Windows Password Recovery Without Third Party tools

Windows Password Recovery Without Third Party tools

We often come across with a situation which needs us to logon to a Windows machine with local credentials and sometimes we are not equipped with the password of local Administrator ID or any other Local ID from that particular system.

There are many third party tools available on internet which lets you reset the password of local accounts but most of the System Admins are always reluctant to use any third party application for any kind of recovery options unless they are 100% sure of what that tool does and how.

There are trusted ways of resetting Windows Local ID’s passwords without using any third party application and here are the steps outlined:

What you need:

• Bootable USB Drive or ISO of Windows 7/8/2008/2012
• One or two reboots of the system.

I hope a bootable ISO is readily available with almost every system administrator but if you want to go with a Bootable USB drive then please follow my another post which describes how to create a bootable USB drive from any Windows ISO (Windows 7 or above only).

Creating Bootable usb disk : http://adminthing.blogspot.in/2016/02/install-windows-from-usb-drive.html

Once you have the Bootable disk (ISO/USB) ready.

• Insert the ISO/USB disk to the system and make sure it has been configured to first boot from ISO/USB device.
• Boot the machine with Bootable disk.
• Proceed to enter Recovery options and Open Command Prompt window or to open Command prompt you can press Shift + F10 when you are presented with Install Windows screen.

Install Windows Screen

Command Prompt Opened after pressing Shift + F10

• Once you have opened the Command Prompt, Go to C: Drive, this drive letter can vary depending on the number of drives present on your machine and you may need to find out which is the original drive where OS is originally installed.
• Under C:\Windows\System32 rename a file named Sethc.exe to Sethc.exe_OLD  
• Copy CMD.EXE to Sethc.exe

Please note that if you are not able to see the OS Disk in this Recovery Environment then please refer to another article (here) that has been published which shows how to load Hard Disk controller drivers in Recovery environment.

Rename File Operations

• After the file rename operation complete successfully, Exit the command prompt window and hit Esc to exit the installation window, Upon prompting to cancel installation click Yes and restart the machine.

Exit Installation Screen

• Now remove Bootable device (USB/ISO) and Boot the Machine normally.
• Once the machine boots up properly, open console of the machine depending on machine type (Vmware Console/Idrac/ILO/RSA/IMM)

Normal booted Machine:

• On the login screen Press Shift key 5 Times and you will be presented with a Command prompt window.

• Now you are in full control of the machine and you can Create a New user ID, Reset any exiting User’s Password, add user to local groups and so on.

Normal booted Machine with Command prompt open without logging in:

 

Here is an example of adding new User and Resetting Existing user’s password as shown in the above Image:

At Command prompt:

• List local users on that machine:

Net User

• Create new User:

            Net User /add TestUser1 Password123

• Add user to Local Administrators Group:

            Net localgroup administrators /add TestUser1

• Reset existing user’s Password:

            Net user TestUser1 Password@098

Now We can logon to the Machine with newly created user ID or with the Password we have reset for the existing user.

Disclaimer Note: Above steps have been executed several times and found working even in production environments on OS Windows 7 and above, Please follow the steps at your own wish/risk, Blogger will not be held responsible for any loss in data/systems that may have been caused while following this. 
Note: Don't forget to replace the files back with their originals names to avoid security risks.

DiskPart : Attach a new disk and create new volume

Here are the steps required to rescan and attach a Disk on any windows server from command prompt using DiskPart utility.

• Enter DiskPart Prompt:

C:\Windows\system32>diskpart

Microsoft DiskPart version 6.3.9600

Copyright (C) 1999-2013 Microsoft Corporation.

On computer: MyHostName

• Perform rescan to allow DiskPart to look for any changes on the Disks attached:

DISKPART> rescan

Please wait while DiskPart scans your configuration...

DiskPart has finished scanning your configuration.

• List Disks attached to the system:

DISKPART> list disk

  Disk ###            Status         Size                 Free     Dyn  Gpt

  --------                -------------  -------               -------  ---  ---

  Disk 0                 Online          100 GB         0 B

  Disk 1                 Offline         400 GB          400 GB

• Select the Disk we are going to work on:

DISKPART> select disk 1

Disk 1 is now the selected disk.

• Bring the disk online:

DISKPART> online disk

DiskPart successfully onlined the selected disk.

• Initialize the disk:

DISKPART> attributes disk clear readonly

Disk attributes cleared successfully.

• Create a Partition on the selected disk:

DISKPART> create partition primary

DiskPart succeeded in creating the specified partition.

• Quick Format the newly created partition with NTFS supplying Quick parameter:

DISKPART> format fs=ntfs quick

  100 percent completed

DiskPart successfully formatted the volume.

• List the Volumes/Partitions created and mounted on server:

DISKPART> list vol

  Volume ###      Ltr      Label                    Fs           Type                     Size        Status                  Info

  ----------              ---     -----------              -----        ----------                -------     ---------  --------

  Volume 0     D                                         DVD-ROM                          0 B         No Media

  Volume 1                     boot                     NTFS      Partition              350 MB Healthy                   System

  Volume 2     C                            Windows 201     NTFS      Partition              99 GB    Healthy                   Boot

* Volume 3                                                 NTFS      Partition              399 GB  Healthy

We want to create the Volume with Drive letter D: but since it is in use by DVD/CD Rom hence We need to change Drive Letter D: assigned to CD/DVD Rom so that it can be allocated to next partition we are going to create:

• Select Volume number representing CD/DVD ROM drive:

DISKPART> sel vol 0

Volume 0 is the selected volume.

• Assign a different Drive letter (Z:) to Selected Volume:

DISKPART> assign letter=z

DiskPart successfully assigned the drive letter or mount point.

Now We can assign D: to our newly created volume:

• Select Volume number representing to the newly created volume (3 in this case):

 DISKPART> sel vol 3

Volume 3 is the selected volume.

• Optional: We can see the details of the selected Volume:

DISKPART> det vol

  Disk ###            Status                  Size        Free    Dyn  Gpt

  --------                -------------           -------     -------  ---  ---

* Disk 1               Online                 400 GB      0 B

Read-only                          : No

Hidden                               : No

No Default Drive Letter    : No

Shadow Copy                    : No

Offline                               : No

BitLocker Encrypted         : No

Installable                          : Yes

Volume Capacity        :  399 GB

Volume Free Space      :  399 GB

• Since the new Volume is selected now so we can change it:

DISKPART> assign letter=d

DiskPart successfully assigned the drive letter or mount point.

• Done!

DISKPART> Exit