As you may or may not know I’m very passionate about IT security, I’m actually starting a new job soon where IT security will be my ONLY focus. (What? no more desktop support? 😛 ) I came across this helpful hint I’ve used many times, but I only recently realized its actually a form of hacking.
(This is exactly why they say that once a threat agent has physical access to your hardware it’s game over…)
VERY VERY cool!
To reset a forgotten administrator password, follow these steps:
1.Boot from Windows PE or Windows RE and access the command prompt.
2.Find the drive letter of the partition where Windows is installed. In Vista and Windows XP, it is usually C:, in Windows 7, it is D: in most cases because the first partition contains Startup Repair. To find the drive letter, type C: (or D:, respectively) and search for the Windows folder. Note that Windows PE (RE) usually resides on X:.
3.Type the following command (replace “c:” with the correct drive letter if Windows is not located on C:):
copy c:\windows\system32\sethc.exe c:\
This creates a copy of sethc.exe to restore later.
4.Type this command to replace sethc.exe with cmd.exe:
copy /y c:\windows\system32\cmd.exe c:\windows\system32\sethc.exe
5.Reboot your computer and start the Windows installation where you forgot the administrator password.
6.After you see the logon screen, press the SHIFT key five times.
7.You should see a command prompt where you can enter the following command to reset the Windows password (see screenshot above):
net user you_user_name new_password
If you don’t know your user name, just type net user to list the available user names.
8.You can now log on with the new password.