How to Recover a lost Password?

Created 2003-03-03 by Rainer Gerhards.

The may be a number of legitimate reasons why you need to recover the Administrator password. In all cases, you need to have access to the local machine to do so. Also, this FAQ entry only applies to passwords on a workstation or member server. It does not apply to Windows 2000 (and above) domain controllers!

The Administrator password is stored in the so-called SAM (the security accounts database). While Windows is running, you do not have access to the file that contains the SAM - except, of course, you take it from a backup or the recovery directory. However, you can obtain it in all cases by shutting down Windows and booting another OS (DOS, Linux) with an NTFS driver.

A free, comprehensive tool is available at It includes everthing you need, including the boot floppy. A commercial product is the LookSmith tool (now part of ERD Comm.ander 2003) from allows you to re-set the password.

For more descriptions and tools, you may want to visit or

This weakness of the SAM is also one of the primary reasons that you want to limit physical access to a machine as well as access to all backup copies! A malicious user could use it to obtain or reset the passwords! 


Back to Non-Printer Version