Change your Windows XP Password even though you can't remember it

Martin Brinkmann
Nov 17, 2005
Updated • Feb 26, 2014
Security, Windows XP

I found an interesting article over on Logical Expressions that provides users of the Windows operating system with a clever solution to restore access to their account even if the Windows XP user account password cannot be remembered.

This is clearly a security issue because all users, not only the user who forgot the password, can change it. The only requirement for this to work is that you have a Windows XP CD at hand that you need for this to work.

I don't want to repeat the whole article, just the essence of it. Fire up your Windows XP CD, boot from it, select Repair and let the repair process finish the restoration. Reboot when its finished and when you see the Installing Devices progress bar, press SHIFT + F10.

A console appears, enter nusrmgr.cpl and you have graphical access to your user accounts. You can change or remove passwords for all accounts here directly in the menu, and use the control userpasswords2 command on the prompt to configure accounts for login without password authentication. You will have to continue with the repair process though, it won't work otherwise.

A pretty handy solution, the article also gives tips on creating a password rescue disk.

Another solution that may be viable in some situations is the following. If you have a second administrator account, you can simply sign in to that account to change all other user account passwords from with the Windows interface.

Administrators need to open User Accounts in the Control Panel. There on the Users tab they can reset the password of any local user account. Once the password has been reset enter a new password and confirmation password and click ok to set it. The user from that moment on has to use this password to log in.

Additional information about this procedure, and how to change a user password with limited rights, are available on this Microsoft documentation site for the Windows XP operating system.


Tutorials & Tips

Previous Post: «
Next Post: «


  1. Martin said on November 17, 2005 at 5:23 pm

    from TheBluesBrother @

    Another way?

    You might try this to bypass the windows Admin/user passwords. It can come in handy if you have forgotten the Admin/user/power user password, or simply cannot get access into the system.
    It does not require any 3rd party software, simply a bootable floppy/cdrom. It involves renaming the WINDOWS user database file (SAM) effectively resetting all authentication.

    To get access into a locked out system, simply follow these steps. It will work on Windows NT/2000/XP including server editions, because of the way authentication is handled by windows.

    1> change the boot sequence of your system and set it to boot from the floppy/CD drive.

    2> insert the Bootable floppy or CD and power on your system.

    3> after the system boots from the drive and halts at a prompt, type the following

    cd c: (or wherever your windows partition is located)
    cd C:\WINNT\system32\config ( replace c:\WINNT with your windows folder)

    now rename the SAM file. The file has no extension so your command can be something like this :

    C:\WINNT\system32\config>ren sam sam.bak

    Now the next time when you boot, all your passwords will be reset to blank, as windows rebuilds the user database and the SAM file. Possibly all the users you have defined and any domain affiliations may be lost as well.

    So use this at your own risk and preferably on standalone machines which you want to gain access to.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.