At Mobile Computer Wizard we use some great boot cd password removal utilities such as Offline Password Changer that, unfortunately, don't always work on certain retail machines. This is because some retailers install the OS over modified versions of NTFS making it impossible for the aforementioned utilities to locate and edit the Microsoft SAM (Security Accounts Manager) database where the account password info resides. The following password removal technique allows you to edit the SAM database via command line by exploiting a security loophole with Windows Accessibility, which was designed to help disabled people to log into Windows. This also bypasses the complication of locating the SAM database from outside of Windows by allowing Windows to find it for you.
The first thing to note is at the login screen, the Windows + U hotkey launches Utilman.exe, which resides in Windows\System32 directory. The trick is to replace this with cmd.exe to give you command line access at the login screen. You can modify these files from a boot cd, such as UBCD or Hiren's, or even the OS install disc's "Repair Your Computer" option (gives you command line access). Alternatively, you can pull the drive and hook it up to another system. If you use the "Repair Your Computer" route you will need to use the following commands for the Utilman.exe and cmd.exe swap:
cd windows\system32
ren utilman.exe utilman.exe.bak
copy cmd.exe utilman.exe
Otherwise, use roughly the same method. Rename utilman.exe, make a copy of cmd.exe and rename it to utilman.exe.
Once the tricky part is done, boot the system up and let it go to the login screen. Windows + U should now launch the command line interface. Reference the following commands for methods of access.
Reset Password
Warning: You will need to adjust/remove permissions to gain access to their files again.
net user JohnDoe hunter2
This will change the password for account JohnDoe to hunter2. If the account name has been changed so that Windows is not displaying the true account name, you can display a list of accounts with the following:
net user
Create a New User Account
This will create a new user account (UN: NewGuy, PW: abc123) and give them admin privileges.
net user NewGuy abc123 /add
net localgroup Administrators NewGuy /add
Revert Changes
cd windows\system32
del utilman.exe
ren utilman.exe.bak utilman.exe
Then reboot system.
net user NewGuy /delete
For removing the new account.
Brett Kline
Mobile Computer Wizard
San Diego Computer Repair
619 255-1215 Office
Interestingly, sticky keys can utilize the same loophole. Replace windows\system32\scutil.exe with a cmd.exe copy and press Shift 5 times at the login screen to launch command line.
ReplyDelete