What should you do when you forgot the password to login to Windows or Windows Server system? Ask an administrator to reset the log on password for you. If you yourself are administrator, and you can’t remember the administrator password, the problem get a little tricky, and probably hard to recover the ‘forgotten password’ again. Before you search for recovery CD or Windows DVD to format and reinstall Windows onto the computer, here a few ways you can try to unlock the Windows to gain access to the system again, at least by resetting the password.

Method 1: Take a rest, and try hard to remember the forgotten password

Sometimes, human being is a little weird. You won’t get the thing that you urgently need. So have a coffee, take a snap or even come back after a few days, you may found that you suddenly ‘remember’ your Windows password.

Method 2: Try No Password Administrator Login Backdoor

In Windows XP (not Windows Vista, Windows 7, Windows 8, Windows 8.1, Windows 10 or later, as in these new Windows OS, Administrator account is not enabled by default), there is built-in Administrator user account, that has administrative credentials, enabled by default, and without any password to protect the account from been accessed. If you didn’t change this Administrator’s password, then try to sign in to Windows XP without password.

Method 3: Reset password from another user account with administrator credentials

If you cannot log on to Windows by using a particular user account, but you can log on to another account that has administrative credentials, follow these steps on how to do the trick:

  1. Log on to Windows by using an administrator account that has a password that you remember. For Windows XP, you may need to start in Safe Mode (initiate by pressing F8 during bootup).
  2. Click Start, and then click Run.
  3. In the Open box, type control userpasswords2, and then click OK.
  4. Click the user account that you forgot the password for, and then click Reset Password.
  5. Type a new password in both the New password and the Confirm new password boxes, and then click OK.

Method 4: LOGON.SCR password reset trick

LOGON.SCR changing administrator or domain admin password hack works on Windows NT 4.0 and some versions of Windows 2000. The simple trick uses Cmd.exe (Command Prompt) as screen saver that triggered by system when idle, allowing users to access to command prompt as screensaver to change password.

Method 5: Do-It-Yourself (DIY) third party recovery tool

There are a lot of tools and utilities that can be downloaded and used to recover, reset, retrieve or reveal existing password. These password reset or retrieval utilities, free or paid, are usually a Linux boot disk or CD that able to comes with NT file system (NTFS) drivers and software that will read the registry and rewrite the password hashes, or can brute force crack the password for any user account including the Administrators. The advantage is that there is no fear of leaking your password to outsiders, while the process requires physical access to the console and a floppy, DVD or CD drive, or USB port with USB flash drive, depending on which tool you choose. And it’s not easy, although it always work!

Offline Windows Password & Registry Editor (also known as Offline NT Password & Registry Editor) – Available as bootdisk or bootable CD or USB Drive image which contains things needed to reset the passwords on most systems, Offline Windows Password and Registry Editor works to change or reset password of any users on 32-bit (x86) and 64-bit (x64) Windows NT 3.51, Windows NT 4, Windows 2000, Windows XP, Windows Server 2003, Vindows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows 10, Windows Server 2016 or possibly later. It can also detect and offer to unlock locked or disabled user accounts.

Offline Windows Password & Registry Editor does not support EFS encrypted files. If password is reset on users that have EFS encrypted files, and the system is XP or newer, all encrypted files for that user will be UNREADABLE and cannot be recovered unless you remember the old password again.

Download Links:

cd140201.zip (~18MB) – Bootable CD image and can be used to make bootable USB drive (download link removed as marked as malware).
usb140201.zip (~18MB) – Files for USB install.
bd080526.zip (~1.1MB) – Bootdisk image for floppy disk
drivers1-080526.zip (~310K) – Disk drivers (mostly PATA/SATA).
drivers2-080526.zip – Disk drivers (mostly SCSI).

chntpw – Essentially the same Offline Windows Password & Registry Editor as above, but compiled as package for various Linux distributions such as ALT Linux, Arch Linux, CentOS / RHEL, Debian, Fedora, Mageia, OpenMandriva, ROSA, Slackware and Ubuntu.

chntpw is useful if you already have a Linux live CD on hand, such as Ubuntu Live CD, where you can boot up to a Linux desktop or terminal, then edit or reset the password for user account with “chntpw -i sam” where sam is the sam file copied from %WinDir%/System32/config folder.

chntpw is included in many Linux distributions, or available for repository. Alternatively, search for it here.

Hiren’s BootCD – Hiren’s BootCD is a boot disk utility that packs various utilities in to a package, including the Offline Windows Password & Registry Editor. If you have Hiren’s Boot CD, you can boot up with it, and enter “Offline NT/2000/XP/Vista/7 Password Changer” to start resetting the password.

Download Link:

Hiren’s BootCD 15.2: Hirens.BootCD.15.2.zip

Trinity Rescue Kit – Trinity Rescue Kit or TRK is a free live Linux distribution that aims specifically at recovery and repair operations on Windows machines, but is equally usable for Linux recovery issues. Similar to Hiren’s Boot CD, Trinity Rescue Kit’s password resetting tool, winpass, is actually just an automated script for the chntpw (Offline Windows Password & Registry Editor) tool, which allows you to reset the passwords of any local account in Windows 8, 7, Vista and XP.

To start resetting password of Windows account in Trinity Rescue Kit, choose “Windows password resetting” option after booting up with Trinity Rescue Kit via CD/DVD, USB flash drive or over network via PXE.

Download Links:

Trinity Rescue Kit 3.4 Build 372 (iso format): trinity-rescue-kit.3.4-build-372.iso
Trinity Rescue Kit 3.4 Build 372 (executable self-burning): trinity-rescue-kit.3.4-build-372.exe

Password Renew – Password Renew is a utility to set or reset the passwords of any user which has a valid local account, create a new local user with administrator rights, set administrator rights to existing user on your NT system, or reset local administrator password on the PC that is in domain, using NULL Administrator password feature.

In order to use Password Renew, you must create and boot with WinPE/BartPE bootable live windows CD/DVD, which can be created by downloading the PE Builder.

Download Link:

Password Renew 1.1 Beta: renew_1.1-BETA.cab

John the Ripper password cracker – John the Ripper is a fast open-source password cracker based on dictionary attack with a wordlist currently available for many flavors of Unix (11 are officially supported, not counting different architectures), Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix flavors, supported out of the box are Kerberos AFS and Windows NT/2000/XP/2003 LM hashes, plus several more with contributed patches.

Download link:

John the Ripper 1.7.9 for Windows
John the Ripper 1.8.0 (sources, tar.xz)
John the Ripper 1.8.x extra charset files archive (sources, tar.xz)
John the Ripper 1.7.9-jumbo-5 for Windows
John the Ripper 1.8.0-jumbo-1 (sources, tar.xz)
John the Ripper 1.7.9-jumbo-7 (sources, tar.bz2)

EBCD – Emergency Boot CD – EBCD is a bootable CD, intended for system recovery in the case of software or hardware faults. It is able to create backup copies of normally working system and restore system to saved state. It contains the best system software ever created, properly compiled and configured for the maximum efficient use. Features are such as copy files from unbootable volume, recover master boot record of HDD, recover deleted file, recover data from accidentally formatted disk and floppy disk. EBCD also includes function to change password of any user, including administrator of Windows OS without the need to know the old password.

In short, the self-contained Emergency Boot CD bootable OS on live CD has the following features:

  • File Manager: Backup and restore files without Windows (has full support for Unicode and NTFS)
  • Windows Password Wizard: Restore access to your PC when you forgot the password for Windows user account
  • Registry Tools: Registry Editor (edit Registry even if Windows is not bootable) and Registry
  • Defragmenter (reorganize Registry in such way that logically adjacent data is located physically nearby, so Registry works faster).
  • Mount & Boot Center: Fix various boot problems and reassign drive letters outside of Windows.
  • Partition Manager: Create, format, delete and wipe partitions; backup partitions to image files, restore them back, and copy partition-to-partition.
Demo version of EBCD can only read from fixed disks, it can’t write to them. Although it can write to USB thumbdrives and other removable media.

Download link:

Emergency Boot CD 1.4g: ebcd-latest-demo.zip

EBCD (Old Versions): EBCD Lite 0.6.1 (free) | EBCD Pro 0.6.1

Ophcrack – Windows password cracker using time-memory trade-off on LM and NTLM hashes based on rainbow tables and supports Windows 7, Windows Vista, XP, 2003 and NT. This tool allows you to retrieve existing password.

RainbowCrack – Crack Windows password using time-memory trade-off cryptanalysis based on rainbow tables. Unless you already has dumped the hash for your Windows password (by using PWDUMP utility), else this utility is for hacker as it provides no way to retrieve the password hashes when you unable to access to your computer.

L0phtCrack – L0phtCrack (also known as LC5 when it’s version 5 or now LC6 for version 6) is a password auditing and recovery application by using dictionary, brute-force, and hybrid attacks. Originally produced by Mudge from L0pht Heavy Industries, and was produced by @stake after the L0pht merged with @stake in 2000. Support and sales has been discontinued by Symantec from end of 2006, after it acquired @stake in 2004. However, in January 2009, L0phtCrack was acquired by the original authors Zatko, Wysopal, and Rioux from Symantec, with L0phtCrack 6 announced on 11 March 2009 at the SOURCE Boston Conference. L0phtCrack supports Windows XP, Windows Vista, Windows 7, Windows 8, Windows 8.1, Windows 10, Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 or later.

So you probably need a crack that lists below. If you unable to sign on to your computer, you probably can’t use this.

Features of L0phtCrack:

  • Runs On Windows XP and higher. Operates on networks with Windows NT, 2000, XP, Server 2003 R1/R2, Server 2008 R1/R2, on 32- and 64-bit environments, as well as most BSD and Linux variants with an SSH daemon.
  • Provides a password scoring metric to quickly assess password quality.
  • Supports pre-computed password hashes dictionary for speedy password audits.
  • Imports and cracks Unix password files.
  • Has a built-in ability to import passwords from remote Windows, including 64-bit versions of Vista, Windows 7, and Unix machines, without requiring a third-party utility.
  • Scheduled routine audit scans.
  • Offers remediation assistance to system administrators on how to take action against Windows accounts that have poor passwords. Accounts can be disabled, or the passwords can be set to expire from within the L0phtCrack 6 interface.
  • Improved and updated Vista/Windows 7 style UI.
  • Real-time reporting that is displayed in a separate, tabbed interface. Auditing results are displayed based on auditing method, risk severity, and password character sets.
  • Displays password risk status in four different categories: Empty, High Risk, Medium Risk, and Low Risk.
  • Displays the completion of all four methods L0phtCrack 6 uses: Dictionary, Hybrid, Precomputed, and Brute Force.
  • Reports the completion of the various character sets being audited, including, Alpha, Alphanumeric, Alphanumeric/Symbol, Alphanumeric/Symbol/International.
  • Reports the overall length distribution of the discovered password by account.
  • Password statistics as Locked, Disabled, Expired, or if the password is older than 180 days.
  • Audit summary for number of accounts cracked and the number of domains audited.
  • Supports foreign character sets for Brute Force, as well as foreign dictionary files. Pull down menus change for language and character set. L0phtCrack 6 ships with several foreign dictionaries.

Download link:

L0phtCrack 6 (15 days trial): lc6setup_v6.0.20.exe

Cain & Abel – Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, revealing password boxes, uncovering cached passwords and analyzing routing protocols. The program does not exploit any software vulnerabilities or bugs that could not be fixed with little effort. It covers some security aspects/weakness present in protocol’s standards, authentication methods and caching mechanisms; its main purpose is the simplified recovery of passwords and credentials from various sources, however it also ships some “non standard” utilities for Microsoft Windows users.

This tool needs to be installed, so you must have another working computer to recover your password remotely. Thus it’s likely to be useful for system administrator only. Supports Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista and possibly all later Windows OS.

Download links:

Cain & Abel v4.9.56 for Windows NT/2000/XP: ca_setup.exe (download link removed as marked as malware)
Cain & Abel v2.0 for Windows 9x: cain20.exe (download link removed as marked as malware)

Hash Suite – Hash Suite is a Windows program to test security of password hashes. It’s primarily a tool for system administrators, security personnels and security consultants to audit large sets of password hashes to identify weak passwords but password recovery is a possible secondary use.

Hash Suite is able to import local and remote accounts with administrator privileges without reliance on any additional tools. However, the free version of Hash Suite does not support import of remote accounts, but you can also use one of the many pwdump tools to obtain the password hashes. This requires either administrator privileges or reboot from a CD that will access the hard drive directly (bypassing the installed copy of Windows).

Download links:

Hash Suite (free version): Hash_Suite_Free_3_2.zip

PCLoginNow – Bootable live CD with tool to reset local administrator and other user accounts passwords or change security settings on Windows system.

Method 6: Third party password recovery service

Login Recovery – Login Recovery is a service to reveal user names and recover passwords for Windows NT, 2000, XP, 2003 and Vista. Free service is available by waiting up to 48 hours and only one free request every three months. For privacy matter people, there may be some uncomfortability as service provider actually ‘know’ your password before sending it back to you.

Method 7: Bypass Windows log on password with DreamPackPL

DreamPackPL allows users to skip or bypass Windows login security in Windows XP or Windows 2000, and log on to a password protected Windows user account without a valid password or the need to change the existing password.

Warning: If you change or reset password by using any method above, all EFS encrypted files in Windows Vista or Windows XP will be unreadable and no longer recoverable unless you remember the old password that used to encrypt the files. So if you have any encrypted files, it’s best that you try to crack the password first in order to retrieve and get back the existing password first, before you attempt to reset the password to a new one.