Copyright

Return to index

******************************************************

Assuming it works properly, the tool at http://home.eunet.no/~pnordahl/ntpasswd/ is probably the simplest solution. Its stated design allows you to boot an NT/W2k system from a floppy and then reset passwords. I haven't played with it enough to make any statement about it.

=========================================

One method is to rework the system so that the default screen saver (the one that runs, when no one is logged on) actually opens a command shell (cmd.exe). Since the default screen saver launches with the system account, it has the authority to change the Administrator's password.

Once you've reset the default screen saver to run a copy of cmd.exe and rebooted to problem NT load (if necessary), leave the system idle at the logon screen long enough for the default screen saver to activate, then do the following:

1) In the DOS window run the following commands (replace 'newpwd' with your password).

a) net user administrator newpwd
b) exit

2) Press ctrl-alt-del and logon as the local Administrator, using the new password.

3) Replace the copy(s) of cmd.exe with the original .scr files and/or restore the default screen saver to its original settings.

========================================

There are several ways to arrange for the default screen saver to launch cmd.exe. The first 2 examples assume that the default screen saver remains set to the default of logon.scr. If you have changed it, you would need to substitute the file name of the current screen saver for "logon.scr" in the examples. If you don't know the file name for the current screen saver, you can rename all .scr files and replace each with a copy of cmd.exe.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

If you can log onto the system with any account and haven't altered the default permissions to prevent it, simply move or rename the existing default screen saver file and replace it with a copy of cmd.exe that has the same name. For example:

1) Log on with any account.

2) In a DOS/command shell (cmd.exe), run the following commands:

a) ren %windir%\system32\logon.scr *.xxx
b) copy %windir%\system32\cmd.exe %windir%\system32\logon.scr

3) Log off.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

If you can't log on with any account or the permissions will not allow you to make the changes, you could do something like:

1) Either boot to another NT installation on the same machine or remove the hard drive and install it, as a secondary drive in another NT machine, then boot to NT on that machine. If the problem load is on a FAT partition, you could boot to DOS or 9x, instead (e.g. boot from a DOS floppy).

2) In the %windir%\system32 directory of the problem NT load:

a) Rename or move logon.scr
b) Copy cmd.exe to logon.scr

3) Boot to the problem NT load.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

If you don't know the name of the current screen saver file and can't correct the problem by replacing all .scr files with copies of cmd.exe, you might try the following method, as a last resort:

**************************************************************

Caution! Playing in the registry can be very dangerous to your

machine's health (sanity?). Be very careful!

***************************************************************

1) Either boot to another NT installation on the same machine or remove the hard drive and install it, as a secondary drive in another NT machine, then boot to NT on that machine.

2) Open regedt32

3) Select the HKEY_USERS window.

4) With the focus on HKEY_USERS (not one of individual user keys), from the Registry menu, select 'Load hive'.

5) In the 'Load Hive' dialog, change to the problem NT4 load's winnt\system32\config directory and open the 'default' file.

6) Name the new hive 'temp' (or whatever you want).

7) Under the 'temp' hive locate "Control Panel\Desktop\SCRNSAVE.EXE" and change the value (you might make a note of it first) to cmd.exe. You might also want to :

a) Verify that ScreenSaveActive=1
b) Verify that ScreenSaverIsSecure=0
c) Reduce the value of ScreenSaveTimeOut" to a shorter interval (in seconds).

8) Highlight the 'temp' hive (not the HKEY_USERS hive!) and, from the Registry menu, select 'Unload hive'.

9) Boot to the problem NT load.

~~~~~~~~~~~~~~~~~~~~~~~
Note. If you can access the files on the machine's HD (e.g. by one of the methods described above), then another possibility is to move, rename, or delete %windir%\system32\config\SAM. This file contains the system's user account database. If NT can't find the file, during boot, it will create a new default SAM in which the Administrator password is blank. Keep in mind though that, if you use this method, you will lose all changes that were recorded in the original SAM (e.g. new local accounts, membership, etc.).

Note. You will find another method for resetting a lost Administrator password on http://www.jsiinc.com (I don't know the article number and I'm afraid you'll have to use Java to browse the site).

******************************************************