This afternoon I ran into the classic problem on my friend's Windows 2000 machine: someone had locked the administrator account and no one knew the password. Without it I couldn't access the computer. A similar situation will occur if you simply lose or forget your password. Because most people don't know what else to do, they panic and start to reformat the entire drive. Here's a guide on how to retrieve, reset and/or change your user password without having to reinstall anything.

There are mainly two ways to do this. The first and recommended way is to reset the password using a registry editor. This is easy and quick but in turn will overwrite your previous password, which in some cases is not desired. The second option, which you only ought to choose if you really need to get hold of the original admin password and not change anything, is a bit more time consuming. Let's start with with the first method: editing the Windows registry.

Reset/Change Your Password

This method works on: NT 3.51, NT 4 (all versions and SPs), Windows 2000 (all versions & SPs), Windows XP (all versions, also SP2), Windows Server 2003 (all SPs), Vindows Vista 32 and 64 bit.

Step 1: Create Boot Software

On Windows NT systems, all passwords are stored in a system file called "SAM." Because the passwords are encrypted and the file is locked while running the OS, you need to access this file "offline" and edit it using a special software. There are many free programs for this but from experience I would strongly recommend Petter Nordahl-Hagen's Offline NT Password & Registry Editor, that can be downloaded here. Download the CD image and burn the .iso file to a CD-R.

Step 2: Boot Up

Restart your computer and insert the boot CD. If your computer wants to start Windows instead, you'll need to access BIOS and change the boot sequence. Consult your motherboard manual for this but generally you hit F10 or F12 before Windows starts and then look for the settings where you select the CD-ROM as the first boot medium in the boot sequence.

Step 3: Walkthrough

When you've booted up your computer with the CD, you will be taken through a number of options to reset or change your password. Here's a quick walkthrough:

1. Select partition: If you've only got one hard drive where Windows is installed, the default option here will be 1. If you've got several hard drives installed, choose the partition where you know Windows is stored.
2. Select registry path/file: Here you specify the directory path to the SAM file. For Windows 2000 users it will most commonly be WINNT/system32/config, for XP users WINDOWS/system32/config. If you know your system is using a different path, type that in. When you've pressed enter, choose 1 [sam system security].
3. Select password/registry edit: Again, the default choice here will be to edit user data and passwords (1)
4. Select user to edit: If you wish to edit the admin password, type in Administrator. If you want to edit the password of another user, type in that username accordingly.
5. Select password edit: You'll be given lots of useful options but the most common one will be to clear/reset the user password. To do this, choose option 1 and press enter. After you've received a message that the password has been cleared, you want to quit the program and try this out. Quit by typing in an exclamation mark, !, and pressing enter, then choosing q to leave the registry menu.
6. Select writing changes: Before you quit, you're given a last option to perform the changes to the registry file or roll back the changes if something went wrong. If everything's fine, choose yes by typing y and pressing enter. Then press CTRL-ALT-DEL to reboot. Don't forget to take out the CD!

You should now be able to log on to the user account with a blank password. If it doesn't work, repeat the process above, alternatively you might want to try to changing the password to something new.

This method is quick and fairly simple. There's a slight risk of corrupting the registry file when writing to it but if you follow the instructions above, you should be safe, and the program automatically writes a backup of the original file. If you lack a CD-ROM or CD-R, you can of course also choose the floppy disk variant instead, that requires some additional drivers (refer to the included manual for this).

Retrieve Your Password

In certain cases you don't want to change the password but simply gain access to the user account. For this end you will need to "crack" the password some way, meaning you have to decrypt it from the SAM file. This is done by letting a program try out different methods of guessing the password, which is the time consuming part. By brute force, or trying out every possible combination there is, this method always works.

Step 1: Access The SAM File

If you have access to another computer, which is required for this method to work, you want to copy the SAM file to this location from the computer where your password is stored. To access the file offline, you first need to boot up your computer with another OS:

1. If you feel secure with the traditional Windows DOS, download the appropriate boot disk from here and install to a floppy disk.
2. Download a CD-bootable OS like LinspireLive that supports the file system of your Windows OS (most commonly NTFS or FAT32).
3. Create your own CD-bootable Windows environment on another computer, for instance BartPE for Windows XP.
4. Boot up with your Windows installation or recovery CD and enter the recovery console. Here you may copy the SAM file using simple DOS commands.

Copy the SAM file located in WINNT/system32/config or WINDOWS/system32/config to an external medium like a floppy drive, a USB memory or a hard drive.

Step 2: Crack The Password

Now that you've go the file containing the password you're trying to retrieve, you need a software to crack it. The classic program for this is L0phtCrack, which can be downloaded here.

Open up the SAM file with L0phtCrack and follow the instructions on how to crack it. Usually you want to enable all methods but the safest one is brute force. Depending on how long the password is and which characters it contains, the process can take anywhere from 5 min to over 24 hours. Again, this method is only to be used if you really need to get hold of the password and not at any costs want to change or reset it.

Following these two guides, you can reset the lost password in less than 30 min or retrieve it in less than a day. No need to reformat or reinstall ever again!