I used to password unlock computers for a local pawn shop that people sold their PCs to. Not really that hard.
http://ophcrack.sourceforge.net/ Shows the password
http://pogostick.net/~pnh/ntpasswd/ Allows you to clear the password
Seriously. Any computer is easy to get into unless there is encryption. Even BIOS passwords only take a CMOS battery reset to clear the BIOS to factory settings...
You need the offline Windows password and registry editor. Make a bootable USB with this and just blank the administrators password. You should be able to do this in under 10 minutes.
Don't use ophcrack and try to brute force the password use http://pogostick.net/~pnh/ntpasswd/ and enable the administrator account and clear the password but bear in mind this won't work for an encrypted drive but in guessing it's not
I've used Offline NT Editor several times and it's pretty easy. Just burn to disk and boot from it. It walks you through the steps to remove the admin password.
You don't need to use anything like that.
Just use Offline NT Password & Registry Editor (or one of the many other tools in the same vain, but this one is free and works on just about everything.)
You can reset any password, create a new account, make a user account a member of the administrator's group, etc, in seconds; the most time consuming part is waiting for the Linux kernel to load.
You only need to use Ophcrack and such if you need to know what the password is, like if you think that the password might be valuable for other things on the machine (online accounts, email client or browser master password, etc.)
Passwords only help protect a device from network access, and that's how people should view them. Encryption is what protects a device from physical access.
Look for Hirens 15.1 (google this - youll have to find a torrent for it AFAIK) and use that. It has password changing tools built into it.
Another option is a tool like this - http://pogostick.net/~pnh/ntpasswd/
http://pogostick.net/~pnh/ntpasswd/
Create a bootable thumbdrive with this. Follow the prompts and reset/clear a local admin password and make sure administrator account is active.
Reboot.
Login as admin and go to Device Manager. Under Accounts and Groups, add your friend's account to the local administrators group.
Have your friend logout, then log back in as them.
They are now in the local admin group. Do whatever you want.
The bonus part on all of this is at a minimum your friend has a thumb drive that they can store their resume so on when they get fired for doing this, they have a nice portable and digital copy while on the hunt for another job.
I wish your friend good luck.
TL;DR: Here is how you do it. You WILL get fired for this.
I can do this with a Windows, Mac, or Linux box assuming you don't have whole disk encryption.
In Windows, you use the Offline NT Password and registry editor:
http://pogostick.net/~pnh/ntpasswd/
On Linux, it's called single user mode and you basically just pass it as a grub option at boot.
On a Mac, see above. Basically if you have local access to an unencrypted disk, it's a matter of seconds for any of these OSes.
You can reset the password with the Offline Windows Password & Registry Editor. This is much faster than Ophcrack, and it will always work if your storage controller is supported by Linux and you're not using full disk encryption (which are also requirements for other methods involving Linux live environments), no matter how complex or long your password is.
You use a program called ntpasswd, slices through it like butter. You'll spend more time booting it up then anything else.
http://pogostick.net/~pnh/ntpasswd/
Can remove the password from NT 3.5 to windows 8.1 systems.
It's a good tool to have in a kit for people who forget their passwords or when you curb crawl a system, buy one from a thrift store, etc.
As is the norm though, it can be used for evil.
edit: Only way it "fails" if being used for evil or legit recovery is if you encrypted files with windows, that is lost forever. Most don't encrypt their volume though, so it isn't a issue for most
The website is more likely to get hacked and my password stolen than someone brute forcing my password.
For a local machine, if someone wanted access they can reset the password using any of the million offline registry tools.
>Pwinitail
My guess is the hint is a typo. Probably should be "Pwintial". Or "Password Initial".
I guess that means the "first password used" or perhaps the user's initials. Hope that helps somehow.
Is this a Windows computer? If so, you can also reset the password:
recovering would take Ophcrack and possibly some time. This is your best option if you ever used the built in encryption feature of Windows.
removing would be easiest with NT password remover. Note: Do not use this if you used Windows file encryption feature- it will render all of the files useless.
If you don't know the local admin account, you can use Windows NT Offline Password Editor to boot from CD/USB and find out the admin username and reset the admin password.
If you don’t have the Windows installation disk or the Windows methods just don’t work... I’ve had good luck using the “Offline NT Password and Registry Editor” located here http://pogostick.net/~pnh/ntpasswd/ for resetting the admin password...
Ive had exacly this problem, but the software my dad used was like a rootkit, which was a bigger problem. I was blocked from using taskmgr.exe, installing stuff and batch/cmd usage. After some time, i figured out that i could kill some threads of the software, so i killed the ones that were active as fast as i could, because they restarted quite quickly. That stopped the timer that would shutdown the pc. After quite some time, i wanted a privileged account, so i asked my dad if he could install CDBurnerXP. After he did i burned this recovery disk: http://pogostick.net/~pnh/ntpasswd/ , and i had a privileged account. The software couldn't be removed though. after some time i discovered linux and removed the directory it was in, but i was still blocked from using most of the stuff, because the software was kind of a rootkit. When i realized this, i quickly found out about Spybot:SearchAndDestroy, whick reverted the changes after a deep scan. -> software gone When he realized, he secured the router and used the integrated timer to block me from using the net. Sadly, i could only spoof it one time with a mac address and ip change, but he removed the timer when he realized, that all devices i used as cover were blacklisted in the process, which was quite annoying for him. -> free network
TL;TR: I had a very challenging and fun childhood
Your best option is to use ntpasswd as it can enable the local administrator account and you can blank the password if it has been set.
http://pogostick.net/~pnh/ntpasswd/bootdisk.html
There's a walkthrough if you need a guide:
http://pogostick.net/~pnh/ntpasswd/
http://ophcrack.sourceforge.net/
One of these should work.
Also try entering safe mode, maybe there's another administrator account from which you can remove password.
You can change from domain to local accounts by using the:
Domain\Username format. In this case you would use Computerhostname\Username to switch to the local computer accounts. Although if you left the domain this probably won't come into play.
Whoever setup the machine originally probably setup a user just for local access. I personally have a local user named Owner, but it could be anything. It could also have the administrator account activated. Either way you probably aren't going to know the password.
So....that leaves Offline Windows Password & Registry Editor, Bootdisk / CD. It's a boot CD that will let you enable/reset the administrator account and password.
There are plenty of instructions available if you just google password reset 8.1.
You'll still have to move your mom's files from the domain account assuming the folder is still in C:\Users, I can't imagine it would get deleted when leaving the domain, but I'm not an Active Directory expert by any means. You might even need to take ownership of the folder before you can access it.
The standalone is slightly newer (or I have an old Hiren's), which has a bit more success with the newer OSs. Also the standalone ISO is only 18MB.
To further explain, the Live CD can reset Windows passwords, SAM locks (which phone scammers are setting on victims), and elevate a user to the Administrators group.
When someone has physical access to your computer, security is moot.
http://pogostick.net/~pnh/ntpasswd/
I use the above disk to boot the machine into Linux and clear, enable or set passwords in this case. Became a god send before we set up LAPs.
Also used to use it back in the day when home users would forget their passwords.
Win xp: get install cd, do recovery install > when it says installing devices press shift+f8 > type 'control userpasswords2' in command prompt > reset password > wait for recovery install to finish.
All nt versions (nt3.5 > xp > 8.1): use this
No million years, but you don't crack it, instead you just reset or change it.
First of all, dont panic, there are ways to change this password. You just need another pc & an USB Stick. No problem, right?
At work we use this tool: http://pogostick.net/~pnh/ntpasswd/
Make sure you read the "How to use?" on their page. If errors occur, feel free to ask here or read their FAQ.
I'd recommend NT Password Reset Disk. I use it all the time at work. There's instructions further down on the site. I've used it on Windows 7 and XP, but it should work the same on Windows 2000 pro.
If you have physical access to the machine, you can boot from this password reset image:
http://pogostick.net/~pnh/ntpasswd/
Use that tool to blank the local Administrator password, log on locally, unjoin from domain, rejoin to domain.
You can edit the Windows Registry from Linux with programs such as chntpw. In theory, it'd be possible to manually install a program like you describe, but it'd be extremely difficult and error-prone for any non-trivial installation.
I just use this (on machines I get with locked passwords in windows) and i'm in. Takes longer to boot the disk up...
http://pogostick.net/~pnh/ntpasswd/
Shocked a few people when i've had to work on their systems and they forgot the password
Burn it on a CD and boot from it. You can reset all passwords with it pretty easy. Have done this thousand times. Tipp: Reset it to blank and don't set it to anything.
No worries, a solution exists.
You can use this Linux boot image to easily reset any local Windows PC account's password ('Administrator' being the usual account to reset) to blank.
If the laptop doesn't have an optical drive, or you don't have a blank CD handy to burn the image to, you boot the ISO off a USB stick using this.
PM me if you get stuck.
Try booting to Safe Mode (F8). If that allows login, reset passwords.
If not, you can reset the password with a utility like this:
http://pogostick.net/~pnh/ntpasswd/
You would need to create a bootable CD from the ISO file.
This is what you want.
Download the CD ISO and burn it onto a disc, boot to the disc and follow the instructions on screen.
If you have any problems, reply here and I'll help you out.
http://pogostick.net/~pnh/ntpasswd/
This works wonders...you can wipe out Windows passwords and get into accounts. It's not terribly user friendly, though, and you can fuck up your registry with it. I'd recommend testing it on a spare system.
I can't believe no one suggested the Offline NT Password & Registry Editor.
It will reset the password for any local account, including the administrator.
Very useful if you work in IT and have to work with machines someone dug up from the basement.
And I hope I don't need to say this, but don't be an idiot and do anything stupid with this. Show people you're responsible enough to handle the freedom.
Finding the Windows password isn't easy, especially in Vista/7. OTOH, if the machine can boot on a CD or USB stick, removing the password altogether is trivial.
To protect your data, you want to encrypt them -- or the whole disk altogether. The standard way of doing that in Windows is Truecrypt.
> saved usernames and passes in IE
IE? Really?
Good question, I've never had to do this but the article looks doable. I would however test it on a vm or testbed server before hand. I have used this to reset passwords before though. http://pogostick.net/~pnh/ntpasswd/ And this has more info: http://www.petri.co.il/forgot_administrator_password.htm
I recommend the offline password recovery and registry editor: http://pogostick.net/~pnh/ntpasswd/
Requires having another computer and a flash drive that you can erase. This tool is incredibly helpful, and I've used it on several occasions, including on windows 10.
Note this only works for local accounts, not domain accounts or Microsoft ones.
Haven't actually tried this for Win10, but I know it worked on Win8.1, so it should work on 10 as well:
As long as your system isn't encrypted in any way (Bitlocker active or any files encrypted with NTFS file encryption) you can easily reset any windows user password for a local account using an offline registry editor. There's a tool on UBCD that does this exact thing that I've used a couple of times, and it works great.
What you do is basically create a bootable USB, boot from it, start the app, select the account and then enter a new password, reboot and you're done. super simple, no reformat or reinstall required. All files still there. Unless bitlocker is active, in which case you're screwed since the app cannot read/write to the registry due to the encryption. You'll likely get an error message if that is the case. You can also check in the control panel if bitlocker is active, just search for bitlocker in the start menu and it should tell you. Shouldn't be active on a consumer grade device but you never know...
I myself use it as a part of UBCD, a suite of tools that you put on a CD-R (if you're feeling nostalgic I guess?) or USB. It's like 700mb, so any old USB will do. You can also download it standalone. links below, there should be reasonably easy to follow guides on the webpages.
Feel free to PM me if you need any held with this and I'll try my best to help you out!
Good luck!
Use NT Offline Password Crack, its a bootable Linux iso that can be used to mount your Windows partition and clear the password from the SAM. This will let you logon as admin without a password. But this is risky if you're using an encrypted volume as it will make your data UNRECOVERABLE as this key is used for decryption.
If you're not using an encrypted volume and are comfortable in a CLI, you can download it here: http://pogostick.net/~pnh/ntpasswd/
There's an even easier way than booting into ubuntu but ubuntu (or whatever live linux distro you have) does come with some added benefits where you can completely manipulate windows if say you accidently delete your system32 folder or I dunno, whatever issue you have really.
http://pogostick.net/~pnh/ntpasswd/bootdisk.html allows you to make a bootable usb (I recommend rufus https://rufus.akeo.ie/ ) that loads the tools necessary to reset any local password in windows.
I.E. you cannot reset a domain password but you can enable and reset the local admin password.
Will let you get into any windows system in under a minute. I've not had this fail me yet (but I'm sure someone has).
>no USB ports, only micro-USB
Use a micro-USB to USB adapter to boot from a USB flash drive running a password-reset app.
You may need to go in the BIOS to disable SecureBoot and enable booting from legacy devices (USB).
When you boot up and try to login, do you see if he uses his email address as his account ID? If so try to see if he remembers his email password and ask him to use that.
For more drastic measures (and riskier) method, you can use the Offline Windows Password and Registry Editor. Please make sure you read and understand how it's supposed to work before using it.
Download the ISO from here: http://pogostick.net/~pnh/ntpasswd/
Burn it to a CD or write it to a USB using Rufus. Boot from the media and walk through the steps to reset your Administrator password. Super simple.
The answers here are poor.
This is /r/techsupport. None of you can tell him how to privilege escalate on a system he can work with on the weekend?
Firstly, do you log in with Microsoft account? If not, I assume not.
If you have time: Easiest way is to use this: http://pogostick.net/~pnh/ntpasswd/
This will give you a button that gives that user account local admin. You need to boot from USB or CD into this.
Second method, which is follow this guide but enter the command. net localgroup administrators youraccountname /add
http://pcsupport.about.com/od/windows-8/a/reset-password-windows-8.htm
I don't work with Windows. Please verify this method for OP.
I just use this, only time it wont work is when they have a Microsoft account, dunno if there is a way around that. Takes all of 2 minutes to boot into the live cd, reset the password and reboot without the password.
IIRC the Linux offline password CD works for win 7, its all text based and not for the feint of heart
http://pogostick.net/~pnh/ntpasswd/
But it should allow you to enable the, by default, disabled "administrator" account, and do what you need. You may also need to set a password for that account.
*WARNING*. This account is HOT admin, like in win XP. once you are done fixing your issue go back and disable it.
http://pogostick.net/~pnh/ntpasswd/
There is no such thing as a USB stick that will become bootable; it is possible that your machine can't boot from one, but unlikely, if it's modern enough to have come without an optical drive.
Offline NT Password & Registry Editor, Bootdisk / CD.
Shitty name, sketchy website, but it works. It is fairly straight forward and this will allow you to blank out your Admin password. On next boot up just login as Admin (no password) and change it.
Obviously REMOVE your network connection until you have a password in place.
Pogostick has worked for me previously http://pogostick.net/~pnh/ntpasswd/
Haven't used it for a year or so, and it doesn't like booting on some more recent hardware (you will also need to enable legacy boot) so fingers crossed!
This method seems like a ton of extra work when you can just download a reset tool on USB, choose your Windows drive, and be presented with a list of user accounts of which you can reset the password of any of them.
http://pogostick.net/~pnh/ntpasswd/
On another note, this is why if you care about security you should enable some form of disk encryption and (if possible) lock down the UEFI or BIOS to prevent booting from a USB drive.
Are you asking how you can protest the action or how you can reset your password? What operating system? Full disk encryption? If it's running Windows and the disk isn't encrypted, just use Offline NT Password & Registry Editor to blank the password.
The best thing I can suggest might not be too easy for you. You should create an ISO for a password cracking disk like this one: http://pogostick.net/~pnh/ntpasswd/
It is pretty easy to get into the local SAM file and reset the password through that, but you need to know a bit about IT in order to create the ISO, and then walk through the prompts (although most of the prompts are suggested so it is a relatively easy walk-through).
OP is trying to install Linux, not fix Windows. Getting the Windows password is a waste of time.
If fixing Windows is the objective, brute-forcing the old password is a waste of time, unless you need to preserve files encrypted with Windows' built-in "EFS" feature (which few people use). It's much faster to just set a new admin password using ntpasswd. (Windows NT passwords are simply stored, as hashes, in the registry).
> crack the Windows password using rainbow tables
Crack it with rainbow tables?
Why on earth didn't you just boot to a USB and rewrite the local admin password to blank?
Voici une procédure qui devait permettre de supprimer le mot de passe de l'utilisateur, je l'ai fais quelque fois :
Sinon apporte le chez un technicien, bonne chance!
Liens :
Yeah, mine too. But she must not be quite so savvy and ended up doing everything they said. I occasionally clean her computer up and stuff, so about a week later she asked me if I had changed her password on her laptop because she couldn't get on it anymore. After using this password and registry editor to get back on, I found some sort of teamviewer equivalent installed and a few logs that showed them installing and running CCleaner and MalwareBytes (both already installed) and some other program that I couldn't find anything about.
After I told her that someone had had remote access to her computer, she finally told me about what had happened and that a few days after paying them for "speeding up her computer", they called again and said there was a problem with her payment and they needed her card info. She then decided it sounded sketchy, hung up and pretty much immediately was unable to access her computer.
The previous payment ($149) had, in reality, gone through, so not sure what their game was, but it was like pulling teeth to get the whole story, and I'm still not even sure it was 100% accurate...
Anyway, I just recently built her a new desktop where she does not have admin and I keep a very close eye on it but she promised to run anything past me first. It's strange because she has been the tech person in my family all my life and was a lot of the reason I started learning about computers, but lately she just seems to not think before downloading.
There are a few options for circumventing Windows passwords. KON-BOOT will get you in for sure, but is a paid software. There are others, such as Offline NT Password & Registry Editor. Free, but more technical.
In any case, you can create a recovery medium that will allow you to recover your account in the future in case this happens again. I'd look into doing that and making sure you store the removable media somewhere safe (that you won't forget).
I've used this plenty of times. I've had the best luck changing it to blank with this program and then changing it again once you're into Windows.
Offline Windows Password & Registry Editor
> with his dodgy password cracking tool he's downloaded from some website
This one?
http://pogostick.net/~pnh/ntpasswd/
Saved me a lot of work on two occasions. One was memorable.
Payroll manager insisted that only he could know the administrator password for his new new payroll application server. [1]
Whatever: we installed the OS, let him type in the password, and done.
Two weeks after go-live, the day before payday, he calls up in a sweat: they did something dumb, vendor wants him to do a thing to make it all better ... and he can't remember that password.
I made sure he knew the risks, showed him the tool, explained what it was doing. He agreed. Two minutes later he's got his machine back and can cut checks.
He's also freaked out how easy it was.
As I found out later when the CIO called me into his office to question me about using 'hacking tools'.
Got a nice 'atta boy' for saving the day. And I was told to stop saying things like 'wow, that really is easy to hack, hunh?' to non-technical manager.
[1] Also that it could not be joined to the domain, and it had to live in his department behind a locked door.
You better hope the thief really is quite tech illiterate, because there are a number of quite easy ways to bypass a Windows login password if you have physical access to the machine.
He could use this tool to change or simply remove any password on the machine, that tool is slightly complicated though so an average guy is not too likely to be using that.
He could use Kon-boot which is commercial software that allows you to simply boot from a dvd / usb stick that then injects itself into the Windows boot process, and allows you to login to any account without entering any passwords. This tool is easier to use but costs money for the most uptodate version.
He could simply take the harddisk out of your Laptop and insert it into a harddisk dock or external enclosure that connects it to his PC.
Option 3 is the easiest and is something practically anyone can do, since removing harddisks from laptops tend to be extremely easy. And once he has the harddisk connected to his PC he will have unrestricted access to everything on your machine.
Do note of course that I am assuming you are not using a machine encrypted with bitlocker or anything similar, as that would change things quite a bit.
http://pogostick.net/~pnh/ntpasswd/ This tool lets you edit the registry of a windows installation. Have it pre-loaded on a flash drive, boot into it, and you can clear any password on the machine, sometimes you can promote any user to admin.
In Linux, the process depends on the distribution. Ubuntu offers a "recovery mode" boot option, if you boot into that and fsck the disk (which will mount it writable) and then drop to a root shell, you can run 'passwd [user]' and set a password for any user, including root. On some other versions of Linux, you can add a '1' to the kernel boot parameter and get straight into a root shell. There may be other methods I have not yet encountered
Mac is also easy. Boot into single user mode by holding command+s, run mount -uw / (mounts the drive writable) and either run 'passwd [user]' to change a users password, or you can run 'rm /var/db/.applesetupdone' and reboot to create a new admin user account the next time you reboot.
http://pogostick.net/~pnh/ntpasswd/
Boot it up and wipe out the old password.
Please don't use XP on the internet. It is out of service and no longer receiving security updates. Even with good AV, you are still at risk.
To elaborate, Hirens has a tool called "Offline NT Password and Registry Editor". It will allow resetting, or removing the password. It also has several AV products that may be able to scan, find, and remove the malware. The password reset program can also be downloaded directly from here.
Also, instead of an enclosure you can buy USB adapters like this one that will allow you to connect any kind of drive to another PC through USB.
If you suspect malware though make sure the PC you use has good AV protection and then run Malwarebytes against your problem drive first thing.
Go into safe mode or use the offline password reset tool and enable the administrator account. After logging in, hit WIN + R and type regedit. Go to HKEY_LOCAL_MACHINE > SOFTWARE > Microsoft > Windows NT > CurrentVersion > ProfileList.
Under ProfileList, there are going to be 2 items that are named exactly the same, only one has .bak at the end. Right click > rename and add a 2 to the end of .bak for a moment. Rename the other identical one and add .bak to the end. Now rename the original one, only this time remove .bak2 completely. Restart. You should be able to log in now.
The other methods are way more sophisticated.
Change it to blank (no password) using this bootable CD...
http://pogostick.net/~pnh/ntpasswd/
Then once in Windows, you can change the password from blank to whatever.
>There are two program file folders (one is x86) which bothers me.
This is a 64 bit OS. That why you see that.
Want to reset windows password? This has everything you will need http://pogostick.net/~pnh/ntpasswd/
Read carefully and follow all the steps. I have gotten lots of non tech savvy people to reset forgotten passwords this method.
Even though you figured out the password, here is an option for those that aren't so lucky
http://pogostick.net/~pnh/ntpasswd/
I do computer repair and have used this tool many times to reset passwords on customer computers.
Are there deeper reasons for tech support using Ophcrack to crack lost passwords of local WinNT accounts instead of emptying them with ntpasswd from a (Linux) live medium – apart from preserving EFS-encrypted files?
You can burn a bootable cd called Offline Windows Registry and Password Editor (direct link)
Unzip and burn the iso with IMGBurn or other iso burning software.
Boot the computer and have it boot from the cd using the boot selection key or change the boot order in the bios. You can remove any windows passwords using this tool. Here is a youtube video on how to use it if you can't figure it out.
Good luck!
Its a very small linux live cd. Burn it to a disc, boot up the netbook with it. Its confusing to read because of the spacing, but just follow the directions and it will allow you to wipe the password of whatever account you wish.
This is my go to crack, always works. Hope that helps
You mostly learn as you go. Some protips I can offer are:
ALWAYS check if the machine is under warrenty before quoting a repair. If it is, and it's a dell or hp, you can just ship it out, or even do it in store for free!
ALWAYS ask for a password. this will kill your turn around time when you forget.
Never forget; you get paid the same whether they buy a 400$ repair or a free tuneup. Use that to your advantage as a motivator for being honest. People appreciate it when you're straight with them, especially if it saves them money.
Hide some generic windows copies around on inconspicuously labeled disks. These will save you weeks of dicking around waiting for disks when a customer loses theirs. XP and vista are really the only two you'll need.
Keep a copy of this around too; it is your best friend when some guy brings in a laptop and forgets his own password.
Print up virus scan reports and diag reports; customer won't always believe you, but the piece of paper usually convinces them.
This one is a bit involved, but there is actually a way to facilitate assurant warranties from the store! Doing this will seriously save face with customers who would otherwise complain about having to do it themselves, and quite frankly, for the amount a warranty costs, they shouldn't have to. Simply, with their permission of course, call assurant and pretend to be them. Tell the assurant tech that the nice boy at staples has already tried everything and recommended depot repair, but you're going out of town and want to ship it from staples, and pick it up from there when you get back. They won't question you for a second, and will ship the box out to your store immediately. This trick worked 100% of the time.
Download and burn NTPasswd, just make sure you blank her password, don't try to change it. It's kinda flaky on Vista but I've never had a problem blanking the password out.
Windows 7?
If he was a local admin on the computer or just knows the local admin username and password:
When you are at the login screen it probably has DOMAIN\USERNAME remembered from being used the last time. Click "Use another account" then change DOMAIN to the name of the computer followed by the local admin username or his username.
If not the case above:
Use this.
chntpw is what you need.
As you're getting too baked to remember major changes, you need also to invest in a ball point and notepad to write down changes you make, as you make them.
chntpw is what you want for removing Windows passwords, and does have a USB version.
I would have you make both a USB and CD version. I know you say some machines don't have an optical drive, but buying yourself an external optical drive will cost all of $20. It's worth it: while CDs scratch, USB keys can have their pins break.
Here's your tool for resetting that password
DBAN will make short work of any data after you get what you need off it.
After that, reimage using your preferred tool(s). It goes without saying though: be careful with DBAN if you intend to reimage from a recovery partition.
This one, listed in the article linked here, is the best:
http://pogostick.net/~pnh/ntpasswd/
I use it daily at work. It will reset local account passwords on a 2003 box.
Be warned, however, that if your server's boot drive is a RAID configuration you'll only have success if it's got Linux kernel drivers for it or if it's a transparent hardware RAID that shows up like a single logical drive.
Your best bet is to use the tool NT Offline Password to change the administrator password and log in with that. Windows 7 doesn't have a reset function like 8 and 10.
If you are using Pro edition or higher and these are local accounts, you can log into any admin account and set the passwords to nothing. Log in, then right click the start button, Computer Management, System Tools, Local Users and Groups, Users, and the accounts will be listed there.
If you are on Home you won't have this menu so you wouldn't have any easy way of removing the password. The NT Offline Password utility should be able to do it - http://pogostick.net/~pnh/ntpasswd/ (Look up guides on using it, it is not noob friendly)
There is a very useful tool on Linux that is called ntpasswd
and that can be used up to win 8.1 to reset a windows user's password.
If you have a usb drive at hand, it's quite fast and easy to set it up to enable you to boot Linux on your machine and use ntpasswd
to reset the password.
Here are two tutorials on how to do it:
Here is the google search that I did to find them:
https://duckduckgo.com/?q=ntpasswd+live+reset+windows+password&t=ffsb&ia=web
Let me know if it works (protip: it will)
You can image the disk before attempting the break-in if paranoid.
I use a http://pogostick.net/~pnh/ntpasswd/ bootstick mainly to re-activate Administrator and to clear its password.
The alternative, as mentioned, is to replace sethc.exe with cmd.exe to get an admin cmd shell on the login screen.
Actually, if it's to just look through documents, an ever simpler alternative would be to yank out the disk and plug it into a second pc.
This is going to suck hardcore, but it can be done.
The SAM file cannot be touched while the OS is booted, so you will have to mount the disk to another OS and modify it that way. I've only ever done this with physical access. It's possible to read a SAM remotely with fgdump, but I've never heard a way to write one remotely.
With physical access, this tool will do what you need. http://pogostick.net/~pnh/ntpasswd/
Honestly tough, I'd tell your InfoSec team to go fuck themselves.
Edit: The SAM file can be accessed by SYSTEM during operation. So you could try to use psexec to elevate a cmd shell to system and overwrite the SAM file with one you've prepopulated. Or you could create a service via
sc create cmdsvc binpath= “cmd /K start” type= own type= interact
sc start cmdsvc
which would launch a shell as system as well provided you have HKLM\System\CurrentControlSet\Control\Windows\NoInteractiveServices DWORD = 0. Both of those could be done remotely. Basically, the only way to do this is to hack your own machines, which will probably piss of InfoSec as well.
Petter Nordahl-Hagen’s Offline NT Password & Registry Editor
http://pogostick.net/~pnh/ntpasswd/
Easy to make a bootable USB from the ISO. Super simple to use, just hit enter until you get to the Account selection part, then just use the numbers that apply, write it back and reboot. You must have done a clean shutdown of windows to use it safely.
Well, if you haven't erased it yet, you can download Offline NT Password & Registry Editor and blank out the password.
That would at least get you logged into the workstation. If it's domain joined and such (if it's Home Premium it shouldn't/can't be) then you'd have to worry about disjoining it and trying to undo all the policies on it.
You will need a second computer to burn a disc. Use this link http://pogostick.net/~pnh/ntpasswd Burn it and boot to it. Once there you will find options to reset the password The above website has all instructions. Good luck
btw, a Free and Libre Open Source Software replacement for Kon-Boot is ntpasswd.
It's included on the grml Linux admin live CD and Kali Linux.
DO NOT FORMAT LIKE SOME ARE SAYING!!!!! This is generally a simple fix.
Ready made tools:
http://pogostick.net/~pnh/ntpasswd/
I load that on my USB tech disk using:
http://www.pendrivelinux.com/yumi-multiboot-usb-creator/
Boot to your USB drive and pick that OS.
Just follow the prompts and pretty much take the defaults and it resets your password or clears it out. Works at least up to Win8. Haven't tried it on 10.
Scanner: Simple, fast disk usage visualizer.
NT Offline Password Editor: Just in case you get locked out.
TestDisk/PhotoRec: Data recovery.
What made you think audit-mode was the appropriate tool for this?
Use this if you need access to a local account.
If when you're sysprep'ing an image and you've managed to infect that VM/machine you've got bigger problems in your environment mate...
If displaying users on the start screen has been disabled (i.e. it only shows "Other user") AND nobody can remember the user name, you can use a tool like ntpasswd to create a bootable USB (or CD/DVD) which you can boot into and list the users of the machine as well as delete the passwords from any accounts listed. Here's a little tutorial video that illustrates use of this tool.
This was due to a bad windows update. The repair is straightforward but can be very confusing to someone who isn't familiar with command prompt.
Easiest way is to just remove the Windows 7 login password using: http://pogostick.net/~pnh/ntpasswd/ plenty of guides for this on the site and youtube. Then you can manually uninstall the update. The issue only occurs for people who have a password.
Otherwise you need use cmd prompt to remove the update KB3097877. https://www.reddit.com/r/techsupport/comments/3seu7e/flashing_login_screen_windows_7/
Or if you have restore points, go to a date before the update was installed.
You can remove every Windows password without knowing it. Great tool is http://pogostick.net/~pnh/ntpasswd/ - tried and tested up to Windows 7, might still work with 8. Read the FAQ, pretty straightforward.
http://pogostick.net/~pnh/ntpasswd/
If you mean they're joined to a domain, and you don't have the user name and passwords, reactivate and reset the local administrator account using the above software, and then when you get back into Windows, leave the domain.
Look into the cloud based system managment solutions such as Microsoft InTune, Kaysaya, Dell KACE. There are others that escape me...
If you really want them locked down, you'll want BitLocker with TPM unlock. Otherwise the more clever students will figure out how to change the local admin account password and break your managment tool's access in addition to your own.
> Cut 3 hours and after multiple texts asking him what his password is
For future reference if you find yourself in this situation again sometimes the easiest option is to blank out the local administrators password and then have the user set a new password when you can get in touch with them.
http://pogostick.net/~pnh/ntpasswd/
This is also included in the ultimatebootcd and hirens I believe as well.
Also, you should never ever work on another company's machine without their prior authorization and if this is how your dad treats you for the possibility of data loss when he wasn't diligent enough to create backups in the first place, I would probably just move out on my own. Your dad sounds kind of shitty.
If you have a Windows 7 Setup DVD or USB, you can use this method to reset password:
https://www.technibble.com/bypass-windows-logons-utilman/
The other method is to make a bootable USB or DVD. This method is slightly more complicated:
NTpasswd is a great tool; I don't know about Win10, but I've used v140201 successfully on Win2008 servers. Confirmed effective at clearing PWs; the other functions aren't confirmed. It's a bootable .iso less than 20 MB.
You can delete the windows password using a program on Hirens boot cd called Offline NT password editor. If you are going to do this I would recommend backing up first, as it can corrupt the windows installation.