I've forgotten my administrator password on my Windows 2000 Professional system, and now I can't do anything that requires administrator authority on the computer. The computer isn't a member of a domain, so I can't use the domain Administrator account either. What can I do?
Because your machine is a Win2K system, you can't load its SAM into L0phtCrack to crack the administrator password. L0phtCrack would be unable to crack the password hashes in the SAM, because Win2K automatically encrypts them with Syskey. Because your computer isn't a domain controller (DC), however, another option exists. The procedure works only on Win2K Server, Win2K Pro, and Windows NT systems that aren't DCs. You can use Peter Nordahl's Ntpasswd tool (available at http://home.eunet.no/~pnordahl/ntpasswd/bootdisk.html) to reset the administrator's password.
Download bd010114.zip and rawwrite2.zip from Nordahl's Web site, unzip them to a folder, then open a command prompt and change to that folder. Run rawwrite2.exe, and at the prompt for an image, type
Put a blank 3.5" disk in your disk drive, and specify its drive letter when the Rawwrite2 program prompts you. Rawwrite2 creates a Linux boot disk on that blank disk. The boot disk contains the program Ntpasswd. Put the disk in your Win2K Pro computer, and reboot. Linux loads, then Ntpasswd starts. Ntpasswd guides you through the steps to reset the Administrator account password to a password of your choice. When you're finished, remove the disk and reboot. You should now be able to log on with the new password.