Admin Password Recovery

You probably will never need to login as "Administrator".  In fact, at the login screen of Windows - you will never see that account listed.  Neither will you see a user folder under "Documents and Settings" for the Administrator.  So this is why many people forget the Admin password.  But it is there.  

Why the Admin Account is not listed on the Welcome (Login) Screen - as soon as you create your own account on WinXP during installation, by default you receive administrator privileges, and is essence you have created a 2nd Administrator account.  Therefore Windows assumes there is no need to display the 1st Admin account as a login option.   Sp whenever there is more than the Administrator account, you won't see Administrator on the Welcome Screen.  However - you WILL see that account listed as a login option when booting into SAFE Mode ! !

How to NEVER need the Administrator Account

So long as your own user account has Administrator privileges - and it certainly should since that is the default - then the only place you will ever need to login as "Administrator" is when you try to run the "Recovery Console" to repair Windows.  Fortunately - there is a way to automatically login to the recovery console as Administrator, as follows:

This step-by-step article describes how to configure an automatic administrator logon for Recovery Console. If you configure an automatic administrator logon, anyone can use Recovery Console to access your computer. They will not be prompted for an administrative password.  
  1. Click Start, and then click Control Panel.
  2. Click Switch to Classic View in the right pane, double-click Administrative Tools, and then double-click Local Security Policy.
  3. Expand Security Settings, expand Local Policies, and then click Security Options.
  4. Double-click the Recovery Console: Allow automatic administrative logon policy, and then set it to Enable.

OR you can do it this way:

  1. Start/Run . . . Regedit
  2. go to:  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole
  3. double-click "SecurityLevel" and change the DWORD registry value to 1

 

Recovery Method 1 - you are able to get logged on as a User with Admin Privileges

*** requires you to know at least one password of a user with Admin privileges, or have a PRD (Password Recovery Disk) to login as a User with Admin Priveledges (see How to Make and Use a PRD)

All you have to do is reset the Admin password by logging in as yourself (you should certainly have Admin privileges since that is the default for XP users) and using any of the following 3 methods - they all do the same thing:

  1. make sure you are logged in as a user with Admin priveledges (your own XP user account should have admin priveledges)
  2. Start/Run . . . compmgmt.msc
  3. goto:  /System Tools/Local Users and Groups/Users
  4. right-click on Administrator/Set password - you will get this warning:

OR if you don't want any warning, do it this way:

  1. login to Windows as any user with Admin priveledges
  2. Start/Run . . . control userpasswords2
  3. Click the user account that you forgot the password for, and then click Reset Password.
  4. The great thing about this step is that you will NOT be asked to supply the "old password" - simply yype a new password in both the New password and the Confirm new password boxes, and then click OK.

OR there is an even easier way:

Start/Run . . . cmd
then in the DOS Box, type:     net user username newpassword

Example
net user administrator 123456

 

 

Recovery Method 2 - you're hosed - unable to get logged on as a User with Admin Privileges

 

Case 1 - you only need to recover data from the system:

- take the drive & remount it to another pc as a slave drive.

 

Case 2 - you can do without your programs and settings because you have all disks needed:

- just reinstall Windows from scratch - vur actually it will be faster to go to Case 3 and use method "a".  

 

Case 3 - you absolutely must recover the Admin password to get into Windows:

a)  $$$ way - 

          1)  Sunbelt's NTaccess Disks - for $70   -   http://www.sunbelt-software.com/product.cfm?id=265&affid=wxpnews

          2)  www.lostpassword.com   -  $195

b) free method from Grape-Info

I have not tested this personally, but check it out - you can download the requires files from the site:

http://www.grape-info.com/doc/win2000srv/security/ntpasswd.html

c)  Free but time Consuming ways

*** see Forgot the Administrator's Password?  and  the  Forgot Admin Password - Related Discussions forum.

5 Free Tools (most are either complex or time-consuming - BUT FREE !!) - http://www.petri.co.il/forgot_administrator_password.htm (scroll down a bit)

The LOGON.SCR trick

To successfully reset the local administrator's password on Windows NT and some versions of Windows 2000 follow these steps:

  1. Install an alternate copy of Windows NT or Windows 2000.

You must install this instance of NT/2000 on a different folder than WINNT, otherwise you'll end up with the same bad situation. Use ALTWINNT for example.

It is best that you install the alternate instance of the OS into a different partition than the one you have your original installation. You'll delete this folder anyway, and it's best that you just format that partition after you're done. Formatting the partition will be much easier than deleting individual files and folders.

Also, if you lost your password on NT - install a new instance of NT, not Windows 2000, as doing so will ruin your old NT installation (because of the difference between the NTFS versions). Same goes for W2K, XP and Windows Server 2003. Always install the same OS.

Note: On Windows NT 4.0 machines that were installed out-of-the-box you do not have to install a fresh copy if you still have access as a regular user to the system. E.g. if you can log-on as a regular, non-administrator user, you can still manipulate the file's permissions. This is simply because NT's default permissions are set for Everyone - Full Control. This is not true on W2K/XP/2003 machines.

Another note: Reader Mike wrote:

In the article you mention installing the OS on top of the existing OS to do the logon screensaver manipulation.

I wanted to mention that this can also be accomplished by removing the hard drive, placing it as a slave on another computer (XP and W2K play nicely) and then accessing the file system. Of course you need a second computer, but for some folks it may be an easier solution.

Thanks,

Mike

That's correct, and it will work for you unless you converted the disk to a dynamic disk, on the original OS. In that case you will no longer be able to boot the old OS, even if you do manage to access the files from the other computer.

  1. Boot the alternate install.

  2. Use Control Panel/System/Startup (for NT) or Control Panel/System/Advanced/Startup and Recovery for W2K to change the default boot instance back to your original install.

NOTE: If you don't do that you'll end up booting into the alternate installation next time you turn on your computer. You don't want that, do you?

  1. Open Explorer. Browse to your original Windows NT/2000 folder, navigate to the %systemroot%\System32 sub-folder.

NOTE: %systemroot% is a system variable used to point to the folder where NT/2000 is installed, usually \WINNT in NT/2000, or \WINDOWS in XP/2003.

  1. Save a copy of LOGON.SCR, the default logon screen saver, anywhere you like. Just remember where you've placed it. You can also just rename the file to something you'll remember later, I user LOGON.SC1.

NOTE: To rename a file use the REN command in the Command Prompt window, or just select the file in Windows Explorer and press F2.

  1. Delete the original LOGON.SCR from the %systemroot%\System32 sub-folder. It is not necessary to delete the file if you renamed it, you can leave it there.

Note: You might not be able to delete the LOGON.SCR file because of permission settings. Regular users can only read and execute the file, not delete it. If that is the case (and it is in W2K, XP and Windows Server 2003) then you need to take ownership of the file and give the EVERYONE group FULL CONTROL permissions.

NOTE: In order to take ownership of a file right-click it, select Properties, select the Security tab, click Advanced, and then click on the Owner tab. Select one of the users found in the list, click ok all the way out.

In order to change the LOGON.SCR permissions follow the previous instructions, in the Security tab click Add and browse to the Everyone group. Add it and make sure you give it Full Control. Click Ok all the way out.

  1. Make a copy CMD.EXE in the %systemroot%\System32 sub-folder. CMD.EXE is located in %systemroot%\system32.

NOTE: In order to copy a file via GUI, select the file, right-click and chose Copy, then go to the destination folder, right click the folder name and select Paste. You can also use the keyboard by typing CTRL-C to Copy, CTRL-V to Paste.

  1. Rename the copy of CMD.EXE to LOGON.SCR.

NOTE: See step #5.

  1. Shutdown and restart your computer. Boot into the original install.

  2. Wait for the logon screen saver to initiate - around 15 minutes. Oh, and no, do NOT move your mouse while you wait, duh...

After the screensaver is initiated, instead of running the normal LOGON.SRC actual screensaver, it will run the renamed CMD.EXE file (which is now called LOGON.SCR), and will actually open a CMD prompt in the context of the local system account.

In step #7 you could have used EXPLORER.EXE instead of CMD.EXE, and in that case a My Computer window will pop up.

Note: As noted earlier on this page, there is a way to make the wait time shorter, but you'll need to dig into the Registry for that.

  1. Open the CMD.EXE prompt (it should already be opened if you've used CMD.EXE in step #7) and type:

net user administrator 123456

This will reset the local administrator (or domain admin if you are doing this trick on a DC) password to 123456.

NOTE: You can, of course, use ANY password you want...

  1. Delete the LOGON.SCR from %systemroot%\System32.

  2. Rename the saved default screen saver from step 5 back to LOGON.SCR.

  3. If you wish to remove the alternate install:

If you've used a different partition to install the alternate install then now you can simply delete or format that partition if you don't need it anymore, plus edit c:\BOOT.INI and remove the alternate installation entries.

This trick has been tested a zillion times. Don't bother to tell me it doesn't work, it does (for Windows NT and some versions of Windows 2000), and that's a fact.