IP Source

Saturday, 11 February 2012

Recover Win 7 Administrator Password

Forgetting the Windows 7 password is a common problem, admin's don't make copies, original password may have been entered that has a transposed character, etc. As long as you have physical access, no Windows 7 box is secure. Period.

For hardware, I have a machine that has an IDE drive dock, so I can easily place any drive into it as an slave drive and use the admin rights from that machine to access all files. I also use a USB SATA drive enclosure that has the same effect.

But to be able to reset the password, you can use one of the following:

1. Use your password reset disk to recover the Windows password

Vista and Windows 7 allow you to create a password reset disk, which enables you to reset your password without much hassle. The problem with this option is that you have to create the reset disk before the password is lost. Thus if you don’t have a password reset disk, this option is not for you. You can find a description of how to create a password reset disk here.

2. Restore Windows 7 or Windows Vista to a previous state

If you configured a new password recently and can still remember the password you used before, then you can restore Windows to a point in time before you changed the password. The Restore function of Windows 7 and Windows Vista will make sure that you don’t lose personal data. However, programs that have been installed since the corresponding restore point have to be installed again. All you need for this procedure is a Windows 7 or Windows Vista setup DVD. A detailed description of this method can be found here. If you are uncertain what System Restore is doing with your computer, read this first. This approach doesn’t work with Windows XP.

3. Use the Sticky Keys trick to reset the Windows 7, Windows Vista, and Windows XP password

The Sticky Keys trick to restore a forgotten administrator password is reliable, easy to carry out, and does not require third-party software. All you have to do is boot up from a Windows 7 or Windows Vista setup DVD, launch the Windows Recovery Environment (RE), and then replace the sethc.exe file with cmd.exe. You can also use this method for Windows XP, but you have to use a Vista or Windows 7 DVD.

4. Offline enable the built-in administrator account in Windows 7 and Vista

This method is useful if no other user account on this machine has administrator privileges. You also need a Windows setup DVD (Vista or Windows 7). With this DVD you can boot up Windows RE and edit the Registry to offline enable the built-in administrator account. Also read the article about the offline Registry editor if you don’t know how to edit the Registry in offline mode. After you enable the built-in Administrator, you can log on with this account without requiring a password and then reset the Windows password of any user account.

5. Get Petter Nordhal-Hagen’s free ntpasswd tool to reset the Windows password

The downside of this option is that you have to create a password reset CD first. Then you can boot up with this CD and manipulate the Security Accounts Manager (SAM) database. Please note that resetting the password with third-party tools can also cause data loss as described in option 4. Also note that this tool comes without any warranty. However, I’ve been using it quite a few times and never had any problem with it. The latest version supports Windows Vista and Windows 7. The advantage of this method is that it is quick if you already have the password CD in your tool box. Thus it is useful for admins who have to perform this procedure often. In all other cases I recommend option 4. You can download the tool here.

6. Use the free Trinity Rescue Kit (TRK) to recover the admin password

The Trinity Rescue Kit (TRK) is a troubleshooting solution that belongs in every admin’s tool box. This great open-source tool allows you to reset the password of Windows XP, Vista, and Windows 7. It works similar to ntpasswd. After you have booted up with the TRK CD, you have to enter the command winpass -u user_name and then follow the instructions. Sometimes setting a new password doesn’t work; in this case, just set an empty password.

7. Use the free NTPWEdit tool to reset the Windows password

Especially if your computer doesn’t have a CD or DVD drive, you have to create a bootable Windows USB flash drive and then you can use the free Windows password reset tool NTPWEdit. Don’t forget to add NTPWEdit to the USB stick before you boot up.

8. Use Microsoft Diagnostics and Recovery Toolset to reset the administrator password

MSDaRT is a toolset from Microsoft that allows you to repair a Windows installation. This tool is only available for Microsoft volume customers, TechNet Plus subscribers, and MSDN subscribers. You can easily recover an admin password with its Locksmith tool. 

9. Get a commercial password reset tool

Many commercial tools are available that allow you to reset the Windows administrator password. Technically, they do the same as the free tools. Some of them might be easier to use or come with better instructions than the free tools. But before you spend money, I recommend trying the other options I described in this article. I don’t want to recommend a particular tool here. However, I would prefer a tool where the vendor offers support in case you run into problems. Be careful—there are many black sheep exploiting desperate people by selling overpriced tools.

10. Reinstall Windows

This might sound like a joke, but in some cases this is the best method and my preferred option once all of the data has been copied. For instance, if you don’t want to lose your EFS-encrypted files or stored credentials by resetting your password, but you desperately need the computer, you can just install Windows a second time. You will have access to all the files of the previous installation. Just make sure that you don’t overwrite the original Windows installation during the Windows setup. This allows you to boot up the original Windows installation at a later time.