Do you have physical access to the machine? Can it boot from a CD or USB drive?
You can’t learn what the passwords are, but you can reset any Windows password on that machine that you like.
And if that doesn’t scare you, I really need to drive home a point.
Resetting the password
First, let’s walk through what you need to do. The screen shots below are from my Windows 7 machine, but Windows XP, Vista, and 8 are all documented as being supported.
Obligatory caveat. This utility has been around for a while and it has a good reputation. As with any third-party software that’s going to operate on sensitive system areas, however, you are always at risk. Make sure you have a good backup of your machine prior to performing these operations. And of course, you use utilities of this nature entirely at your own risk.
First, download and burn to CD the Offline NT Password and Registry Editor. This is actually a highly customized version of Linux that’s designed to do exactly what the name implies: allow you to examine and edit the password information and registry of a Windows machine. (A USB version is available as well.)
Boot your problematic machine from that CD that you just burned. You’ll end up with something like this on your screen:
Don’t let all the stark plain text worry you. The process for what we’re doing is actually pretty simple. Typically, you can just press Enter to continue on to the next step. The program boots and then automatically searches your hard disks for Windows installations:
Here’s the relevant portion of that screen enlarged:
You can see that it has found one installation of Windows. Because it’s the only installation, it’s number one on the list. If your machine has multiple Windows installations, you’ll need to select the proper one. In our case, we can just hit Enter once again as “1” is the default choice.
The program lists the contents of the folder containing the Windows registry (you may need to press the space bar on your keyboard once or twice to scroll through the paged listing. Typically, you can simply ignore it).
There are several options. In our case, we’re only concerned about performing a password reset. Once again, we can just press Enter because “1”, Password Reset, is the default.
It’s now asking us what we want to do. “Edit user data and passwords” is exactly right and it’s the default once again, so … press Enter.
There are a couple of things worth noting about this step:
- All accounts on the machine are listed. You can see that there are three: Administrator, Guest, and LeoN.
- Two of the accounts have administrative privileges: Administrator and LeoN.
- Two of the accounts are actually disabled: Administrator and Guest.
- Each account is identified by a RID, which is essentially an ID number for that account.
Here you choose on which account you want to act. To select that account, type in the RID number. In this example, the program has selected the RID of the only active account as the default. Once again, we just press Enter.
The program displays a summary of account information and then gives us a menu of things to do to that account.
This time, the default is q for quit. Instead, type 1 – to clear the password – followed by Enter. It’ll redraw the screen quickly and present the same menu again. In all of that text, there will be confirmation that it’s done what we need:
Because we’re done, this time accept the default of q for quit and simply press Enter.
This returns you to the previous menu. Here, you’ll need to type q followed by Enter to quit.
None of the changes that we’ve made have actually been written to disk as of yet. To complete the operation, type y (the default is no) followed by Enter.
Offline NT Password and Registry Editor
As you’ve probably surmised by the choices that we made and the options that we bypassed, the Offline Editor is a powerful tool for going in and performing all sorts of registry manipulation on Windows machines.
This has only been an overview of one type of operation, addressing the most common request that I encounter.
I recommend that you familiarize yourself with the utility before using it and then review the documentation and FAQ on the website.
The most important lesson of all
So, that was pretty simple, right? OK, maybe a little scary if you’ve never done something like that before. You can see that it’s pretty darned easy. Reboot from CD or USB, press Enter (in most cases) a few times, and *poof* … the account password is cleared and you have access once again.
So easy anyone could do it.
This is where you should be concerned. You need to be aware of this.
Anyone with physical access to your machine can do what I’ve just described.
If you’re in a position where folks with a motive or other random strangers can access your machine, you may want to rethink your physical security. Remember one of the most important security rules of all:
If it’s not physically secure, it’s not secure.
The ability to walk up with a CD and “own” the machine with a reboot and a few keystrokes hopefully makes that pretty clear.