Change your Windows XP Password even though you can't remember it - gHacks Tech News

Change your Windows XP Password even though you can't remember it

I found an interesting article over on Logical Expressions that provides users of the Windows operating system with a clever solution to restore access to their account even if the Windows XP user account password cannot be remembered.

This is clearly a security issue because all users, not only the user who forgot the password, can change it. The only requirement for this to work is that you have a Windows XP CD at hand that you need for this to work.

I don't want to repeat the whole article, just the essence of it. Fire up your Windows XP CD, boot from it, select Repair and let the repair process finish the restoration. Reboot when its finished and when you see the Installing Devices progress bar, press SHIFT + F10.

A console appears, enter nusrmgr.cpl and you have graphical access to your user accounts. You can change or remove passwords for all accounts here directly in the menu, and use the control userpasswords2 command on the prompt to configure accounts for login without password authentication. You will have to continue with the repair process though, it won't work otherwise.

user-accounts

A pretty handy solution, the article also gives tips on creating a password rescue disk.

Another solution that may be viable in some situations is the following. If you have a second administrator account, you can simply sign in to that account to change all other user account passwords from with the Windows interface.

Administrators need to open User Accounts in the Control Panel. There on the Users tab they can reset the password of any local user account. Once the password has been reset enter a new password and confirmation password and click ok to set it. The user from that moment on has to use this password to log in.

Additional information about this procedure, and how to change a user password with limited rights, are available on this Microsoft documentation site for the Windows XP operating system.





  • We need your help

    Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

    We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.

    If you like our content, and would like to help, please consider making a contribution:

    Comments

    1. Martin said on November 17, 2005 at 5:23 pm
      Reply

      from TheBluesBrother @ http://www.deny.de/phpbb2/viewtopic.php?t=15728

      Another way?

      You might try this to bypass the windows Admin/user passwords. It can come in handy if you have forgotten the Admin/user/power user password, or simply cannot get access into the system.
      It does not require any 3rd party software, simply a bootable floppy/cdrom. It involves renaming the WINDOWS user database file (SAM) effectively resetting all authentication.

      To get access into a locked out system, simply follow these steps. It will work on Windows NT/2000/XP including server editions, because of the way authentication is handled by windows.

      1> change the boot sequence of your system and set it to boot from the floppy/CD drive.

      2> insert the Bootable floppy or CD and power on your system.

      3> after the system boots from the drive and halts at a prompt, type the following

      cd c: (or wherever your windows partition is located)
      cd C:\WINNT\system32\config ( replace c:\WINNT with your windows folder)

      now rename the SAM file. The file has no extension so your command can be something like this :

      C:\WINNT\system32\config>ren sam sam.bak

      Now the next time when you boot, all your passwords will be reset to blank, as windows rebuilds the user database and the SAM file. Possibly all the users you have defined and any domain affiliations may be lost as well.

      So use this at your own risk and preferably on standalone machines which you want to gain access to.

    Leave a Reply