Print

Recovering lost local account passwords

1/7/2014 - Author: Felicia

I was recently asked how a person could recover a password for a local account on their Windows computer. For obvious reasons, I would never actually recover a local account password for anyone unless I could affirmatively prove that they were the actual legal owner of the computer.

In the IT world, we say that if you have physical access to a device, you own it. You need to keep this in mind with regards to allowing people access to your computer equipment without supervision. This reason as well as others are  motivating factors in public access computers being converted to PXE boot from a network image server rather than having hard drives in the local computer.

In any sort of a managed network computing environment, there is typically at least one person who has administrator access to systems who can assist you in resetting passwords if needed. So the scenario below is only applicable for an individual home user environment where they have no IT support.

Let's assume that you are the legal owner of the computer equipment and you have lost the password for all of the administrator-level accounts on your computer. If you had the password for at least one of the administrator-level accounts, then you could use that account to reset the password for any local Windows account.

In order to reset a password for local Windows computer accounts when you have no other access option, you need to boot the computer from a special boot disk and use that disk to effectively hack the SAM database. The local SAM database is the security accounts manager.

There used to be free hack utilities to boot into Windows XP and reset the local accounts' passwords. Searching for hack utilities is an inherently dangerous activity. Someone who does not work specifically in the IT security industry is not going to know what websites host malware and which websites host legitimate utilities. As a result, I strongly suggest that you do not experiment with free utilities. If you do, you do so at your own risk, and will probably get your one working computer hacked.

There is one company's product I can recommend as an administrator resource. LSoft makes Active Boot Disk. Administrators would purchase this utility, make a boot disk, and use the tool appropriately to solve their problem. Active Boot Disk also has an abundance of other very useful tools.

I'm not much of a fan of creating boot CDs because they consume physical resources. In many cases, I prefer to create a boot USB flash drive from ISO files. UNetBootIn is an excellent tool for this purpose.

As with any technical procedure, I urge you to read the manuals for all tools and understand them before using them.