At some point or another in a PC technicians career, a client is going to forget their Windows password and its up to the computer technician to fix it. Essentially, we have to break into the clients computer for them. This is how we do it.
Note: These steps are designed for advanced computer users, and are not fluffed out explaining how to do simple computer tasks. These steps are also intended for breaking into a computer that you have permission to do so on. It is a offense to break into a computer if you are unauthorized. Besides, karma will get you if you do.. it always does.
How to Gain Access to a Windows User Account using Safe Mode:
The easiest way to gain access to a Windows based machine is to go into Safe mode. To get into Safe mode do the following steps:
While the computer is powering up, before the Windows logo screen, keep pressing F8 and you will be presented with some choices on how you want to boot. Choose Safe Mode.
Goto Start > Run and type: control userpasswords2
This will bring up a User Accounts screen. Select the user account you want access to and press the “Reset Password” button.
If the above didnt work for you. Try this step again but instead untick “Users must enter a user name and password to use this computer” and click Apply.
The system will then ask you what username you want the system to logon as by default, you can just leave the password blank or put something in if you want.
How to Gain Access to a Windows User Account using Ophcrack:
Ophcrack is a open source live CD that you can boot from and provides a linux based interface. If all goes well, there should be no need for user intervention and it will display the original password in a few minutes time.
You can download the Ophcrack LiveCD ISO from this link. Just burn the ISO to a CD and get into the BIOS of tthe computer you want to break into. Set it to boot from the CD-Rom first during startup, save your settings and restart the computer. The LiveCD should run automatically.
If things didnt go well, check out the Ophcrack FAQ to find a solution.
How to Gain Access to a Windows User Account using EBCD – Emergency Boot CD
This application will allow you to change or blank the password of almost any user on Windows NT/2K/XP without knowing the original password.
Once you have downloaded the above executable, run it and it will begin to download the files you need. Extract those files to a location you’ll remember and run the “makeebcd.exe” file in that folder. This will generate a ISO file for you.
Burn the ISO file to a CD and boot the system with it in the CD Drive.
You should now see the Emergency Boot CD main menu and will want to launch “NT Password Editor (Linux-based)” so press 5 and then Enter.
For the next two steps will mention SCSI drivers. In most cases you can just hit Enter to continue. (Enter Twice)
You should now see “Partitions Found on the disk(s)” and ask you what partition contains your NT Installation. In most cases, its /dev/hda1 and you can just press enter. If its not, you’ll need to specify which hard drive your installation is on.
The next question is “What is the full path to the registry directory?”. By default, “windows/system32/config” is chosen and you can just press enter. If your Windows XP install is not in this location (for example, your Windows folder is named XP), you’ll need to type XP/system32/config
You should now see a menu asking you what you want to do. Choose “1 – Edit user data and passwords” by typing 1 and press Enter.
It will ask you which username you want to change the password for. Type in the username you want to change the password to and press Enter
The system will now tell you to please enter the new password. Once you have done that, just reboot and you should be able to login with the new password.
If you want to learn how to secure a computer from break ins like this, check out our How to Properly Secure a PC article.