Reset Windows NT 4.0 & Windows 2000 Administrator or Domain Admin Password with LOGON.SCR Trick

Home»Operating Systems»Windows»Reset Windows NT 4.0 & Windows 2000 Administrator or Domain Admin Password with LOGON.SCR Trick
Forgot your administrator password? If you’re using Windows NT 4.0 or some version of Windows 2000, you can reset the administrator user account password by using a simple trick and hack that involves default screen saver, beside using third-party password recovery system or apps such as Login Recovery. With logon.scr password reset crack method, users can reset the admin user account password, without knowing or remembering existing password. But the trick won’t reveal and get back the existing password, nor it will work on newer Windows operating system such as Windows XP, Windows 2003 Server, Windows Vista, Windows 7, Windows Server 2008 (R2) or later that has tighter security and privileges limitation.

To change reset the local administrator’s password on Windows NT and Windows 2000 (only on some versions, so you have to try your luck), or domain admin password on a Domain Controller (DC) running on Windows NT or Windows 2000, follow these steps:

  1. Logon or login to the Windows computer with any user account.
  2. Navigate to %systemroot%\System32 in Windows Explorer. %systemroot% is your Windows installation folder, and normally located in \WINNT or \Windows (i.e. \WINNT\System32).
  3. Save a copy of LOGON.SCR file, or simply rename the logon.scr file to something else. Just make sure that you remember where and what name is the backup copy.
  4. Delete the original LOGON.SCR from the %systemroot%\System32 sub-folder after you have backed it up. The file should no longer exist if you rename it.
    If you having problem to delete or rename LOGON.SCR, it may be due to permission settings. Try to take ownership of the LOGON.SCR (by right clicking on LOGON.SCR, then select Properties and go to the Security tab, then click on the Ownership. Click “Take Ownership” and then click Yes to the prompt message.), and give the Everyone group Full Control permissions (by right clicking on LOGON.SCR then select Properties, then go to Security tabs. Click on Add and browse to and add the Everyone group. Give Everyone Full Control and then click on OK.) You may need to install an alternate second copy of Windows on the machine to do so as detailed at the end of this article.
  5. Copy and paste the CMD.EXE located in %systemroot%\System32 to create additional copy of CMD.EXE in the same directory, then rename the new copied file as LOGON.SCR. This will let the Windows NT or Windows 2000 to use CMD.EXE command prompt program as the screen saver that will be activated after computer idle for specific minutes.
  6. Ensure that you activate the screen saver of the Windows.
  7. Wait for the computer screen saver activation idle wait time timeout, so that Windows will load the unprotected DOS command prompt in the context of the local system account as if it’s the screen saver.
  8. In the CMD command prompt that is opened, key in the following command to reset and change the administrator’s password:
    net user administrator newpassword

    And the user account for administrator will have the new password of newpassword (which you should change to your own password). With the syntax of net use user_name new_password, it can be used to reset or modify the password of other administrative user account’s passwords.

  9. You can now log on to the administrator account with the new password. You may want to replace back the original LOGON.SCR that has been backed up or renamed.
  10. You may want to delete the alternate installation of Windows, by deleting the installation folder or format the partition (if you install in different partition), and removing the second Windows entry in BOOT.INI file at the root. Use attrib -r -s -h c:\boot.ini to change and allow the boot.ini to be modified and viewed.

Unless you’re using Windows NT 4.0 computers that were installed out-of-the-box that set the NT’s default permissions for Everyone to Full Control, you most likely will have problem to rename, change or delete the files located in \Winnt\System32 or \Windows\System32 folders if you log in as the non administrative regular user, as regular user cannot manipulate the files’ permissions.

In this case, install an alternate second copy or Windows NT or Windows 2000 (make sure it’s the same version with the existing OS which you have forget the password installed), and the new install of Windows must be installed in different directory/folder from the existing Windows, which usually located in \WinNT or \Windows, or install the new Windows on another partition or drive. Alternatively, you can take out the hard drive (where you lost the admin password) and place or install it as a slave on another computer with any OS such as Windows XP or Windows 2000 installed. The purpose is to access the %systemroot%\System32 of the OS that you have lost or forgot the administrator password, and does the modification specified above.

After installing the alternate copy of Windows, or install the hard disk as the slave disk to another Windows in a computer, boot up the system with the alternate Windows. If you install the second copy of Windows on the same machine, go to Control Panel -> System -> Startup (NT) or Control Panel -> System -> Advanced -> Startup and Recovery (W2K) and change the default boot instance back to your original instance of Windows. Then follow the step 2 to 4 above. After done, reboot and restart the system and bootup to the original instance of Windows (if you take up the hard disk to another machine, now put it back to the original computer), and continue the rest of steps from step 5 onwards.

Update: reset or retrieve Windows admin or user account passwords.

About the Author:

LK is a technology writer for Tech Journey with background of system and network administrator. He has be documenting his experiences in digital and technology world for over 15 years. Connect with LK through Tech Journey on Facebook, Twitter or Google+.
  • Simon Zerafa

    Hi,

    There is a tool which automates this process and will even create a bootable .iso for you to burn to CD.

    The tool is called DreamPack PL and can be found at:

    http://www.d–b.webpark.pl/dreampackpl_en.htm

    Note; The background music on this site is loud and annoying. Switch off your speakers before visiting.

    This tool will work on Windows XP.

    Kind Regards

    Simon

  • Jeff

    An easier NET USER ADMINISTRATOR * It will then prompt you with the type and retype pass word things, but when you type it wont show up on screen so people dont see it.

  • caspersky

    I've tried your way but it doesn't work. The message "System error 5 has occurred. Access is denied" prompts when i typed 'net user administrator newpassword'.

  • vertillano

    when i click run type cmd then type net user and the admin and pass… it says "Access Denied" uhmm what happen?

  • i want the acount details of this atm card :627168 021053380022

  • Addy

    Usually, we can recover Windows admin password in two traditional ways. The first is to change Screen password with another admin account, ; the second is to recover the previous password with the windows password reset disk that had been created before you forgot the password. Take Windows XP for example,

    1 At the Windows XP login prompt when the password is entered incorrectly click the reset button in the login failed window.

    2 Insert the password reset diskette into the computer and click Next.

    3 If the correct diskette Windows XP will open a window prompting for the new password you wish to use.

    However, we offen ignore the important of security until we have been locked out of computer. Fortunately, there is still the last way that can unlock your computer without reinstalling – erase Windows password with Windows password reset CD, which can recover admin password for Windows 7/XP/Vista/NT/2000/2003…. Take Windows Password unlocker for example, followings are the steps to create the reset CD

    1.Download Windows Password Unlocker from Password Unlocker Official site

    2.Decompress the Windows password unlocker and note that there is an .ISO image file. Burn the image file onto an blank CD with the burner freely supported by Password Unlocker.

    3.Insert the newly created CD into the locked computer and re-boot it from the CD drive.

    4.After launched the CD, a window pop up with all your account names(if you have several accounts) select one of the accounts that you have forgotten its password to reset it. Just one press, this software can remove screen password instantly.

  • Lory

    Long time ago , I confronted with the similar problem.

    Finally , my friend introduces the Windows password Key 8.0.It help me access windows. It's worth a try!

  • Pankaj

    i want to hack my college's network its network is so secured , i tried to crack it but failed if any one can help me can contact me at obamabarak54@yahoo.in

  • Emma

    thanks. that helps. I have tried this method. I also found another useful way, to use Windows Login Recovery can also achieve this. You can just follow three steps:

    1. Download and install Windows Login Recovery in a computer.

    2. Run the program and create a password reset disk with a blank CD/DVD or USB flash drive.

    3. Reset Windows password with the password reset disk.

    you can find you password back with just some clicks.

  • hebeella

    I know good program called Windows Password Seeker. It can remove,recover,reset almost Windows password.

Pin It on Pinterest

Share This

Share This

Share this post with your friends!