FAQ  
 

How to Recover a lost Password?

Created 2003-03-03 by Rainer Gerhards.

The may be a number of legitimate reasons why you need to recover the Administrator password. In all cases, you need to have access to the local machine to do so. Also, this FAQ entry only applies to passwords on a workstation or member server. It does not apply to Windows 2000 (and above) domain controllers!

The Administrator password is stored in the so-called SAM (the security accounts database). While Windows is running, you do not have access to the file that contains the SAM - except, of course, you take it from a backup or the recovery directory. However, you can obtain it in all cases by shutting down Windows and booting another OS (DOS, Linux) with an NTFS driver.

A free, comprehensive tool is available at http://home.eunet.no/~pnordahl/ntpasswd/. It includes everthing you need, including the boot floppy. A commercial product is the LookSmith tool (now part of ERD Comm.ander 2003) from www.sysinternals.com allows you to re-set the password.

For more descriptions and tools, you may want to visit http://www.jsiinc.com/SUBD/tip1900/rh1984.htm or http://securityadmin.info/faq.htm#password.

This weakness of the SAM is also one of the primary reasons that you want to limit physical access to a machine as well as access to all backup copies! A malicious user could use it to obtain or reset the passwords! 

WinSyslog
 Home
 Articles
 FAQ
 Windows XP
 Seminars Online
 Forums
 Books
 Links
 Newsletter Archive
 Web Server Check
 Contact Us
 Search
 

 



Printer Version Send this page to a friend

Copyright © 1988-2005 Adiscon GmbH All rights reserved.
Contact us via Secure Web Response | Privacy Policy
Topic Links: syslog