it. You'd be fired on the spot o questions. I take my network very seriously, it's my paycheck. So, be carefull on how you use these tools. Posted by: Warez Monster [QUOTE][i]Originally posted by brrymnvette [/i] [B]If you tried to rip my admin p-word and used it. You'd be fired on the spot o questions. I take my network very seriously, it's my paycheck. So, be carefull on how you use these tools. [/B][/QUOTE] True but only if you find out... Posted by: jcourtenay Theres a free linux-based program that can reset passwords on any version of Windows, i forget what its called but its on google somewhere. Posted by: Warez Monster astrumi? Posted by: hillbillybob ya, austrumi 9.2. That's what I used. My clients are forgetting their passwords all the time. I just burnt it onto a business card CD and keep it in my wallet. It's an awesome tool. I am still learning to use john the ripper though. Austrumi was pretty point and shoot Posted by: Warez Monster Depending on the machine and user involved, losing a password for an account can be anything from a pain to a disaster. Fortunately, in Windows Server 2003 and Windows XP there's something you can do to prepare for such an eventuality: create a password reset disk. In Windows Server 2003 you can create a password reset disk for any local user account on a member server (a nondomain controller in a domain) or stand-alone server (a server in a workgroup). You can't create a password reset disk for a domain controller because a domain controller doesn't have any local user accounts, only domain accounts stored in Active Directory. A typical use for a password reset disk would be to create one for the all-powerful local Administrator account on your server. To do this, get a blank formatted floppy and follow these steps: Press Ctrl-Alt-Del to open the Windows Security dialog box. Click on the Change Password button to open the Change Password box. In the User Name field, type the name of the local user account--for example, Administrator--whose password you want to be able to reset. In the Log On To listbox, select the name of the computer--for example, TEST210 (this computer). The Backup button should now appear at the bottom left of the Change Password box. If it doesn't, backspace inside the User Name field to erase what you typed and type it again. Do not type anything in the Old Password or New Password fields. (You can't change your password and create a reset disk in the same operation.) Click on the Backup button to start the Forgotten Password wizard. Click Next, insert your floppy, and click Next. Type the current password of the account for which you are creating a reset disk and click Next. When the wizard is finished, click Next and then Finish. Click Cancel twice to close the Windows Security screen and return to your desktop. Related Reading Code Fragments only Put your password reset disk in a secure location--especially if you created it for the local Administrator account on your server, because anyone who gets hold of your reset disk can log on to the machine and have unlimited access. What if you lose your password and you need to log on to your machine? That may sound unlikely, but what if the administrator who installed the server is sick or out of the office and you can't remember the password? Simply dig out your password reset disk (hopefully you know where to find it) and do the following: Take a random guess what the password might be. If you're right, you're in; if not, a Login Failed dialog box will appear, which is what you want to get to. Click on the Reset button to start the Password Reset wizard. Click Next, insert your password reset disk, and click Next again. Type a new password for the account and, if desired, a hint as well. (Hints are probably not a good idea for Administrator accounts.) Click Next and then Finish to reset the password for the account. You should now be able to log on with the account using the new password. How It Works Running the Forgotten Password wizard creates a public/private key pair for the local user account you specified in the Change Password box. The private key is then stored on the reset disk while the public key is stored on the hard drive and used to encrypt the current password for your user account. Then, if you later have to run the Reset Password wizard, the private key on your floppy is used to decrypt the account's current password, and when you enter a new password for the account, this new password is encrypted using the same public key. This means you can use the same password reset disk to reset the password for your account as many times as you need to. It also means the password reset disk itself can't be hacked to extract the account's password, as it contains only a cryptographic key rather than the password itself. What Can Go Wrong A few things can go wrong when you use password reset disks. First and most obvious, if you run the Forgotten Password wizard a second time to create a new password reset disk, this generates a new public/private key pair for the account and invalidates the previous reset disk. So if you're really paranoid and want to create multiple reset disks, run the wizard only once, then make duplicates of the reset disk and store them in different secure locations. More subtly, I encountered an interesting problem the first time I tried this approach for recovering the local Administrator password on a Windows Server 2003 member server. I created a password reset disk using the procedure described above and then tried to use it to reset the account password as outlined. But when I specified a new password and clicked Next, a message appeared saying, "The new password is too short or otherwise unusable due to the policy settings for this computer." Opening the Default Domain Policy in Group Policy Editor revealed that my Password Policy settings included a minimum password age of two days: [IMG]http://www.windowsdevcenter.com/windows/2004/08/03/graphics/figure1.gif[/IMG] What this policy setting means is that if you change the password for an account, you have to wait an additional two days before you can change it again. And guess what; I had changed the password for the local Administrator account on the machine just before I created my password reset disk. (I had demoted the machine from the role of domain controller to member server, which always entails specifying a new password for the local Administrator account.) So I changed the minimum password age policy setting to zero days, ran gpupdate /force on the member server, tested the reset disk (it worked), and then changed the policy setting back again. Funny how things can trip you up, but hey, that's life as a sysadmin! Posted by: alexsabree Wow thanks.... this is very helpfull :) Also, wats a "sticky"???? Posted by: Warez Monster a section that is stuck where the mods put it such as this post Posted by: Mickahcs If the admin password is blank simple boot in safe mode , login under administrator goto control panel ---> user accounts and reset the passwords on the forgotton accounts If the admin password is set us the following link to create a boot disk offline nt password reset / registry editor this url details how to created a boot cd [url]http://home.eunet.no/~pnordahl/ntpasswd/[/url] Posted by: atmriyas very nice i really aprriciate ur work good work exelent thenks for the info paul..... Posted by: office politics i got another one for ya. looks simple with gui. i think its a plugin for bart pe boot cd/disk [url]http://www.911cd.net/forums/index.php?showtopic=7137[/url] [quote]This is a utility to: (re)set the passwords of any user that has a valid local account, create a new local user with administrator rights and set administrator rights to existing user on your NT system.[/quote] Posted by: Gundam Its quite a long post, but still it is very useful.. Posted by: Whiteyyyyy This is great I was havin this problem with another computer. Posted by: Danks How about admin password for Windows 2000? For some odd reason one of our machines got its admin pw changed Posted by: Danks oh nm, found the solution ^^ Posted by: Warez Monster so did it work? Posted by: Danks I used the loginrecovery tool. Went through all the steps and towards the end, it gave me an option to pay $25 to retrieve my password instantly, or wait 48 and they ll email you the password for free. Ofcourse im poor, so I opt to wait 48 hrs... :-( Atm im looking for another tool. Posted by: Warez Monster ouch.... Posted by: MadMan_98 Ok, can anyone prove it safe to say, that these links .EXE are non malicious? Posted by: Warez Monster they are fine, i posted them Posted by: Danks Boot Disk tool work perfectly. DL the tool ran the install option, which created a boot disk with the program into my floppy. Booted computer from floppy. The program will rest your administrator password to blank, or whatever floats your boat. Works like a charm on my Win 2000 system. Posted by: MrCoffee I'm not sure I follow the LOGON.scr trick thing, is all you're trying to do gain SYSTEM access? There is a much easier way (for XP anyway), and excuse me if this has already been mentioned somewhere and I guess it won't work on all OS': Open CMD from any account (e.g. guest) enter the command: [B]at 10:31 /interactive "cmd.exe"[/B] Where 10:31 is a time 2 minutes in advance of your current system clock. Wait 2 minutes and a new CMD window will popup as a SYSTEM process. open the taskmanager and kill the Explorer.exe in your new SYSTEM CMD window enter: [B]cd..[/B] to get to %systemroot% then enter: [B]explorer[/B] and there you are logged in as SYSTEM, useful for.. well all sorts really. Posted by: MrCoffee :rolleyes: disregard that last post, doesn't work from the guest account after all. Posted by: Yin-Yang ... Safe mode boot, Administrator. safe mode administrator never has a password from my knoledge. get there and change password, and live happy. Posted by: Warez Monster true unless you set it up with a password or disable the account Posted by: Yin-Yang yeah. exactly and most people do not. Posted by: rnickel44 What if admin is disabled? Posted by: Warez Monster Well then its disabled Posted by: rnickel44 I have windows loaded onto another hard drive but not sure what exactly to change, since I am not logged in on that hard drive. Posted by: Warez Monster Originally posted by an51r Place your Windows XP CD in your cd-rom and start your computer (it’s assumed here that your XP CD is bootable – as it should be - and that you have your bios set to boot from CD) Keep your eye on the screen messages for booting to your cd Typically, it will be “Press any key to boot from cd” Once you get in, the first screen will indicate that Setup is inspecting your system and loading files. When you get to the Welcome to Setup screen, press ENTER to Setup Windows now The Licensing Agreement comes next - Press F8 to accept it. The next screen is the Setup screen which gives you the option to do a Repair. It should read something like “If one of the following Windows XP installations is damaged, Setup can try to repair it” Use the up and down arrow keys to select your XP installation (if you only have one, it should already be selected) and press R to begin the Repair process. Let the Repair run. Setup will now check your disks and then start copying files which can take several minutes. Shortly after the Copying Files stage, you will be required to reboot. (this will happen automatically – you will see a progress bar stating “Your computer will reboot in 15 seconds” During the reboot, do not make the mistake of “pressing any key” to boot from the CD again! Setup will resume automatically with the standard billboard screens and you will notice Installing Windows is highlighted. Keep your eye on the lower left hand side of the screen and when you see the Installing Devices progress bar, press SHIFT + F10. This is the security hole! A command console will now open up giving you the potential for wide access to your system. At the prompt, type NUSRMGR.CPL and press Enter. Voila! You have just gained graphical access to your User Accounts in the Control Panel. Now simply pick the account you need to change and remove or change your password as you prefer. If you want to log on without having to enter your new password, you can type control userpasswords2 at the prompt and choose to log on without being asked for password. After you’ve made your changes close the windows, exit the command box and continue on with the Repair (have your Product key handy). Once the Repair is done, you will be able to log on with your new password (or without a password if you chose not to use one or if you chose not to be asked for a password). Your programs and personalized settings should remain intact. Posted by: Erence [COLOR=red]deleted by the Mod[/COLOR] Posted by: rnickel44 [url]http://home.eunet.no/~pnordahl/ntpasswd/[/url] I was able to change the xp pw using the above link. Posted by: scoobywrx I do not undertand the sticky...HelP>??? Posted by: Warez Monster what dont you understand? Posted by: Cstrikedish Sounds very exciting, I'm in it! Posted by: Prelude92 in what partition are the passwords stored? Posted by: Warez Monster partition 1 Posted by: haroldthesage I personally recommend using ophcrack you can find it on sourceforge, i recommend the live CD version Please Visit the Online Configurator, Email Hosting, Internet Marketing , Computer Schools , Software for Real Estate , AAOutlook , Search Engine Site |