How to Gain Access to a Windows User Account

At some point or another in a PC technicians career, a client is going to forget their Windows password and its up to the computer technician to fix it. Essentially, we have to break into the clients computer for them. This is how we do it.

Note: These steps are designed for advanced computer users, and are not fluffed out explaining how to do simple computer tasks. These steps are also intended for breaking into a computer that you have permission to do so on. It is a offense to break into a computer if you are unauthorized. Besides, karma will get you if you do.. it always does.

How to Gain Access to a Windows User Account using Safe Mode:
The easiest way to gain access to a Windows based machine is to go into Safe mode. To get into Safe mode do the following steps:
While the computer is powering up, before the Windows logo screen, keep pressing F8 and you will be presented with some choices on how you want to boot. Choose Safe Mode.

Goto Start > Run and type: control userpasswords2

This will bring up a User Accounts screen. Select the user account you want access to and press the “Reset Password” button.

Resetting a User Account Password. Click Reset Password

If the above didnt work for you. Try this step again but instead untick “Users must enter a user name and password to use this computer” and click Apply.

No Passwords to Logon

The system will then ask you what username you want the system to logon as by default, you can just leave the password blank or put something in if you want.

How to Gain Access to a Windows User Account using Ophcrack:
OphcrackOphcrack is a open source live CD that you can boot from and provides a linux based interface. If all goes well, there should be no need for user intervention and it will display the original password in a few minutes time.

You can download the Ophcrack LiveCD ISO from this link. Just burn the ISO to a CD and get into the BIOS of tthe computer you want to break into. Set it to boot from the CD-Rom first during startup, save your settings and restart the computer. The LiveCD should run automatically.

If things didnt go well, check out the Ophcrack FAQ to find a solution.

How to Gain Access to a Windows User Account using EBCD – Emergency Boot CD
This application will allow you to change or blank the password of almost any user on Windows NT/2K/XP without knowing the original password.

Once you have downloaded the above executable, run it and it will begin to download the files you need. Extract those files to a location you’ll remember and run the “makeebcd.exe” file in that folder. This will generate a ISO file for you.

Burn the ISO file to a CD and boot the system with it in the CD Drive.
You should now see the Emergency Boot CD main menu and will want to launch “NT Password Editor (Linux-based)” so press 5 and then Enter.

For the next two steps will mention SCSI drivers. In most cases you can just hit Enter to continue. (Enter Twice)

You should now see “Partitions Found on the disk(s)” and ask you what partition contains your NT Installation. In most cases, its /dev/hda1 and you can just press enter. If its not, you’ll need to specify which hard drive your installation is on.

The next question is “What is the full path to the registry directory?”. By default, “windows/system32/config” is chosen and you can just press enter. If your Windows XP install is not in this location (for example, your Windows folder is named XP), you’ll need to type XP/system32/config

EBCD: Which registry hive do you want to use?The application will now ask “Which hives (files) do you want to edit?”. You will want to run “sam system security” which is selected by default. So just press Enter

You should now see a menu asking you what you want to do. Choose “1 – Edit user data and passwords” by typing 1 and press Enter.

It will ask you which username you want to change the password for. Type in the username you want to change the password to and press Enter

Account Locked Out: Enter New PasswordWhen I did this, I got the error “Account is probably locked out!” which you may or may not get when you do this. If you do get this error, just press N and then Enter

The system will now tell you to please enter the new password. Once you have done that, just reboot and you should be able to login with the new password.

If you want to learn how to secure a computer from break ins like this, check out our How to Properly Secure a PC article.

Bryce Whitty

About the Author

Bryce Whitty
More articles by me...
Bryce is an Australian computer technician and the founder of Technibble. He started his computer repair business when he was 17 years old and is still running it 9 years later. He is an avid traveller and spends at least a month of the year in another country.

Comments (16)

  • gunslinger says:

    Good stuff Bryce. But I do expect you to catch some flack from some people over this even though all the info can be found on google.

  • Vitiated says:

    At least this forum is becoming a useful source of information, and Google searches could lead people here and the forum and site will grow. Don’t bother trying to please everyone, you never will. Keep the great articles and information flowing!

  • Never tried the F8 mode to reset the password before.

    I’ve had a lot of success with the EBCD. One thing to remember with the EBCD, make sure you don’t allow Windows to do a scan disk after chasing the password, else it will undo your changes.


  • LeBokov says:

    It’s very helpful for the real technicians.

  • Steve Bullis says:

    Its Ironic that you published this one today, I have been fighting with an Imac Running Windows XP trying to do this exact thing.

    I ended up using DreampackPL to fix it.

    Which can be found here.


  • Bryce W says:

    gunslinger, yeah, Im sure some people will give me flak about this.

    Terinea weblog, thanks for the tip, I didnt know that.

    Steve Bullis, Ill check that out.

  • Jason Porter says:

    Great tools, won’t get any flack from me. Another great tool is Salas Password Renew (just search for it). I put it on my BartPE disc and run it from there. It even works on Vista! It allows you to change any user’s passwords, create a new admin user, or change a user to an admin. Actually had to use it today as I forgot that if you disjoin a domain and don’t know the admin pass to the local machine, you can’t log in. DUH moment! Good Luck Techies….Use your powers wisely young grasshoppers!!

  • FriendlyGeek says:

    If You need to bypass a windows password on a secondary hard drive, follow these steps:

    1. Sign in as administrator.
    2. Right click on the secondary drive and choose Properties.
    3. Security tab.
    4. Advanced button.
    5. Owner tab.
    6. “Change owner to” box. Select the account to own the files.
    7. Click OK.

    Now, You should have access to the files on Your secondary hard drive.

  • tryinghard says:

    Yup, used the safe mode before and it worked. Will definitely try the other stuff..thanks Bryce.

  • swany971 says:

    Just used the Safe Mode method to help a customer here at my work. Thanks Bryce!

  • freek says:

    fuck men i dint understand what u want to explain

  • Roadie Ron says:

    If you have access to an Administrator level account and they forgot their password on another account, simply go to the command prompt and type: net user name * and then enter. You’ll be prompted to change the password and then to confirm it. This works under XP. Vista is another story, or if you don’t have ANY access to a user account, then just pop in oneo f the manu live CDs out there with password cracking utillities on them and reset the Administrator accounts password. Once you do that, login as Administrator and change whatever account passwords you want to, or just reset all of the user account passwords via the boot CD.

  • Johnny says:

    After restarting in safe mode, what account shall I log in to? Let’s assume the Administrator PW has also been set/changed, and the user doesn’t know it either.

  • Ben says:

    Booting into safe mode requires a password. If you dont have the administrator password you will need something like a password reset cd that can edit the password hash file.

  • JT says:

    KonBoot does it easier..