In this article, I describe 12 ways for resetting the administrator password on Windows 7, Vista, or Windows XP. Each method has its advantages and disadvantages. Make sure you use the right procedure for your situation.
If you forgot the admin password and have no other account with administrator rights, things can get tricky. The methods and free tools explained here can reset the Windows password for all Windows versions—that is, for Windows 7, Vista, Windows XP, Windows 2000, Windows Server 2003, and Windows Server 2008 R2. In this article I only talk about the Windows client editions, but the methods also work for the corresponding server versions. The methods described here are not for resetting lost domain administrator passwords.
As system administrator, you are usually confronted with this problem if users have admin rights on their machines. Even if you don’t have to reset a password now, you should get acquainted with this issue. Rest assured that sooner or later a user will bug you with this problem. I must admit that I managed to forget my password more than once.
Note that I published this article a few years ago, but since then I updated it several times and added a few new methods. Not much of the original article is left except the numerous comments below. As you can see, forgetting the Windows password is a common problem.
Vista and Windows 7 allow you to create a password reset disk, which enables you to reset your password without much hassle. The problem with this option is that you have to create the reset disk before the password is lost. Thus if you don’t have a password reset disk, this option is not for you. You can find a description of how to create a password reset disk here.
If you configured a new password recently and can still remember the password you used before, then you can restore Windows to a point in time before you changed the password. The Restore function of Windows 7 and Windows Vista will make sure that you don’t lose personal data. However, programs that have been installed since the corresponding restore point have to be installed again. All you need for this procedure is a Windows 7 or Windows Vista setup DVD. A detailed description of this method can be found here. If you are uncertain what System Restore is doing with your computer, read this first. This approach doesn’t work with Windows XP.
When you installed Windows XP, you had to set a password for the Administrator account. If you still know this password, you can boot up in Safe Mode (by pressing F8 when your computer starts) and log on with the Administrator account. Read this Microsoft Knowledge Base article for more information about Safe Mode. Note that whenever you reset the password for a user using another account, this user will no longer be able to access files that have been encrypted with EFS (Encrypted File System). Stored credentials in the Windows Vault and Internet Explorer will also no longer be available. This method doesn’t work in Vista and Windows 7 because the administrator account is disabled by default in Safe Mode with these Windows versions. Below you will learn how to enable the built-in admin account in Windows 7 and Vista.
The Sticky Keys trick to restore a forgotten administrator password is reliable, easy to carry out, and does not require third-party software. All you have to do is boot up from a Windows 7 or Windows Vista setup DVD, launch the Windows Recovery Environment (RE), and then replace the sethc.exe file with cmd.exe. You can also use this method for Windows XP, but you have to use a Vista or Windows 7 DVD.
This method is useful if no other user account on this machine has administrator privileges. You also need a Windows setup DVD (Vista or Windows 7). With this DVD you can boot up Windows RE and edit the Registry to offline enable the built-in administrator account. Also read my article about the offline Registry editor if you don’t know how to edit the Registry in offline mode. After you enable the built-in Administrator, you can log on with this account without requiring a password and then reset the Windows password of any user account.
The downside of this option is that you have to create a password reset CD first. Then you can boot up with this CD and manipulate the Security Accounts Manager (SAM) database. Please note that resetting the password with third-party tools can also cause data loss as described in option 4. Also note that this tool comes without any warranty. However, I’ve been using it quite a few times and never had any problem with it. The latest version also supports Windows Vista and Windows 7. The advantage of this method is that it is quick if you already have the password CD in your tool box. Thus it is useful for admins who have to perform this procedure often. In all other cases I recommend option 4. You can download the tool here.
The Trinity Rescue Kit (TRK) is a troubleshooting solution that belongs in every admin’s tool box. Please read my review of the Trinity Rescue Kit for more information. This great tool allows you to reset the password of Windows XP, Vista, and Windows 7. It works similar to ntpasswd. After you have booted up with the TRK CD, you have to enter the command winpass -u user_name and then follow the instructions. Sometimes setting a new password doesn’t work; in this case, just set an empty password.
I reviewed the free Kon-Boot tool a few days ago, and I can’t really recommend it because it crashed two Windows 7 installations during my test. I mention this free password reset tool here for the sake of completeness and because it is quite famous. Its main advantage is that it is very quick. You only have to boot up from the Kon-Boot CD and the tool will do the rest for you. It changes the contents of the Windows kernel on the fly while booting allowing you to log on without password. Thus the tool doesn’t change the SAM database. If you reboot again without using Kon-Boot you need the old passwords.
Especially if your computer doesn’t have a CD or DVD drive, you have to create a bootable Windows USB flash drive and then you can use the free Windows password reset tool NTPWEdit. Don’t forget to add NTPWEdit to the USB stick before you boot up.
MSDaRT is a toolset from Microsoft that allows you to repair a Windows installation. This tool is only available for Microsoft volume customers, TechNet Plus subscribers, and MSDN subscribers. You can easily recover an admin password with its Locksmith tool. Please check out my review about MSDaRT for more information.
If a computer no longer boots up, often a rogue Registry setting is the culprit. In these cases you need an offline Registry editor, that is you have to edit the Registry from a second installation. Although there are third party offline Registry editors, you can use regedit as an offline Registry editor. The procedure described here also works with Windows PE (Windows Preinstallation Environment) or Windows RE (Windows Recovery Environment).
Windows RE: You only need a Windows 7 or Windows Vista installation DVD. After you boot from the DVD, click “Next,” then click “Repair your computer,” then click “Next” (Use recovery tools), and then “Command Prompt.”
Windows PE: You can also use Windows PE to launch an offline Registry editor. Check out my article about creating a bootable WinPE USB flash drive for more information.
Launch regedit on the command prompt.
In the File menu, click “Load Hive.”
Open the database file that contains the Registry hive you need:
HKEY_LOCAL_MACHINE \SAM = %windir%\system32\config\SAM
HKEY_LOCAL_MACHINE \SYSTEM = %windir%\system32\config\SYSTEM
HKEY_LOCAL_MACHINE \SOFTWARE = %windir%\system32\config\SOFTWARE
HKEY_USERS \.Default = %windir%\system32\config\DEFAULT
HKEY_CURRENT_USER = %userprofile%\ntuser.dat
Enter an arbitrary key name when prompted. A new node with your key name appears under HKEY_LOCAL_MACHINE.
Edit the Registry entries in the new node.
Click the root folder of your node, and then click “Unload hive” in the File menu. Your changes will be written to the offline Registry.
Note that you can import and export .reg files to the offline Registry edtior. This allows you to use Registry settings from another machine for troubleshooting purposes.
Also note that this procedure can be used to edit the settings of a user profile without logging on with the corresponding user account. In one of my next posts, I will show you how you can—through offline Registry editor—access a computer where you have forgotten the administrator password, without requiring third-party software.
In my last my post I described how to offline edit the Registry of a Windows installation through Windows PE or Windows RE. Today, I will give you the procedure to offline enable the built-in administrator account. This can be useful when you have to reset the password of the administrator account without having admin privileges on this machine.
I tried the procedure described here on Windows 7 and Windows Vista. I suppose it also works on Windows XP. However, in Windows XP you can just boot up in Safe Mode (press F8 before Windows starts booting) and log on with the built-in administrator account even it is disabled. Because an administrator password has to be configured when Windows XP is installed, the Safe Mode procedure will only help if you have at least this password.
Once you enable the administrator account, you can use this account to log on to this Windows installation. This works because, by default, the built-in administrator account is configured with an empty password in Vista and Windows 7. Of course, if you configured an administrator password (which I recommended in my article about the built-in administrator account), this procedure is useless if you have also forgotten this password or if a user has set the password and didn’t tell you about it.
Before you proceed, please note that editing the Registry is always risky if you don’t know what you are doing.
To offline enable the built-in administrator account, follow these steps:
Load the SAM Registry hive with regedit as described in my post about the offline Registry editor.
Navigate to HKLM\%your_key_name%\SAM\Domains\Accounts\Users\Names\.
Click “Administrator” and note the value in the type column.
Navigate to HKLM\%your_key_name%\SAM\Domains\Accounts\Users\.
Use the type value you noted before to locate the Registry key of the administrator account (see screenshot).
Edit the F entry of the administrator key and navigate to the 0038 position.
If the built-in administrator account is disabled, the value of this position is “11″; replace it with “10″. NOTE: Make sure to edit the correct position because editing binary values in the Registry is a bit tricky: Move the cursor to the beginning of position 0038, press “DEL,” and then type “10″.
Click %your_key_name% and then unload the hive through the corresponding menu point in the File menu.
After you reboot, you can log on using the built-in administrator and reset the password of other accounts.
Note that you can also use this procedure to offline enable other accounts with administrator privileges. In this case, the value at position 0038 will be “15″ if the account is disabled; replace it with”14″ to enable the account.