Tuesday 18 October 2011

How to reset a Windows password without third party tools

Whilst there are many tools that can change Windows account passwords, I personally like to do it manually as it doesn't take very long.

This trick will not work if you have Bitlocker full disk encyption - and, if you have EFS (Encrypting File System), your keys will become lost (as with any password resetting method).

Firstly, you need access to your hard drive - this can be from anywhere that has NTFS Write access (The easiest method is a Windows Vista/7 installation disk).

If you chose a Windows installation disk, simply boot from it and then at the first screen (Language/Location/Keyboard) click next, followed by holding Shift+F10. This will launch a command prompt window.

Depending on the amount of partitions and setup you have, Windows may be on a different drive. Try typing the following:

c:
dir
If this doesn't look like your hard drive, try changing c to d, and go through the alphabet until you reach your hard drive.

Once there, type the following:

cd\windows\system32
ren osk.exe osk_old.exe
copy cmd.exe osk.exe
Next, reboot Windows.

From here, click the accessibility\wheelchair icon and then the On Screen Keyboard option.

This will now launch a Command Prompt window as `SYSTEM` (Be careful!).

You have two options : the quickest, to change the password from the command line is:
net user username password
(Change username and password to... well, you can guess!).

There will be no confirmation, it will simply just change.

If you would rather use a UI, type `mmc` and press enter. From here, go to "File" > "Add/Remove Snap-in", Click "add", and choose "Local Users and Groups". click "close", then "ok".

Expand "Local Users and Groups" > "Users", and right click on a user, followed by "Set Password"... Choose whatever you want, and you are done!

To reset the earlier system changes, you have two options.

First, get to the command prompt from the Windows setup disk in the same way and type:

x: (where x is the drive)
cd\windows\system32
del osk.exe
ren osk_old.exe osk.exe

or, if you would rather just do it without the disk, go back to the login screen, launch command prompt and type this:

cd\windows\system32
start cmd
(Close the original command prompt window)
cd\windows\system32
del osk.exe
ren osk_old.exe osk.exe

and done!