• View
• Edit
• History
• Print

LostPassword

Hide Contents

Reset the Local (Machine) Administrator Password on a Windows NT4 and Windows 2000 Professional

Use the Offline NT Password & Registry Editor disk to reset the MACHINE Administrator password to "no password".

Download Here

How to make the floppy

The unzipped image (bdxxxxxx.bin) is a block-to-block representation of the actual floppy, and the file cannot simply be copied to the floppy. Special tools must be used to write it block by block.

• Unzip the bd zip file to a folder of your choice.
• There should be 3 files: bdxxxxxx.bin (the floppy image) and rawrite2.exe (the image writing program), and install.bat which uses rawrite2 to write the .bin file to floppy.
• Insert a floppy in drive A: NOTE: It will lose all previous data!
• Run (doubleclick) install.bat and follow the on-screen instructions.[7]

If more details are needed please visit http://home.eunet.no/~pnordahl/ntpasswd/

Reset the Local (Machine) Administrator Password on a Windows XP

How to Reset the Built in Administrator's Password in case you have forgotten it

The Built-in Local Administrator account logon option appears only in Safe mode if more than one account is created on the system. The Administrator account is available in Normal mode only if there are no other accounts on the system.

To work around this behavior, reset the password in the Local Users and Groups snap-in in Microsoft Management Console (MMC) as follows:

1. Click Start, and then click Run.
2. In the Open box, type mmc, and then click OK to start MMC.
3. Start the Local Users and Groups snap-in.
4. Under Console Root, expand Local Users and Groups, and then click Users.
5. In the right pane, right-click Administrator, and then click Set Password.
6. Click Proceed in the message box that appears.
7. Type and confirm the new password in the appropriate boxes, and then click OK.[8]

How to Create a XP password reset disk

1. To create the XP password reset disk go to the Start menu, Control Panel, User Accounts.
2. Click your account name.
3. Under Related Tasks located on the left side of the window, click Prevent a forgotten password.
4. In the Forgotten Password Wizard, follow the instructions as they appear on the screen.
5. When the wizard starts, click Next.
6. Select the drive that contains the media you want to create the information on (you can use a diskette or a Zip disk), and click Next.
7. Type your current password, and click Next.
8. Click Finish.

The password reset disk contains only one file called userkey.psw, which is an encrypted version of your password. If you change your password, you must repeat this procedure.

Use a limited account

If you logged on to the computer by using a limited account, follow these steps to create a password reset disk for your user account:

1. Click Start, and then click Control Panel.
2. Under Pick a category, click User Accounts.
3. Under Related Tasks, click Prevent a forgotten password to start the Forgotten Password Wizard.
4. Click Next.
5. Insert a blank, formatted disk into drive A, and then click Next.
6. In the Current user account password box, type your password, and then click Next. The Forgotten Password Wizard creates the disk.
7. When the Progress bar reaches 100% complete, click Next, and then click Finish.
8. Remove and then label the password reset disk. Store the disk in a safe place.

Note If your user account does not have a password, do not type a password in the Current user account password box.

How to use the XP password reset disk

1. At the Welcome screen, click your user name (with administrator rights), and then type your password. If you have forgotten your password, the Did you forget your password message is displayed.
2. Click use your password reset disk to start the Password Reset Wizard.
3. Follow the instructions in the Password Reset Wizard to create a new password.
4. Log on with the new password, and then store your password reset disk in a safe place in case you need it to reset your password in the future. You do not need to make a new password reset disk.

Windows XP Professional in a domain

1. Restart the computer. 2. In the Welcome to Windows dialog box, press CTRL+ALT+DELETE. 3. In the Log On to Windows dialog box, click OK. 4. In the Logon Failed dialog box, click Reset, and then click Next. 5. Insert the password reset disk into drive A, and then click Next. 6. Type a new password in the Type a new password box, and then type the password again in the Type the password again to confirm box. 7. In the Type a new password hint box, type a hint for the password, and then click Next. 8. Click Finish, and then try to log on to Windows XP again.[5]

Reset the Local (Machine) Administrator Password on a Windows Vista

How to create a Vista password reset disk

If you forget your user account password, you can use a password reset disk to create a new password. Create a password reset disk so that you are prepared if you forget your password. By using a password reset disk, you can avoid losing access to the files and to the information on your computer.

NOTE: The Local or Machine Administrator password is the same for either Recovery Console or Directory Service Restore Mode''' You cannot use a password reset disk to reset the password for another computer.

Warning A third-party can access your computer by using a password reset disk. Therefore, it is important to store the disk in a safe location.

To create a password reset disk, you must have writable removable media, such as a floppy disk or a USB flash drive.

To create a password reset disk, follow these steps:

1. Click Start Start button , type Control Userpasswords in the Start Search box, and then click Control Userpasswords in the Programs list.
2. In the Tasks list, click Create a Password Reset Disk.
3. Put the writable removable media in the applicable media drive, and then click Next on the Forgotten Password Wizard page.
4. On the Create a Password Reset Disk page, specify the drive in which to create the password reset disk, and then click Next.
5. In the Current user account password box, type the password for the user account, and then click Next. If the user account does not have a password, leave the Current user account password box blank.
6. When progress reaches 100 percent on the Creating Password Reset Disk page, click Next, and then click Finish.
7. Remove the password reset disk from the media drive, label the media "Password Reset," and then store the media in a safe location.

To use the password reset disk and the Password Reset Wizard to log on to the computer, follow these steps:

1. In the Windows Vista logon window, click Reset Password.
2. Put the Password Reset media in the applicable media drive, and then click Next in the Reset Password Wizard.
3. In the The password key disk is in the following drive list, click the drive in which the password reset disk is located, and then click Next.
4. In the Type a new password box, type the new password that you want to use for the user account.
5. In the Type the password again to confirm box, type the password again.
6. In the Type a new password hint box, type a hint that will remind you of the password if you forget it.
7. Click Next, and then click Finish.
8. Use the new password to log on to Windows Vista.[3]

The Above Applies to:

• Windows Vista Business
• Windows Vista Enterprise
• Windows Vista Home Basic
• Windows Vista Home Premium
• Windows Vista Ultimate

Reset the Local (Machine) Administrator Password on a Windows 2000

Use the Offline NT Password & Registry Editor disk to reset the MACHINE Administrator password to "no password".

Download Here

How to make the floppy

The unzipped image (bdxxxxxx.bin) is a block-to-block representation of the actual floppy, and the file cannot simply be copied to the floppy. Special tools must be used to write it block by block.

• Unzip the bd zip file to a folder of your choice.
• There should be 3 files: bdxxxxxx.bin (the floppy image) and rawrite2.exe (the image writing program), and install.bat which uses rawrite2 to write the .bin file to floppy.
• Insert a floppy in drive A: NOTE: It will lose all previous data!
• Run (doubleclick) install.bat and follow the on-screen instructions.[7]

If more details are needed please visit http://home.eunet.no/~pnordahl/ntpasswd/

Reset Domain Administration Password in Windows 2000 Domain Controller (W2K DC)

NOTE: The Local or Machine Administrator password is the same for either Recovery Console or Directory Service Restore Mode

Method 1

If Windows 2000 Service Pack 2 or later is installed on your computer, you can use the Setpwd.exe utility to change the SAM-based Administrator password. To do this:

1. Log on to the computer as the administrator or a user who is a member of the Administrators group.
2. At a command prompt, change to the %SystemRoot%\System32 folder.
3. To change the local SAM-based Administrator password, type setpwd, and then press ENTER. Note: (To change the SAM-based Administrator password on a remote domain controller, type the following command at a command prompt, and then press ENTER) setpwd /s:servernamewhere servername is the name of the remote domain controller.
4. When you are prompted to type the password for the Directory Service Restore Mode Administrator account, type the new password that you want to use.

Method 2

1. Log on to the computer as the administrator or a user who is a member of the Administrators group.
2. Shut down the domain controller on which you want to change the password.
3. Restart the computer. When the selection menu screen is displayed during restart, press F8 to view advanced startup options.
4. Click the Directory Service Restore Mode option.
5. After you log on, use one of the following methods to change the local Administrator password:

• At a command prompt, type the following command:
  

      net user administrator *

• Use the Local User and Groups snap-in (Lusrmgr.msc) to change the Administrator password.

6. Shut down and restart the computer. 7. You can now use the Administrator account to log on to Recovery Console or Directory Services Restore Mode using the new password.

NOTE: If you make a mistake, repeat these steps to run setpwd again. For additional information about the Setpwd.exe utility, click the article number below to view the article in the Microsoft Knowledge Base: 271641 The Configure Your Server Wizard Sets Blank Recovery Password

For additional information about how to secure the local SAM, click the article number below to view the article in the Microsoft Knowledge Base: 223301 - Protection of the Administrator Account in the Offline SAM

Method 3

"Directory Service Recovery Mode" uses MACHINE level account. The following method can be used to reset the DC administrators password:

1. Use the Offline NT Password & Registry Editor disk to reset the MACHINE Administrator password to "no password".
2. Reboot and tap F8, to enter "Directory Service Recovery Mode". The machine will boot up as a standalone server without any Active Directory support.
3. When the login screen appears, select CTRL-ALT-DEL and log in as local "Administrator".
4. Run "REGEDIT.EXE" (without the quotes).
5. Navigate to:

      HKEY_USERS\.Default\Control Panel\Desktop 

6. Write down or print screen the default values BEFORE changing them or backup the values to a .REG file by selecting the DESKTOP key and then selecting EXPORT from the FILE menu.
7. Change the following values:

      SCRNSAVE.EXE - change from logon.scr to cmd.exe
      ScreenSaveTimeout - change from 900 to 15 
      ScreenSaveActive - change to 1 (if it wasn't 1 already)

8. Reboot normally. When the box appears asking you to select CTRL-ALT-DEL to log in, just wait. After 15-30 seconds you will see a command prompt appear (since that is the screensaver).
9. In the command prompt, type the following command located in the SYSTEM32 subfolder of your WINDOWS or WINNT folder:

      MMC DSA.MSC

NOTE: The Local or Machine Administrator password is the same for either Recovery Console or Directory Service Restore Mode''' DSA.MSC is actually the executable name for Active Directory Users and Computers, which in turn is the main tool for managing users, groups and computers in Windows 2000 Active Directory.

10. This should bring up the management console where you can edit users' passwords, including the password for the Administrator account.
11. After resetting the Administrator password, exit the management console and type the command EXIT in the command prompt window.
12. Select CTRL-ALT-DEL and log into the DOMAIN Administrator account using the new password.
13. Undo the changes you made to the registry. [4]

Method 4

SUMMARY

Each Windows-based computer maintains a machine account password history containing the current and previous passwords used for the account. When two computers attempt to authenticate with each other and a change to the current password is not yet received, Windows then relies on the previous password. If the sequence of password changes exceeds two changes, the computers involved may be unable to communicate, and you may receive error messages (for example, "Access Denied" error messages when Active Directory replication occurs).

This behavior is also applicable to replication between domain controllers of the same domain. If the domain controllers that are not replicating reside in two different domains, you should inspect the trust relationship more closely.

You cannot change the machine account password using the Active Directory Users and Computers snap-in, but you can reset the password using the Netdom.exe tool included in the Windows Support Tools.

The Netdom tool resets the account password on the computer locally (known as a "local secret") and writes this change to the computer's computer account object on a Windows domain controller that resides in the same domain. Simultaneously writing the new password to both places ensures that at least the two computers involved in the operation are synchronized, and starts Active Directory replication so that other domain controllers receive the change.

The following procedure describes how to use the netdom command to reset a machine account password. This procedure is most commonly used on domain controllers, but also applies to any Windows machine account.

Because you cannot use Netdom remotely, you must run the tool from the Windows-based computer whose password you want to change. In addition, you must have administrative permissions locally and on the computer account's object in Active Directory to run Netdom.

How to Do It

Using Netdom to Reset a Machine Account Password 1. Install the Windows Support Tools from the Support\Tools folder on the Windows CD-ROM on the domain controller whose password you want to reset. 2. If you are attempting to reset the password for a Windows domain controller, it is necessary to stop the Kerberos Key Distribution Center service and set its Startup type to Manual prior to continuing with step 3.

Note:' After you restart and verify that the password has been successfully reset, you can restart the Kerberos Key Distribution Center service and set its Startup type back to Automatic. Doing this forces the domain controller with the bad computer account password to contact another domain controller for a Kerberos ticket. 3. At a command prompt, type the following command: netdom resetpwd /server:Replication_Partner_Server_Name /userd:domainname\administrator_id /passwordd:* where Replication_Partner_Server_Name is the fully qualified DNS or NetBIOS name of a domain controller in the same domain as the local computer, and domainname\administrator_id is the NetBIOS domain name and administrator ID respectively, in the Security Accounts Manager (SAM) account name credentials format.

The "*" value to the /PasswordD: parameter specifies that the password should be typed using hidden characters when the command is submitted. For example, the local computer (which happens to be a domain controller) is Server1 and the peer Windows domain controller name is Server2. If you run Netdom on Server1 with the following parameters, the password is changed locally and is simultaneously written on Server2, and replication propagates the change to other domain controllers: netdom resetpwd /server:server2 /userd:mydomain\administrator /passwordd:* 4. Restart the server whose password was changed (in this example, Server1).

APPLIES TO

• Microsoft Windows 2000 Server
• Microsoft Windows 2000 Advanced Server
• Microsoft Windows 2000 Professional Edition
• Microsoft Windows 2000 Datacenter Server [6]

Reset the Local (Machine) Administrator Password on a Windows 2003 DC (W2K3 DC)

Method 1

NOTE: The Local or Machine Administrator password is the same for either Recovery Console or Directory Service Restore Mode

To change the Directory Service Restore Mode Administrator password use the following method:

1. Click, Start, click Run, type ntdsutiland then click OK.
2. At the Ntdsutil command prompt, type set dsrm password
3. At the DSRM command prompt, type one of the following lines:
   • To reset the password on the server on which you are working, type reset password on server null
     • The null variable assumes that the DSRM password is being reset on the local computer. Type the new password when you are prompted. Note that no characters appear while you type the password. or
     • To reset the password for another server, type reset password on server <servername> where <servername> is the DNS name for the server on which you are resetting the DSRM password. Type the new password when you are prompted. Note that no characters appear while you type the password.
4. At the DSRM command prompt, type q
5. At the Ntdsutil command prompt, type q to exit.

You can now use the Administrator account to log on to Recovery Console or Directory Services Restore Mode using the new password.

NOTE: This section describes how to reset the Directory Services Restore Mode (DSRM) administrator password for any server in your domain without restarting the server in DSRM. Microsoft Windows 2000 uses the Setpwd utility to reset the DSRM password. In Microsoft Windows Server 2003, that functionality has been integrated into the NTDSUTIL tool. Note that you cannot use the procedure that is described in this article if the target server is running in DSRM. A member of the Domain Administrators group sets the DSRM administrator password during the promotion process for the domain controller. You can use Ntdsutil.exe to reset this password for the server on which you are working, or for another domain controller in the domain.

Method 2

SUMMARY

This step-by-step article describes how to use Netdom.exe to reset machine account passwords of a Windows Server 2003 domain controller.

Each Windows-based computer maintains a machine account password history that contains the current and previous passwords that are used for the account. When two computers try to authenticate with each other and a change to the current password is not yet received, Windows relies on the previous password. If the sequence of password changes exceeds two changes, the computers involved may not be able to communicate, and you may receive error messages. For example, you may receive "Access Denied" error messages when Active Directory replication occurs.

This behavior also applies to replication between domain controllers of the same domain. If the domain controllers that are not replicating reside in two different domains, look at the trust relationship more closely.

You cannot change the machine account password by using the Active Directory Users and Computers snap-in, but you can reset the password by using the Netdom.exe tool. The Netdom.exe tool is included in the Windows Support Tools.

The Netdom.exe tool resets the account password on the computer locally (known as a "local secret") and writes this change to the computer's computer account object on a Windows domain controller that resides in the same domain. Simultaneously writing the new password to both places ensures that at least the two computers involved in the operation are synchronized, and starts Active Directory replication so that other domain controllers receive the change.

How to do it

The following procedure describes how to use the netdom command to reset a machine account password. This procedure is most frequently used on domain controllers, but also applies to any Windows machine account.

You must run the tool locally, from the Windows-based computer whose password you want to change. Additionally, you must have administrative permissions locally and on the computer account's object in Active Directory to run Netdom.exe.

Back to the top Use Netdom.exe to Reset a Machine Account Password 1. Install the Windows Server 2003 Support Tools on the domain controller whose password you want to reset. These tools are located in the Support\Tools folder on the Windows Server 2003 CD-ROM. To install these tools, right-click the Suptools.msi file in the Support\Tools folder, and then 2. If you want to reset the password for a Windows domain controller, you must stop the Kerberos Key Distribution Center service and set its startup type to Manual.

Notes After you restart and verify that the password has been successfully reset, you can restart the Kerberos Key Distribution Center (KDC) service and set its startup type back to Automatic. This forces the domain controller that has the incorrect computer account password to contact another domain controller for a Kerberos ticket.

• You may have to disable the Kerberos Key Distribution Center service on all domain controllers except one. If you can, do not disable the domain controller that has the global catalog, unless it is experiencing problems.

3. Remove the Kerberos ticket cache on the domain controller where you receive the errors. You can do this by restarting the computer or by using the KLIST, Kerbtest, or KerbTray tools. 4. At a command prompt, type the following command: netdom resetpwd /s:server /ud:domain\User /pd:* A description of this command is:

• /s:server is the name of the domain controller to use for setting the machine account password. This is the server where the KDC is running.
• /ud:domain\User is the user account that makes the connection with the domain you specified in the /s parameter. This must be in domain\User format. If this parameter is omitted, the current user account is used.
• /pd:* specifies the password of the user account that is specified in the /ud parameter. Use an asterisk (*) to be prompted for the password. For example, the local domain controller computer is Server1 and the peer Windows domain controller is Server2. If you run Netdom.exe on Server1 with the following parameters, the password is changed locally and is simultaneously written on Server2, and replication propagates the change to other domain controllers: netdom resetpwd /s:server2 /ud:mydomain\administrator /pd:*

5. Restart the server whose password was changed. In this example, this is Server1.

APPLIES TO

• Microsoft Windows Server 2003, Standard Edition (32-bit x86)
• Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
• Microsoft Windows Server 2003, Enterprise x64 Edition
• Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
• Microsoft Windows Server 2003, 64-Bit Datacenter Edition
• Microsoft Windows Small Business Server 2003 Premium Edition
• Microsoft Windows Small Business Server 2003 Standard Edition

Reset Domain Administration Password in Windows 2003 Domain Controller (W2K3 DC)

NOTE: The Local or Machine Administrator password is the same for either Recovery Console or Directory Service Restore Mode

Requirements

1. The Local Administrator password is needed prior to using this trick.
2. Physical access to the machine
3. Two tools provided by Microsoft in their Resource Kit: SRVANY.EXE and INSTSRV.EXE downloaded from here

Once the above requirements have been met, do the following:

• Reboot, select F8, and enter "Directory Service Recovery Mode". The machine will boot up as a standalone server without any Active Directory support.
• When the login screen appears, hit CTRL-ALT-DEL and log in as "Administrator" with no password. This is the MACHINE Administrator account, and does not have the ability to modify anything specific involving the Active Directory information, although it can backup and restore the physical files which contain the AD databases.

Run "regedit". Navigate to HKEY_USERS\.Default\Control Panel\Desktop and change the following values:

Value	Original	Change to
SCRNSAVE.EXE	logon.scr	cmd.exe
ScreenSaveTimeout	900	15
ScreenSaveActive	May be 0 or 1	1

• Reboot normally. When the box appears asking you to hit CTRL-ALT-DEL to log in, just wait. After 15-30 seconds you will see a command prompt appear (since that is the screensaver.)
• Once you get the command prompt you can type this one command to reset the password:

      C:\WINNT\system32> NET USER ADMINISTRATOR newpassword

Once you enter this command, you should be able to exit from the command prompt, hit CTRL-ALT-DELETE, and log into the domain Administrator account using the new password. Again, without a Windows server I have no way to verify that this does or does not work, so I would appreciate any feedback from people who have tried this and can tell me that it does or does not work with their particular version of Windows.

• In the command prompt, type the following command:

      C:\WINNT\system32> MMC DSA.MSC

This should bring up the management console where you can edit users' passwords, including the password for the Administrator account. If you type this command and it doesn't work, wait 30 seconds and try it again. This happened to me, it sounded like it was still in the process of loading drivers into memory in the background...

If this doesn't work after waiting the 30 seconds... realize that THIS IS A COMMAND PROMPT WITH FULL DOMAIN ADMINISTRATOR RIGHTS, and you're running a command ("MMC.EXE") with another filename ("DSA.MSC") as an argument. If it "just plain doesn't work", maybe you need to locate these two files and type them in as full path names. Maybe something like "C:\WINNT\SYSTEM32\MMC.EXE C:\WINNT\SYSTEM32\DSA.MSC".

Type the word EXPLORER and hit ENTER, to get a full deskop with Administrator rights. From there, they should be able to find the right program on the start menu- usually Start, Programs, Administrative Tools, Active Directory Users and Computers. Thanks, Joe!

• After resetting the Administrator password, exit the management console and type the command EXIT in the command prompt window.
• Hit CTRL-ALT-DEL and log into the DOMAIN Administrator account using the new password.
• Don't forget to undo the changes you made to the registry, or you will always have a command prompt with Domain Administrator rights appear whenever somebody logs out.[1]

Password Recovery Tools

1. Windows Password recovery - Can retrieve forgotten admin and users' passwords in minutes. Safest possible option, does not write anything to hard drive.
2. Petter Nordahl-Hagen's Offline NT Password & Registry Editor - A great boot CD/Floppy that can reset the local administrator's password.
3. Openwall's John the Ripper - Good boot floppy with cracking capabilities.
4. EBCD – Emergency Boot CD - Bootable CD, intended for system recovery in the case of software or hardware faults.[2]
5. Petter's disk - Reset any NTFS Administrator password to "no password" which gives access to the machines administrator's account without a password

References

1. ^ jms1.net - Retrieved on 21 August 2007
2. ^ Petri IT Knowledge Base - How can I gain access to a Windows NT/2000/XP/2003 computer if I forgot the administrator's password? - Retrieved on 21 August 2007
3. ^ MS Knowledge Base# 930381 - Retrieved on 23 July 2007
4. ^ MS Knowledge Base# 322672 - Retrieved on 23 July 2007
5. ^ MS Knowledge Base# 321305 - Retrieved on 23 July 2007
6. ^ MS Knowledge Base# 260575 - Retrieved on 23 July 2007
7. ^ Site dedicated to boot image for NT4 password editing - Retrieved on 24 July 2007
8. ^ MS Knowledge Base# 298252 - Retrieved on 24 July 2007

Additional Reading

Knowledge Base# 322672 - How To Reset the Directory Services Restore Mode Administrator Account Password in Windows Server 2003
Knowledge Base# 940765 - How to use System Restore to log on to Windows Vista when you lose access to an account

---

All text is available under the terms of the GNU Free Documentation License
Privacy Policy | About Wikitec | Disclaimer | Copyright