How to reset a local administrator's password

I am quite a strict parent when it comes to PC usage. Being someone who understands how PCs work and how to get around bad programming, I just make my kids ordinary Users on their PC not Admins. this means if they need to install anything I have to do it. I did at one stage give them the password but they used it to change the clock on the PC to circumvent the allowed times they were allowed to log on.

This required a password change, unfortunately due to the large number of passwords we all need to remember these days I forgot what I set it to.
Now the only real Microsoft supported ways out of this is the previously created recovery disk (never created one of those personally), do a system restore or failing that to rebuild the PC, this is not something that particularly bothers me, I often rebuild my PC every 3-6 months to clear out all the accumulated junk that builds up, though I have to say that, despite it's own bloat, Windows 7 seems to be more resilient than XP in losing performance over time. I didn't really want to do a complete rebuild as there are quite a few games on this PC and it is just hassle to re-install all of them though the Easy Transfer wizard makes light work of backing up and restoring user accounts. System restore also wasn't an option as it is turned off on this PC.

However there are a couple of other ways to recover from a forgotten Admin password.

First you can download a password cracking tool that can run from a bootable CD, something like Ophcrack which you can get from Sourceforge. The other alternative is bypass Windows security and reset the password on the affected user's account which is a lot easier than it should be.
  1. If you have access to WinPE then boot to that, if you don’t then just boot to your Windows install disk, select your language, next, select repair in the bottom left corner, Select use recover tools and from the Options dialogue choose Command Prompt.
  2. You will probably find yourself on the X: drive you now need to find the drive letter of the partition where Windows is installed. On Windows 7 it could be C:, D: or E: depending on how you installed windows and how your hardware is configured. Just type E: then press Enter and then type DIR and press Enter and see if you can see the Windows directory.
  3. Now what we need to do is replace the Sticky Keys executable with a command prompt, to do this type the following command (replace “c:” with the correct drive letter if Windows is not located on C:):
    copy c:\windows\system32\sethc.exe c:\
    This creates a copy of sethc.exe to restore later.
  4. Type this command to replace sethc.exe with cmd.exe:
    copy /y c:\windows\system32\cmd.exe c:\windows\system32\sethc.exe
  5. Take out the WinPE or Windows install disk and reboot your computer. It should boot to your normal copy of Windows..
  6. After you see the log on screen, press the SHIFT key five times.
  7. You should see a command prompt, this may take a short while to come up, or you could continually press the shift key and have 5 or 6 windows pop up eventually like I did.
  8. You now need to enter the following command
    net user user_name new_password    replacing user-name and new_password with relevant entries eg for a user called Fred to have a new password of password you would type Net User Fred password
    If you don’t know your user name, just type net user and you will get a list of all the available user names on the PC. Usernames are not case sensitive but passwords are so Password and password are not the same but Fred and fred are the same as far as Windows is concerned.
  9. You can now use the new password to logon
  10. Once logged on copy back the original Stick Keys executable, start a command prompt (All Programs > Accessories > Command Prompt) and type the following
    copy c:\ sethc.exe c:\windows\system32\sethc.exe and press Y to confirm when prompted if you want to overwrite.
Like I said, it is ridiculously easy to circumvent Windows security. There is a way to stop this from  working though, you have to implement full disk encryption (better make sure you do those recovery disks). Which is great, unfortunately Microsoft didn't see fit to include this in the Home Premium copy of Windows 7. You only get this with Ultimate or Enterprise, it's not even included in the Pro version aimed at small business users who are most like to have laptops and would benefit most from the extra security. The Enterprise version is only available to those on Enterprise Agreements, that's where you buy a PC with a copy of Windows on it and the pay Microsoft some money every year to use the software you have just bought, you do get some extra benefits such as training, extra support options and some extra usage rights like being allowed to use imaging.

Comments

Post a Comment

Popular posts from this blog

Scripting DNS entries

For reasons to do with DR we needed to change our IP addressing scheme, either for our servers or for our PCs and printers and what not. Obviously changing PCs and printers was a whole lot easier due to the possible issues of inept developers’ hard coding IP addresses causing no end of problems with re-addressing the servers. This has entailed changing all the DNS entries for our printers, (whatever happened to the paperless office?) That in itself is no real challenge, they all have web interfaces so a quick connect and amend the setting then next printer. Updating the DNS entries was going to be a bit tiresome so I did a quick Google on how to do this with a script and up popped DNSCMD. You can run this from a CMD box on your PC, the main options you need to know are /recorddelete and /recordadd. To delete a record you simple need to type dnscmd <ServerName> /recorddelete <ZoneName> <NodeName> <RRType> <RRData>[/f] What does all that mean? Well i
Read more

Enterprise Vault - Failed Exchange Task

Here's another weird one. Enterprise Vault, we use this for e-mail archiving. It does a reasonable job. Probably no better or worse than any similar product. A couple of days ago I noticed that there was warning that it hadn't archived anything from one of our mailbox servers for a couple of days, not big issue as there is just a couple mailboxes on there as it used for testing at the moment. I had a look at the associated task and it was stopped. Started it and it failed. Error in the event log looked something like below The Task 'Exchange Mailbox Archiving Task for EXCH' failed to log on to Exchange server 'EXCH' using mailbox 'SMTP:EnterpriseVault@symantec.local'. Please ensure the mailbox has not been hidden, that the server is running and that the Vault account has sufficient permissions on the server. I went through every conceivable setting in AD, EV and Exchange trying to work out what had happened and why it wasn't working on thi
Read more

Windows Phone to iPhone - a painful transition

Windows Phone died a death due to a whole heap of incompetence from Microsoft.  My phone was an old Nokia 925, about 4 1/2 years old and bought and paid by my company. There were always low requirements for company phones, if it rung and you answered it, all was good. Then Hangouts reared its head (Google want to destroy MS, so WP support) but third-party support gave a stay of execution. The final nail was a requirement for out of hours support software that had no app for Windows Phone. I had to be “downgraded” to an iPhone 6s (yes, it is a low spec 2 version old iPhone, better hardware than my 925 but not really up there as a current version, how my company loves their staff, buy expensive crap rather than cheap crap). Stuff that just worked on my old phone, now needs 'me' to be re-engineered to work the Apple way.  This is only slightly less bad than the Google eat all your life and sell it back to you way, but it is like stepping back in to the 1990s Microsoft way
Read more