More likely than not, you’ve been asked in the past to help fix one of your friend’s or relative’s computers. Most of the time, the problems you’ve been brought in to remedy are basic malware or virus infections that you can address by grabbing the appropriate diagnostic and software removal tools stored in your trusty USB toolkit. But once in a while, you’ll be faced with a novice struck with the most basic and frustrating of problems: forgetting their Windows administrator login password. With no way to get into the system, you can’t even perform basic maintenance, let alone a thorough tune-up. Formatting is always an option, but we consider that a last resort. (Plus, guess who’s going to have to help reinstall all the programs lost after a wipe?) But all hope is not lost. There are a few ways to actually retrieve a lost Windows account password. Read on, and we’ll show you the light.
This guide is split into two sections. If you want to get rid of the old user account password, use Offline NT Password and Registry Editor. If you want to find out what the password is without changing it, then you need to use Ophcrack. There are a lot of Windows password revealers and crackers available, but we’ve found that these two programs are the most effective.
Offline NT Password and Registry Editor is one of the easiest password recovery tools to use. It allows you to reset a user account password, including the Administrator password. It is also a relatively small download.
To download Offline NT Password and Registry Editor, click here. Save the zip archive to your Desktop.
Extract the archive and you will get an ISO file. Burn the ISO to a CD using any CD Burning software, such as, CDBurnerXP or ISOBurn.
After you get the ISO successfully mounted, put the disk in the drive and restart your computer. Make sure you set your BIOS to boot from the CD drive. You can change your boot order by accessing the boot menu with F10 before the OS loads.
The program will begin loading off the disk. You will get a line that states “boot:” press Enter and the process will continue
When the loading process stops again, press the “1” key. This will allow the program to search for all probable NTFS partitions.
When the program asks what the registry directory pathway is, press Enter. This will keep the default \Windows\System32\config directory.
You will now see a list of registry entries. For our purpose, you do not need to worry about anything, just press Enter. This tells the program we want to reset the password and loads the appropriate registry hive.
Now that the hive is loaded, press Enter on your keyboard to edit user data and passwords.
You will now see a list of all the user accounts present on the system. Find the user account you want to change and type the appropriate name. Make sure you enter the username EXACTLY as it appears and hit Enter.
Be careful when the program asks you what task you want to perform. You do not want to set a new password right now. This could cause serious problems when trying to boot a Windows XP, Windows Vista or Windows 7 operating system. Instead, press “1” to clear the password.
The program will give you a Password cleared message, indicating that the password removal was successful.
Now type an exclamation mark to return to the main menu. Press “q” to quit the program. On Step 4, make sure you save the changes; otherwise, the password will be left unchanged. To save the changes, type “y”.
When the program asks if you want to do a new run, press “n” since the password is already removed at this point.
To close the program and return to Windows, press Ctrl-Alt-Del. The computer will restart and the password should have been removed from the account.
Ophcrack the password
Ophcrack is a simple GUI-based utility that runs from a CD. The main reason we are using this utility is that it does not automatically remove the password, but instead shows you the password. Ophcrack uses a highly optimized version of rainbow tables, making it very efficient at discovering passwords. In fact, it can recover over 99% of alphanumeric passwords within minutes.
There are three different versions of Ophcrack. We are going to use the Live CD version of Ophcrack, because we are assuming that you do not have another user account to run the program. It has two different versions of the Live CD, one for Vista/Windows 7 and one for Windows XP.
Click here to download the Windows XP Live CD or click here to download the Windows Vista/Window 7 Live CD. Save the appropriate file to your Desktop and burn it to disc.
Once you get the CD burned, put the disk in your drive and boot from the disk. You may have to change the boot order so you can boot from the CD.
Ophcrack will begin loading and eventually present you with three options, graphic mode, VESA mode and text mode. We are going to use graphic mode since it is the simplest option, so highlight Ophcrack graphic mode and press Enter.
Ophcrack will start displaying a lot of text; don’t worry about what it says.
When Ophcrack starts, it will load the files it needs to run into RAM.
Once it is fully loaded into RAM, it will automatically start looking for passwords.
You will find the password under the LM Pwd 1 or NT Pwd sections on the progress tab. Once the program finds the password, feel free to click Stop. Make sure you write down the password since the program will not change the password. When you are finished, click on the Exit button.
To restart the computer, press any key. When it asks if you want to shutdown, press “y” and the computer will restart and eject the CD. Take out the CD and boot Windows
You should now have the user account password. Sure, reformatting would have fixed the problem, but it is just as simple to recover the user account password. Now you know how to recover that user account password for your friend or significant other in case they have data on their computer they cannot afford to lose. You might want to write down their password for them on a post-it note, so you don’t have to perform this task again!