Windows Password Recovery Without Third Party tools
We often come across with a situation which needs us to logon to a
Windows machine with local credentials and sometimes we are not equipped with
the password of local Administrator ID or any other Local ID from that
particular system.
There are many third party tools available on internet which
lets you reset the password of local accounts but most of the System Admins are
always reluctant to use any third party application for any kind of recovery
options unless they are 100% sure of what that tool does and how.
There are
trusted ways of resetting Windows Local ID’s passwords without using any third
party application and here are the steps outlined:
What you need:
- Bootable USB Drive or ISO of Windows 7/8/2008/2012
- One or two reboots of the system.
I hope a bootable ISO is readily available with almost every
system administrator but if you want to go with a Bootable USB drive then please
follow my another post
which describes how to create a bootable USB drive from any Windows ISO
(Windows 7 or above only).
Creating
Bootable usb disk : http://adminthing.blogspot.in/2016/02/install-windows-from-usb-drive.html
Once you have the Bootable disk (ISO/USB) ready.
- Insert the ISO/USB disk to the system and make sure it has been configured to first boot from ISO/USB device.
- Boot the machine with Bootable disk.
- Proceed to enter Recovery options and Open Command Prompt window or to open Command prompt you can press Shift + F10 when you are presented with Install Windows screen.
Command Prompt Opened after pressing Shift + F10
- Once you have opened the Command Prompt, Go to C: Drive, this drive letter can vary depending on the number of drives present on your machine and you may need to find out which is the original drive where OS is originally installed.
- Under C:\Windows\System32 rename a file named Sethc.exe to Sethc.exe_OLD
- Copy CMD.EXE to Sethc.exe
Rename File Operations
- After the file rename operation complete successfully, Exit the command prompt window and hit Esc to exit the installation window, Upon prompting to cancel installation click Yes and restart the machine.
Exit
Installation Screen
- Now remove Bootable device (USB/ISO) and Boot the Machine normally.
- Once the machine boots up properly, open console of the machine depending on machine type (Vmware Console/Idrac/ILO/RSA/IMM)
Normal
booted Machine:
- On the login screen Press Shift key 5 Times and you will be presented with a Command prompt window.
- Now you are in full control of the machine and you can Create a New user ID, Reset any exiting User’s Password, add user to local groups and so on.
Normal booted Machine with Command prompt open without logging in:
Here is an
example of adding new User and Resetting Existing user’s password as shown in the above Image:
At Command prompt:
- List local users on that machine:
Net User
- Create new User:
Net User /add TestUser1 Password123
- Add user to Local Administrators Group:
Net
localgroup administrators /add TestUser1
- Reset existing user’s Password:
Net user
TestUser1 Password@098
Now We can logon to the Machine with newly created user ID or
with the Password we have reset for the existing user.
Disclaimer Note: Above steps have been executed several times and found working even in production environments on OS Windows 7 and above, Please follow the steps at your own wish/risk, Blogger will not be held responsible for any loss in data/systems that may have been caused while following this.
Note: Don't forget to replace the files back with their originals names to avoid security risks.
Disclaimer Note: Above steps have been executed several times and found working even in production environments on OS Windows 7 and above, Please follow the steps at your own wish/risk, Blogger will not be held responsible for any loss in data/systems that may have been caused while following this.
Note: Don't forget to replace the files back with their originals names to avoid security risks.
