Documente Academic
Documente Profesional
Documente Cultură
For free 3rd party tools read Forgot the Administrator's Password?.
Update: You can also discuss these topics on the dedicated Petri.co.il Forgot Admin
Password Forum.
This tip will NOT work for Windows Server 2003. This is because of changes in the service
account with which the process runs. In Windows 2000 it was run in the Local SYSTEM
account (LSA) privileges, while in Windows Server 2003 it is run with the LOCAL SERVICE
account, thus resulting in far less privileges than it used to have in W2K and NT 4.0. The
reason 2 new account have been introduced in 2003 is that SYSTEM Account has way too
many power over the system and the system could be compromised by exploiting almost
any system service. The Microsoft's solution was to introduce 2 less powerful accounts
(LOCAL SERVICE and NETWORK SERVICE) and make some services run in the context
of those accounts instead of LSA.
To successfully reset the Domain Admin password on Windows Server 2003 Active
Directory please read the Forgot the Administrator's Password? - Reset Domain Admin
Password in Windows Server 2003 AD page.
To successfully reset the Domain Admin password on Windows 2000 Active Directory
please read the Forgot the Administrator's Password? - Reset Domain Admin Password in
Windows 2000 AD page.
Thanks,
Mike
That's correct, and it will work for you unless you converted the disk to a dynamic disk, on
the original OS. In that case you will no longer be able to boot the old OS, even if you do
manage to access the files from the other computer.
Please purchase PDFcamp Printer on http://www.verypdf.com/ to remove this watermark.
Lamer note: If you don't do that you'll end up booting into the
alternate installation next time you turn on your computer. You
don't want that, do you?
Lamer note: In order to copy a file via GUI, select the file, right-
click and chose Copy, then go to the destination folder, right click
the folder name and select Paste. You can also use the keyboard
by typing CTRL-C to Copy, CTRL-V to Paste.
9. Shutdown and restart your computer. Boot into the original install.
10. Wait for the logon screen saver to initiate - around 15 minutes. Oh, and
no, do NOT move your mouse while you wait, duh...
11. Open the CMD.EXE prompt (it should already be opened if you've used
CMD.EXE in step #7) and type:
This will reset the local administrator (or domain admin if you are
doing this trick on a DC) password to 123456.
Lamer note: You can, of course, use ANY password you want...
This trick has been tested a zillion times. Don't bother to tell me it doesn't work,
it does (for Windows NT and some versions of Windows 2000), and that's a fact.
Related articles
How can you get out of this situation without formatting and re-installing the
operating system?
One method of gaining access to the system is by trying hard to remember the forgotten
password, or a password of another user which has the same level of administrative rights.
However I don't think this approach will help you, otherwise you wouldn't be sitting here
reading article, would you?)
A third method might be to install a parallel operating system on a different partition on the
same computer, then use a simple trick to gain access to the old system. Read more about it
on my Forgot the Administrator's Password? - Alternate Logon Trick article.
Note: If you are looking for password cracking tools that can be used for
miscellaneous objectives such as password-protected PDF documents, zipped
archives, Office documents, BIOS protection and so on then this pages is NOT
for you. See some links at the bottom of this page for hints on where to find
such tools, but I can tell you right away that Google might be a better choice for
you.
The fourth option is by using 3rd party tools that will enable you to reset the lost password
and logon with a blank password.
Update: You can also discuss these topics on the dedicated Petri.co.il Forgot Admin
Password Forum.
There are some translations made of this article. Here are the ones I am aware of (do tell me
if you know of another, or if you want to create one in your language):
Free Tools
read more about EFS on my What's EFS? page. Out of the following list, the only tool that
will no cause any harm to EFS-encrypted files on your hard disk is the Windows Password
recovery system.
Here are 5 of these free tools:
1. Windows Password recovery - Can retrieve forgotten admin and users' passwords in
minutes. Safest possible option, does not write anything to hard drive.
2. Petter Nordahl-Hagen's Offline NT Password & Registry Editor - A great
boot CD/Floppy that can reset the local administrator's password.
3. Openwall's John the Ripper - Good boot floppy with cracking capabilities.
4. EBCD – Emergency Boot CD - Bootable CD, intended for system recovery
in the case of software or hardware faults.
5. Austrumi - Bootable CD for recovering passwords and other cool tools.
If you happen to know about other free tools please let me know .
Note: These password resetting tools are usually good for local users on a stand alone
computer. For Domain Admin password resetting procedures please see the Related
Articles section at the bottom of this page.
Note: I'd like to put together all the info you have about these issues. If you
have any tips, recommended links or any ideas about how to figure out a lost
password - please e-mail me and I'll get back to you .
• This is a utility to (re)set the password of any user that has a valid (local)
account on your Windows NT/2000/XP/2003 system, by modifying the
encrypted password in the registry's SAM file.
• You do not need to know the old password to set a new one.
• It works offline, that is, you have to shutdown your computer and boot
off a floppy disk or CD. The boot-disk includes stuff to access NTFS
partitions and scripts to glue the whole thing together.
• Works with syskey (no need to turn it off, but you can if you have lost
the key)
• Will detect and offer to unlock locked or disabled out user accounts!
Caution: If used on users that have EFS encrypted files, and the system is XP or
later service packs on W2K, all encrypted files for that user will be
UNREADABLE! and cannot be recovered unless you remember the old password
again!
Download links:
To write these images to a floppy disk you'll need RawWrite2 which is included in
the Bootdisk image download. To create the CD you just need to use your
favorite CD burning program and burn the .ISO file to CD.
Support and Problems? Don't call me! Talk to the creator of this great tool. He
also has a good FAQ set up covering most of the day-to-day questions. Read it
right HERE
Author claims that this tool was successfully tested on NT 3.51, NT 4, Windows 2000
(except datacenter), Windows XP (all versions) and Window Server 2003. Notice that it is
NOT compatible with Active Directory.
Need to change Windows NT/2000 Domain Admin password? This tool,
however useful, will only reset the local administrator's password (e.g. the one
found in the local computer's SAM). To reset a password of a domain
administrator (or any other user for that matter) you must perform the routine
that is described in the following page: Forgot the Administrator's Password? -
Reset Domain Admin Password in Windows 2000 AD.
Note: The above trick will probably not work under Windows Server 2003 due to service
account security changes. To work around these limitations please read the Forgot the
Administrator's Password? - Reset Domain Admin Password in Windows Server 2003 AD
page.
Please purchase PDFcamp Printer on http://www.verypdf.com/ to remove this watermark.
Also the disk includes full set of external DOS commands, console versions of
the most popular archivers/compressors.
Moreover, emergency boot CD includes minimal Linux distribution (Rescue Linux
distribution) which may be very useful to a professional user.
Please purchase PDFcamp Printer on http://www.verypdf.com/ to remove this watermark.
Austrumi is a Linux bootable ISO image for recovering NT passwords and other cool tools
and methods, sized for Business Card size CD media (50Mb). It allows you to change any
password, including that of the Administrator, on a partition occupied by Windows NT,
Windows 2000 or Windows XP. Simply boot the CD and when you get to the initial boot
prompt, type:
boot: nt_pass
This will launch a console utility that will detect Windows partitions on the hard disk and
provide you with a menu to modify any user or Administrator passwords on the Windows
system. It will even give access to the Windows registry for recovery purposes. Quite a
handy utility to keep in your wallet (AUSTRUMI is small enough to fit on a business card-size
CD) if you are unfortunate enough to having to deal with Windows machines in your line of
work.
Read more at http://sourceforge.net/projects/austrumi
Download links:
Austrumi v0.9.2 (ISO file, 50.9mb)
Related articles
New:
• You can also discuss these topics on the dedicated Petri.co.il Forgot Admin
Password Forum.
Links
Changing the Administrator password if you have forgotten it (Windows NT 4.0
only)
Lost your Administrator password and need the ultimate hack? (Windows NT 4.0
only)
Recover Lost Windows NT Administrator Password
Password Recovery Resources
Available Tools
Active Directory Replication Monitor: This utility graphically displays the
replication topology of connections between servers on the same site.
Active Directory Schema Manager: The Schema Manager is a Microsoft
Management Console (MMC) snap-in that allows you to view, modify, and
extend the Active Directory schema.
Adsizer: Active Directory Sizer - Estimates the hardware required for deploying
Active Directory in an organization.
ADSI Edit: ADSI Edit is a Microsoft Management Console (MMC) snap-in that
acts as a low-level editor for the Active Directory.
Add Users: This 32-bit administrative tool for Windows 2000 uses a comma-
delimited file to create, write, and delete user accounts.
Add Users to a Group: The UsrToGrp tool adds users to a local or global group
according to information in a user-specified input text file.
AuditPol: AuditPol is a command-line tool that enables the user to modify the
audit policy of the local computer or of any remote computer.
AutoExNT Service: AutoExNT Service allows you to start a batch file,
Autoexnt.bat, at boot time without having to log onto the computer on which it
will run.
Apimon: API Monitor - Monitors the API calls made by a process.
Appsec: Application Security Hotfix - Sets user permissions on a file-by-file basis
to lock down accessible applications.
Associate: This command-line tool enables you to register or unregister a file
name extension with the registry.
Batch File Wait: Sleep causes the computer to wait for a specified amount of
time.
Browser Monitor: Browser Monitor is a GUI tool that monitors the status of
browsers on selected domains. Browsers are shown on a per-domain and per-
Please purchase PDFcamp Printer on http://www.verypdf.com/ to remove this watermark.
transport basis.
Browser Status: BrowStat is a general purpose, character-based browser
diagnostic tool. Use BrowStat to find out whether a browser is running and to
find active Microsoft Windows for Workgroups (WFW) browsers in Windows 2000
and Windows NT domains.
ChgPrint: Change Printer Utility - This tool assists network-administrators in
managing printer shares. mains.
Clipstor: This GUI tool manages multiple Clipboard text buffers. It allows you to
retrieve text from the Clipboard and store it in one of its buffers, and paste any
of its buffers to the Clipboard, with your mouse.
Clusrest: Cluster Quorum Restore Utility - Restores the quorum disk of a cluster,
which is not done by a restore process using NtBackup.
CompReg: A Win32 character-based/command-line "Registry DIFF" that enables
you to compare any two local or remote registry keys in Windows 2000,
Windows NT, and Windows 95/98.
Ctrlist: Counter List - Lists all objects and counters installed in the system for
the given language ID.
Cluster Verification Utility - Verifies that two-node cluster systems are set up
properly.
CustCon: Console Key Customizer - Custcon.exe is a Windows 2000 GUI tool
that is used to customize the extended line editing keys when using Cmd.exe
(Ntconsole). To enable new key settings, click the "Use Extended Edit Keys"
checkbox.
Defptr: Default Printer - Using this tool you can easily change your default
printer, switching between available network or local printers.
Delprof: User Profile Deletion Utility - This tool deletes user profiles on
computers running Windows 2000.
Delrp: Delete File and Reparse Points - Deletes a file or directory and any
associated NTFS reparse points.
Delsrv - Unregisters a service with the service control manager.
Dependency Walker: Dependency Walker is a graphical Win32 development tool
that scans any Win32 module (.exe, .dll, .ocx, .cpl, .scr, and .sys, among
others) and builds a hierarchical tree diagram of all dependent modules.
Dflayout: Compound File Layout User Tool - This layout tool for document files
enables you to optimize compound files for improved performance over low-
bandwidth networks, such as the Internet.
DH: Display Heap - Displays information about heap usage in a user-mode
process or pool usage in kernel-mode memory.
DHCPCMD: DHCP Administrator's Tool - This command-line tool provides an
auxiliary method of administering Dynamic Host Configuration Protocol (DHCP)
servers.
Dhcpexim: DHCP Database Export Import Tool - Exports a DHCP database and
server configuration from a server running Windows NT 4.0 Server or Windows
2000 Server for import into a destination DHCP server running Windows 2000.
DHCPLOC: DHCP Server Locator Utility - DHCP Server Locator Utility displays the
DHCP servers active on the subnet. If it detects any unauthorized DHCP servers,
it beeps and sends out alert messages.
DHCPOBJS: DHCP Objects - DHCP Objects allows you to automate DHCP Server
configuration. It also provides enhanced capabilites over the Dhcpcmd tool, such
as the ability to remove a DHCP lease.
Diruse: Directory Disk Usage - Displays information about a disk and the
contents of its partition table.
Please purchase PDFcamp Printer on http://www.verypdf.com/ to remove this watermark.
FlopLock: Lock Floppy Disk Drives - FloppyLock is a service that controls access
to the floppy drives of a computer.
ForFiles: This command-line tool can be used in a batch file to select files in a
folder or tree for batch processing.
FreeDisk: This command-line tool checks a disk drive for free space, returning a
0 if the specified amount of free space is available and a 1 if it is not.
FtEdit: FT Registry Information Editor - FTEdit is a GUI tool that allows you to
create, edit, and delete fault tolerance sets for disk drives and partitions of local
and remote computers.
GetFlags: Global Flags Editor - GFlags is a GUI tool that enables a developer or
system administrator to edit the NtGlobalFlag settings for Windows 2000.
Getmac: GetMAC - Gets a computer's MAC (Ethernet) layer address and binding
order.
Getsid: Get Security ID - Compares the security IDs of two user accounts.
GetType: GetType.exe is a command-line tool that allows you to detect what
type of Windows software (workstation, server or domain controller) is installed
on a computer.
Global: This command-line tool displays members of global groups on remote
servers or domains.
GrpCpy: Group Copy - This GUI tool enables users to copy the usernames in an
existing group to another group in the same or another domain or on a
computer running Windows 2000.
Gpotool: Group Policy Verification Tool - Allows administrators to check Group
Policy object integrity and monitor policy replication.
Gpresult: Group Policy Results - Displays information about the result Group
Policy has had on the current computer and logged-on user.
Guid2obj: GUID to Object - Maps a GUID to a distinguished name.
Heapmon: Enables user to view system heap information.
Hlscan: Hard link display tool - Displays hard links on an NTFS volume or in
specified files or directories of the volume.
Ifmember: Checks whether the current user is a member of a specified group.
IIS Migration Wizard: Migrates Web server configuration settings.
Installation Monitor: Tracks changes made by setup programs in the registry,
.INI files, and other child processes.
IntBind: Interrupt Affinity Tool - The Interrupt Affinity Tool is used on
multiprocessor systems to affinitize interrupts of disk or network adapters to one
or more processors.
Inuse: File-In-Use Replace Utility - Performs on-the-fly replacement of files
currently in use by the operating system.
Ipsecpol: Internet Protocol Security Policies Tool - Configures Internet Protocol
Security (IPSec) policies in the Directory Service, or in a local or remote registry.
Kerbtray: Kerberos Tray - Displays ticket information for a given computer
running the Kerberos protocol.
KernProf: Kernel Profiler - This command-line tool provides counters for and
profiles of various functions of the Windows 2000 kernel.
Kill: Task Killing Utility - Use this command-line tool to end one or more tasks or
processes. Use TLIST to find out the PID.
Klist: Kerberos List - Views and deletes the Kerberos tickets granted to the
current logon session.
KSetup: Kerberos Setup - KSetup is a command-line tool for configuring
Windows 2000 Professional to use an MIT-based Kerberos realm instead of a
Windows 2000 domain.
Please purchase PDFcamp Printer on http://www.verypdf.com/ to remove this watermark.
KTPass: Kerberos Keytab Setup - KtPass is a configuration tool for MIT Kerberos
interoperability that allows an Administrator to configure a non-Windows 2000
Kerberos service as a security principal in the Windows 2000 Active Directory.
Leakyapp: This GUI testing tool appropriates system memory to see how other
applications or the system as a whole runs in low-memory situations.
LDP: Active Directory Administration Tool - Ldp is a graphical tool that allows
users to perform Lightweight Directory Access Protocol (LDAP) operations, such
as connect, bind, search, modify, add, and delete, against any LDAP-compatible
directory, such as the Active Directory.
Link Check Wizard: Link Check Wizard scans all of the link (shortcut) files on
your system, and checks to see if the shortcut points to an existing application
or document.
LINKD: This command-line tool links an NTFS directory to a target object.
LIST: Text Display and Search Tool - This simple text display and search tool
lists the contents of a file. Unlike other text display tools, List is a good tool for
looking at large text or log files because it does not read the whole file into
memory when you open it.
LOCAL: This command-line tool displays members of local groups on remote
servers or domains.
LogEvent: Event Logging Utility - This tool enables you to make entries to the
Event Log on either a local or remote computer from the command prompt or a
batch file.
LogOff: The LogOff tool is used to log a user off from the command prompt.
LogTime: This command-line tool logs the start or finish of command-line
programs from a batch file. This can be useful for timing and tracking batch jobs
such as mail-address imports.
MemSnap: Memory Profiling Tool - This memory profiling tool takes a snapshot
of the memory resources being consumed by all running processes and writes
this information to a log file.
MoveTree: Active Directory Object Manager - Movetree.exe is a command line
tool that allows administrators to move Active Directory objects such as
organizational units, users or computers between domains in a single forest.
MUNGE: This command-line tool provides a convenient way to search for and
replace strings in a file or files.
NETAFX: Network Configuration Tool - This tool can be used to configure a
variety of network parameters from the command prompt.
NetCons: Net Connections - This GUI tool monitors and displays current net
connections, taking the place of the Windows command-line command net use.
NetCmd: NetCmd.exe is a command-line tool that opens a command prompt. It
automatically maps a UNC path to a drive letter. You can point to any folder in
Windows Explorer (or any common file dialog) and open up a command prompt
at that location.
Netdiag: Network Connectivity Tester - Helps isolate networking and
connectivity problems.
NetDom: Windows 2000 Domain Manager - This tool enables administrators to
manage Windows 2000 domains and trust relationships from the command line.
Netsvc: Command-line Service Controller - You can use NetSvc to remotely
start, stop, and query the status of services from the command line.
NetWatch - Net Watch shows which users are connected to shared folders. It
also enables you to disconnect users and un-share folders. It can now
simultaneously monitor multiple computers.
NLMon: This command-line tool can be used to list and test many aspects of
Please purchase PDFcamp Printer on http://www.verypdf.com/ to remove this watermark.
trust relationships.
NLTest: This command-line tool helps perform network administrative tasks.
Now: Echoes the current date and time plus any arguments passed to it.
NSS2DOC: This utility helps the Remote Storage product in Windows 2000
Server migrate documents stored in the native structured storage (NSS) format
to tertiary storage (tape).
Ntdetect.com (Installd.cmd) - Installs a debug version of Startup Hardware
Detector used for troubleshooting hardware detection issues.
NTDSUTIL: Directory Services Management Tool - NtdsUtil performs database
maintenance of the Active Directory store, management and control of the
Floating Single Master Operations (FSMO), and cleaning up of metadata left
behind by abandoned domain controllers, those which are removed from the
network without being uninstalled.
NTRights: With this command-line tool, you can grant or revoke any Windows
2000 right to or from a user or group of users.
NTUUCODE: 32-Bit UUDecode and UUEncode Utility - You can use this 32-bit
GUI program to encode or decode files according to the UUEncoding standard.
Oh: Open Handles - Shows the handles of open windows, processes, or objects.
Oleview: OLE/COM Object Viewer - Browses, configures, and tests Microsoft
Component Object Model classes installed on a computer.
PassProp: This command-line tool can be used to set two domain policy flags:
whether passwords have to be complex and whether the administrator account
can be locked out.
Pathman: Path Manager - Adds or removes components of the system or user
path.
PerfMetr: Performance Meter - This command-line tool displays text-based
information on the performance of a computer running Windows 2000.
PermCopy: This command-line tool copies share-level permissions (ACLs) from
one share to another.
Perms: File Access Permissions per User - Displays a user's access permissions
for a file or directory.
Pfmon: Page Fault Monitor - Lists the source and number of page faults
generated by an application's function calls.
PMON: Process Resource Monitor - PMon is a command-line tool that monitors
process resource usage, tracking CPU and memory usage.
Pstat: Process and Thread Status - Shows the status of all running processes
and threads.
PrintMig: Printer Migrator - This printer configuration tool allows you to back up
or migrate any print server on which you have administrative rights.
PTree: Process Tree - Process Tree allows you to query the process inheritance
tree and kill processes on local or remote computers.
PPTP Ping - Point-to-Point Tunneling Protocol Ping Tools - Pptpclnt.exe and
Pptpsrv.exe are tools that work in unison to verify that the required protocol and
port for Point-to-Point Tunneling Protocol (PPTP) is being routed from a PPTP
client to a PPTP server or vice-versa.
Pulist: Lists processes running on local or remote computers.
PViewer: Process Viewer - Process Viewer is a Windows-based tool that displays
information about a running process and allows you to stop (kill) processes and
change process priority.
Qslice: CPU Usage by Processes - Shows the percentage of total CPU usage per
process.
RASList: This command-line tool displays Remote Access Service (RAS) server
Please purchase PDFcamp Printer on http://www.verypdf.com/ to remove this watermark.
SU: SU lets you start a process running as an arbitrary user. It is named after
the SU (Switch Users) utility of the UNIX family of operating systems.
SubInAcl: With this command-line tool, administrators can obtain security
information on files, registry keys, and services, and transfer this information
from user to user, from local or global group to group, and from domain to
domain.
SvcMon: Service Monitoring Tool - This tool monitors services on local and
remote computers for changes in state (starting or stopping).
Sysprep: Use this tool to prepare your system before changing SID using
SIDwalker.
TakeOwn: TakeOwn is a command-line tool that cleans up multiple boot drives
without formatting the drive. Using this tool, you can delete an installation of
Window 2000 from a local computer.
TextViewer: TextViewer provides a graphical interface for quickly viewing text
files on local or shared drives.
Timethis: Times how long it takes to execute a given command.
Tracedmp: Processes a trace log file or real time trace buffers and converts
them to a .csv file.
Traceenable: Enables tracing and displays current tracing options.
Tracelog: Starts, stops or enables trace logging.
Terminal Server Capacity Planning Tools Hotfix - Suite of tools that assist
organizations with Windows 2000 Terminal Services capacity planning.
TimeOut: Timeout is a command-line tool that causes the command processor to
pause execution for the number of seconds specified by the time (#) parameter,
after which it continues without requiring a user keystroke.
TimeThis: TimeThis times how long it takes the system to execute a given
command.
Timezone: Daylight Savings Time Update Utility - This command-line tool
updates the daylight savings information for a time zone in the registry.
TrustDom: Trust Domain Setup - This command-line tool can help manage trust
relationships. Using TrustDom, administrators can view, create, and delete trust
relationships between Windows 2000 and Windows NT domains.
TypePerf: Performnce Data in the Command Window - This command-line tool
displays real-time data from Performance Monitor counters in a command
window.
TZedit: Time Zone Editor - You can use Time Zone Editor to create and edit time
zone entries for the Date/Time option in Control Panel.
UserDump: User Mode Process Dumper - UserDump.exe is a command-line tool
that creates a dump file for user mode debugging. UserDump does not use Dr.
Watson and does not invade the target process as a debugger.
User Input for Batch Files: Choice prompts the user to make a choice in a batch
program by displaying a prompt and pausing for the user to choose from among
a set of keys.
User State Migration Tool - Helps migrate a user's documents and settings
(state) before an operating system migration to Windows 2000.
UsrStat: This command-line tool displays the username, full name, and last
logon date and time for each user in a given domain.
Vadump: Virtual Address Dump - Shows the state and size of each segment of
virtual address space.
Vfi: Visual File Information - Visual File Information retrieves and generates file
information.
W3who.dll: Browser Client Context Tool - ISAPI application DLL that displays the
Please purchase PDFcamp Printer on http://www.verypdf.com/ to remove this watermark.
Related articles
• Download GPMC
• Download IIS 6.0 Resource Kit
• Download IIS 6.0 Reskit Tools
• Download Office 2000 Reskit Tools
• Download Office System 2003 Reskit Tools
• Download Office XP Reskit Tools
• Download RDP 5.2
Please purchase PDFcamp Printer on http://www.verypdf.com/ to remove this watermark.
Links
Windows Deployment and Resource Kits
Free Windows 2000 Resource Kit software tools
Microsoft Resource Kit tools at Dynawell
Download Windows 2000 SP3 Support Tools (10.24mb)
List of available support tools - You can download any one of them as an individual
download if you want.
A Microsoft FTP Site with many of the older Reskit tools - ftp://ftp.microsoft.com/reskit
up
back