Skip navigation
Menu
Security

Changing the Administrator password if you have forgotten it.

A. A. The instructions below require a second installation of NT on the machine you have forgotten the password to. I uses the srvany.exe resource kit utility.

  1. Install a second copy of NT onto the machine into a difference dir/drive (it only has to be a minimal installation) and boot into this installation
  2. Copy the srvany.exe from the resource kit into a dir, e.g. c:\temp
  3. Start regedt32
  4. Move to HKEY_LOCAL_MACHINE and select the root
  5. From the Open menu select "Load Hive"
  6. Move to %systemroot%\system32\config of the main NT installation, i.e. if your main installation (the one whose password you are trying to change) is installed at d:\winnt you would move to d:\winnt\system32\config
  7. Select System and click Open
  8. You will be asked for a key name, enter Mainreg and click OK
  9. Select the "Select" branch and write down the Default value, e.g. 0xn, e.g. 0x1. This will be used to load the ControlSet00n
  10. Move to HKEY_LOCAL_MACHINE\Mainreg\ControlSet00n\Services\Spooler and take a note of the ImagePath value (it will usually be %SystemRoot%\system32\spoolss.exe).
  11. Change ImagePath to c:\temp\srvany.exe (or where ever you copied the file to), click OK
  12. Move to Parameters and add a Value of type REG_SZ called Application. Once added double click the new value and set to %systemroot%\system32\net.exe
  13. Add another Value of type REG_SZ called AppParameters. Once added double click the new value and set to "user Administrator password".
  14. Move back to HKEY_LOCAL_MACHINE\Mainreg and select "Unload Hive" from the open menu. Click Yes to the confirmation
  15. You should now reboot and boot off of your original NT installation. Wait a few minutes and then logon as the administrator with password password.

You now need to correct the changes made

  1. Start Regedt32.exe
  2. Move to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Spooler\Parameters and delete Application and AppParameters values.
  3. Move down to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Spoole and change ImagePath back to its original value (%SystemRoot%\system32\spoolss.exe)

You may now delete the second installation of NT if you wish and remove it from the boot menu (edit boot.ini after removing the hidden, read only and system attributes attrib c:\boot.ini -r -s -h).

All this actually does is change the spooler service to use the SRVANY.EXE program which runs NET as the service with parameters "user Administrator password", which is the same as net user Administrator password which is a way to change the password. Check the resource kit for more information on SRVANY.

TAGS: Security
Hide comments

More information about text formats

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish
Recommended Reading
Businesswoman challenges concept and gender obstacles
Women in Cybersecurity Face Barriers to Hiring, Advancement
Apr 15, 2024
person typing on keyboard with icons for certificates
Top IT Certifications for a Career in Finance
Apr 12, 2024
employee working on a laptop with AI
Why AI Coding Assistants May Be Greatest Cybersecurity Threat Facing Your Business
Mar 26, 2024
cleaning products
6 Essential Steps for Spring Cleaning Your Website
Mar 21, 2024