SysKey Removal on Surface Pro 4

[diggauk]

Hi guys. I've been a member for many years here, but seldom post. But I am now stumped on an issue that came in on Friday.
A customer of mine got caught out by the fake technician phone call scam, and subsequently got a SysKey password installed on his machine. Normally I would just use NT Password Offline to fix the problem.... but this is on a Surface Pro 4! Now I can't get this thing to boot up with anything other than a UEFI device. Now as far as I'm aware, there isn't a password reset utility that comes on any of the UEFI disks. I've looked at Hirems, Gandelf etc, but not joy.
So I'm open to suggestions

Thanks, Pete

 

[Larry Sabo]

There's LaserSoft Recovery Suite and Active@ PasswordChanger Ultimate that boot to UEFI. Personally, I would boot AOMEI Backupper (which is UEFI-bootable) and create a drive image or back up the user data before anything else.

 

[ohio_grad_06]

Parted Magic can boot UEFI I'm pretty sure.

 

[glricht]

Resetting the password using any of the normal tools generally won't solve this. SysKey encrypts the SAM registry hive so trying to reset the password has no effect. About the only thing you can do (short of a N&P) is to do a system restore (or manually restore the registry from the RegBack folder) from prior to the SysKey being enabled.

It's been a while since I worked on a Surface Pro 4, but if you can remove the HD, try putting into another PC and do an offline system restore. You might also be able to boot the Surface using a USB installer stick for Win 10 (which supports UEFI) and then select "Repair this Computer" to get to a DOS prompt to do the manual system restore.

 

[NviGate Systems]

There are various bootable PE tools that are fully UEFI aware and works well with the various password tools written. I currently run one I tweaked together. But as was mentioned, you need to find the RegBack folder and hope it has backups. But sad to say most times when a SysKey is set, they delete the backups. You might find backups with Shadow Copy, but it's been a while since I've done that.

 

[ohio_grad_06]

I am pretty certain on the surface pro that pretty much you will break them trying to get them apart, at least that is what ifixit.com's teardown a while back showed on the older ones.

Here's some teardown how to's on them if anyone is interested.

https://www.ifixit.com/Device/Microsoft_Surface_Pro_4

 

[Kevin Celentano]

This is what you want mate


https://www.passcape.com/reset_windows_password

great program, has a syskey off in 2 mins. It's what I use

 

[diggauk]

This is what you want mate


https://www.passcape.com/reset_windows_password

great program, has a syskey off in 2 mins. It's what I use

Kevin, THANK YOU so much. 2 minutes and it found the password. Now back in the system and removed SysKey forever

 

[Larry Sabo]

$345 USD for the Advanced edition (required for business use) is a little steep.

 

[Matthew Bradley]

I was going to mention that program (there are a couple more just like it) but I've never got it to work with GPT partitions; wouldn't boot from UEFI. Was there a trick to getting this to work?

 

[diggauk]

I was going to mention that program (there are a couple more just like it) but I've never got it to work with GPT partitions; wouldn't boot from UEFI. Was there a trick to getting this to work?

On the Surface Pro 4 all I needed to do was turn off secure boot, and it worked a charm.

 

[Kevin Celentano]

Kevin, THANK YOU so much. 2 minutes and it found the password. Now back in the system and removed SysKey forever

a pleasure buddy, glad to help