Technology in terms you understand. Sign up for my weekly newsletter, "Confident Computing", for more solutions you can use to make your life easier. Click here.

How Do I Create a Windows 7 Password Reset Disk, and Why Would I Want To?

Since the day that password protection was invented, users (and the people that help them) have been dealing with the “lost password problem.” You know how it goes; you or someone you know can’t log in to their account because they can’t recall their password.

Take it from me, it happens. A lot.

For a long time – at least since Windows XP and probably before – Windows has included the ability to create a password reset disk that you can use in cases where you’ve forgotten your Windows login password.

There are a few prerequisites to using this tool. The most important one is you must create the disk before you actually need it.

Become a Patron of Ask Leo! and go ad-free!

What the password reset disk can and cannot do

Before we get started, let’s be clear about what this thing can do.

  • You must create a password reset disk before you need it.
  • A password reset disk can only reset the password of the account for which it was created.
  • A password reset disk can only reset your password; it cannot reveal or tell you what the password currently is.

So if you think that the password reset disk is some magical skeleton key that’ll let you reset the password to just any account at any time, then you’re wrong. It can, however, reset your password as long as you made the disk before you forgot the password.

If you’ve ever experienced a lost password, or if you use a particularly complex and secure (i.e. hard to remember) password, you may want to create the disk before it’s too late.

Creating the password reset disk

We start in Control Panel. Navigate to User Accounts. There, you’ll find a Create a password reset disk link:

Windows 7 Create Password Disk link

Click that and you may find yourself up against the first obstacle (as I was):

Error Creating Password Reset Disk

You do need to have a floppy disk (who has those any more?) or a USB drive inserted and ready. After you attach a USB drive (an inexpensive thumb-drive dedicated to this account’s recovery information should do), try again and you’ll get the Forgotten Password Wizard:

Windows 7 Forgotten Password Wizard

Click Next and you’ll have the option to select which connected USB drive to use:

Creating A Password Reset Disk - Drive Selection

Click Next again and you’ll need to confirm your password for security:

Creating a Password Reset Disk - Security Verification

This is done simply to prevent someone from being able to walk up to your logged in machine and create a password reset disk for your account. They could then later use that disk to reset your password and access your machine. Click Next and the disk is created.

Creating a Password Reset Disk - Complete

One final Next for the last page of the wizard:

Creating a Password Reset Disk - Final

Before we even use the disk, however, we need to talk a little bit about security.

Keeping the reset disk secure

The final screen of the wizard contains a very simple, understated instruction:

Label this disk “Password Reset” and keep it in a safe place.

Label it however you like (I’d include the account login name as well), but keep it in a safe place. That is incredibly important.

Naturally, you’ll want to be able to find it should you ever actually need it – that part is easy.

But think about it – anyone with this disk in their hands can reset your Windows password. In other words, having this disk is just as good as having your password. As we’ll see in a moment, it’s just a couple of steps to use it.

So do more than keep it in a safe place; keep it in a secure place, a place that people who shouldn’t have access won’t have access – accidentally or otherwise.

Using the reset disk

You wake up one morning and for whatever reason, you simply cannot remember your Windows login password. But you do remember your password reset disk.

Here’s how you use it.

After a failed login attempt, Windows will show you your password hint (if you created one) and a link to “Reset password…” if you’ve created a password reset disk.

Reset Password link on Windows Login

Make sure that your password reset disk is inserted and click Reset password… Windows will once again ask you to select the drive containing the password reset disk and then display this dialog:

New Password Entry

Why Not Just Save The Password?

If you need to save the password recovery disk securely, why not just write down the password and save that securely?

Good point. But the recovery disk does one thing that a saved password does not: it works even if you’ve changed your password. If you rely on a written down saved password somewhere you’ll need to remember to keep it updated each and every time you change your password.

Perhaps not a big deal, but depending on your situation it could mean the difference between regaining access or not.

You can now enter a new password which will replace whatever that forgotten password may have been. Make sure to also include a password hint that might also help you (but not someone else) remember the password in the future.

Click Next and you’ll be taken to the Windows login screen to login with your newly reset password.

Do you really need a password reset disk?

Is all that really necessary?

Maybe. Maybe not.

In all the years that I’ve been using Windows, the first time that I created a password reset disk was in writing this article. My approach to passwords allows me to remember them easily while still keeping them secure.

On the other hand, perhaps you’ve run into forgotten password situations before. Or perhaps you’re setting up a machine for a friend who’s not as comfortable with passwords, computers, and the like. Especially in the later case, a password reset disk can be a very quick and handy recovery tool.


 

16 comments on “How Do I Create a Windows 7 Password Reset Disk, and Why Would I Want To?”

  1. Leo, how does this affect encrypted files? Does Windows use your password as an encryption key? One of my email accounts does, and it warns me that if I lose my password it can be reset but I will lose access to all my old emails

    • I strongly dislike Windows built-in encryption because it’s very easy to lose access to the files should you ever lost your account. I think in this case a password reset disk will preserve your encrypted file access (the encryption uses that same underlying token that identifies your account, or something based on it, and not your actual password). There is a separate procedure to save the encryption certificate should you ever permanently lose access to the (one and only) account that created it and can access it, but that’s very easy to forget or overlook. I strongly recommend solutions like TrueCrypt instead.

  2. I don’t use Windows’s built-in password reset disk feature as it only works for one account. Instead, I use Offline NT Password & Registry Editor. It comes with the program ‘chntpw’ preinstalled. Of course, you can boot into any live Linux distribution and install the package manually. It instantly blanks out Windows passwords for any user(s) of your choice, administrator or not. The downside is it doesn’t work for encrypted systems, and only works for local accounts. (Log on to ‘this computer’, not a domain.) For encrypted file systems, you’ll have to use a brute-force password cracker, such as Ophcrack. This method might take longer, and may not be able to crack a very secure password. However, if Ophcrack does succeed, you will gain access to an encrypted file system.

    • I’ve actually been disappointed by Ophcrack. I have what I’d consider only a semi-secure password on my home machine, and yet when I tried Ophcrack to see how well it would do it failed. The Offline disk is one I’ve used and recommended.

  3. I signed up for and provided all necessary information and thought that the Password reset would occur or tall me what the next step is. Nothing has happened.

    • I don’t understand what you “signed up” for … the password reset disk described in this article is for your Windows password, and has no “sign up” involved.

  4. I keep all my passwords in LastPass. When I forget the Windows password, I can log into my LastPass account from another computer and have it displayed.

  5. i have no problem with email pass word i can repeat my password at any time.i have not at all for gotten my password. but still i am not getting my mail saying that it is website security problem.so pl. help me to read my mail. ok thanks leo sir.

    • I’m afraid I don’t understand your question, but it appears to be unrelated to the topic of this article which is about Windows passwords, not email. Please submit new questions here.

  6. I followed all of the steps but it only says “An error occurred while the wizard was attempting to set the password for this user account.”. What should I do?

  7. I woke up this morning and my password won’t work. I have Windows 7. I tried to reset, but it asking for Disk to reset. I never set up a disk. I do have two users on the computer and the other user does not have a password. I can still use my computer on the other user, but not as administrator. How do i fix this. I have always used the same password, I did not changed it. I really don’t understand what is going on. Please help.

  8. Ah, memories.

    When I first set up our computer, I was dismayed, amid all the myriad setup tasks, to find that I couldn’t log into the Administrator account! I racked my brain trying to remember what password I’d entered, and tried every password I could think of to no avail… until finally, in some desperation, I simply tapped ENTER on an empty prompt… and gasped when I was told “Welcome!”

    I hadn’t set an Administrator password!

    Oh boy, did I ever change that in a hurry, LOL!!! 🙂

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.