9 ways to forget your Windows XP login password

Source: Internet
Author: User
Tags ini net command reset safe mode administrator password backup

When using Windows XP if you are an easily forgotten person, be sure not to forget to create a startup disk that restores the password in Windows XP The first time you set a password, which frees you from the hassle of formatting your hard drive.

From the Control Panel, locate the user account item, select your own account into the control interface as shown in the picture, we can see the left-hand task list in a "block a forgotten password", click on the "Forgotten Password Wizard", the wizard will be prompted to insert a formatted blank disk, The operation will allow you to enter the password used in this account and you will soon be able to create a password reset disk.

Later, when we forget the account password, after you log on to Windows XP without using the Welcome screen logon method, press Ctrl + Alt + Del to enter the Windows Security window, click the Change Password button in the options, and the Change Password window appears. This window, the current user's password backup, click on the lower left "backup" button, activate the "Forgotten Password Wizard", follow the prompts to create a password reset disk.

If you enter the wrong password in the Windows XP login window, the login failure window pops up, and if you do not remember what your password is, click the Reset button, start the Password Reset Wizard, and use the password reset disk that you just created, You can change the password and start the system with this password reset disk. Reset your password and log on to Windows XP.

The creation of a password reset disk, there is a certain risk, because anyone can use this "password reset disk" to log on to Windows XP, can be in the name of the user into the user account, to operate the real user can operate everything, so the "password reset disk" must be kept in the appropriate place, In case of loss or loss of confidentiality.

Method 1--the "administrator" (this method applies to situations where the administrator username is not an "administrator")

We know that during the installation of Windows XP, we first log in as "Administrator," and then ask to create a new account to log in with this new account when you enter Windows XP, and in Windows XP login interface will only be created this user account, no "administrator", but in fact the "administrator" account still exists, and the password is empty.

When we understand this, if you forget the login password, in the login interface, hold down the Ctrl+alt key, and then hold down the DEL key two times, you can appear classic login screen, at this time in the user name type "Administrator", the password for empty entry, and then modify the "ZHANGBP "Password.

Method 2--Delete The Sam file (Note that this method applies only to WIN2000)

Security management for user accounts in Windows NT/2000/XP uses the mechanism of the Security Accounts Manager, SAM, and the Security Accounts Manager manages the account through a security identity, which is created at the same time as the account is created. Once the account is deleted, the security ID is also deleted. The security identity is unique, and even the same user name is completely different from the security identity that is obtained each time it is created. Therefore, once an account is reconstructed by the user name, it will also be given a different security identity and will not retain the original permissions. The specific performance of the security Account Manager is the%systemroot%system32configsam file. The SAM file is a Windows NT/2000/XP user account database, and all user login names and passwords are stored in this file.

Knowing this, our solution also came up with: Delete sam file, start the system, it will rebuild a clean and innocent Sam, there is no password in nature.

However, such a simple approach in XP is not applicable, may be the Microsoft as a bug, restrictions ... So now in the XP system, even if you delete the SAM, or you can not delete the password, but will cause the system to initialize the initialization error, and thus into the dead loop can not enter the system!!

Method 3--to find the password from the SAM file (prerequisite ... will use DOS basic commands on line)

Before the system starts, insert the boot disk and enter: C:winntsystem3config Copy the SAM file to the floppy disk using the Copy command. Get another machine to read. The tools needed here are LC4, run LC4, open and create a new task, click "Import→import from SAM file" and turn on the Sam file that is being cracked, LC4 automatically parse the file and display the user name in the file, and then click " Session→begin Audit ", you can begin to crack the password. If the password is not very complicated, the result will be in a short time.

However, if the password is more complex, it will take a long time, then we need to use the following method.

Method 4--is overwritten with other Sam files (provided you can get another computer's Sam file and its password ...). Personally felt to be the most feasible approach)

1--as stated above, the SAM file holds the login name and password, so we just replace the SAM file with the login name and password. However, this replacement Sam file's "origin" hard disk partition format is the same as your system (see FAT32 or NTFS, you confirm yourself). It is best that the "origin" system does not have a password, security settings have not been moved (in fact, most of the personal computers are the case), of course, the more insurance method is to the XP [Win Ntsystem 32Config] under the cover of all the files to [C:win Ntsystem 32Config] Directory (assuming that your XP is installed in the default partition C:),

2--If you don't get help from others (I mean, in case), you can install an XP system on another partition, the hard disk partition format should be the same as the original, and please note that you must not be installed with the original XP in the same partition! Before you start, be sure to back up the boot area MBR, There are many ways to back up the MBR, using tool software, such as anti-virus software KV3000. After the installation with the administrator landing, now you have the original XP has the absolute right to write, you can put the original Sam test down, with 10PHTCRACK to get the original password. You can also overwrite all files under the newly installed XP Win Ntsystem 32Config into the C:win ntsystem 32Config directory (set up the original XP installation here), and then use KV3000 to restore the previous grief and indignation of the main boot zone MBR, Now you can log in to XP as an administrator.

[2nd program I feel trouble, or 1th: Ask others to help better ...]

"In addition, it is said that the SAM in the C:windows Epair directory is the original version that can be used to overwrite the SAM under System32 so that the current password can be removed and the password is restored to the time the system was first installed." If the password is empty, wouldn't it be ...?

Method 5--uses the Win 2000 installation CD to boot the repair system (prerequisites ...). Is it obvious? You want a Win 2000 installation disc.

Use the Win 2000 installation CD to start the computer, select Repair Windows 2000 (press R key) in the Wndows2000 installation selection interface, and then choose to use the fault console repair (press C) and the system scans the existing WINDOW2000/XP version. There is generally only one operating system, so only one login selection (l:c:windows) is listed. Press L from the keyboard, then enter, this time, Window XP does not require the password to lose the administrator, but directly logged into the Recovery Console mode (if you are using the Windows XP installation CD-ROM boot, it is required to lose the person administrator password.) This refers to the administrator refers to the system built in the Administraor account. Friends familiar with Windows know that the Recovery Console can perform any system-level operations, such as copying, moving, deleting files, starting, stopping services, or even formatting, repartition, and so on.

Test using CD: Integrated SP3 Windows proessional Simplified Chinese version.

Tested Systems: Windows XP proessional, Windows XP with SPI patches (FAT32 and NTFS file systems are the same)

[Note that for a variety of reasons, some Windows 2000 installation discs on the market do not show the fault console logon option, so you cannot exploit this vulnerability.) At the same time, due to the limitations of the fault console model itself, it is not possible to exploit this vulnerability from the network, in other words, this vulnerability is limited to a single machine. ]

Method 6--The Net command (with two necessary prerequisites: The partition for Windows XP must be a FAT 32 file small system with no characters in the username.) )

We know that the "net User" command is available in Windows XP, which allows you to add and modify user account information in the form of the following syntax:

NET user [UserName [Password *] [options]] [/domain]

NET user [UserName {Password *}/add [options] [/domain]

NET user [UserName [/delete] [/domain]]

The specific meaning of each parameter is explained in detail in Windows XP Help, which I will not elaborate on. OK, let's now take the example of restoring the local user "ZHANGBQ" password to illustrate the steps to resolve the forgotten login password:

1, restart the computer, in the Start screen immediately after pressing the F8 key, select "Safe Mode with command line."

2. At the end of the operation, the system lists the system super User "Administrator" and the local user "ZHANGBQ" menu, the mouse clicks "Administrator", enters the command line mode.

3, type the command: "NET user Zhangbq 123456/add", forcing the "ZHANGBQ" user's password to change to "123456". If you want to add a new user here (for example, the username is abcdef and the password is 123456), type "NET user abcdef 123456/add", which can be added "net localgroup Administrators Abcdef/add" command to promote users to the System Management Group "Administrators" and to have super privileges.

4, restart the computer, select Normal mode to run, you can use the changed password "123456" login "ZHANGBQ" user. In addition, ZHANGBQ into the login (console)→(user account)→ Select users who forgot the password, then select (Remove the password) after (and so forth) in the login screen select the original user can not need password condition (as removed) to delete the newly added users, in (console)→(user account)→ Select ( Alanhkg888), then select (Remove account) to

[However, it was suggested that after the experiment-the new user in Safe Mode command could not enter normal mode (This conclusion is not confirmed)]

Method 7--use cracked password software (if you want to have a standard system installation CD-ROM-not that "integrated" multiple systems D plate)

1--uses Windows KEY 5.0 in Passware KIT 5.0 to restore the system administrator's password and generate 3 files after running: Txtsetup. OEM, Winkey. The SYS and winkey.inf,3 files are 50KB in total. Put these 3 files on any floppy disk and then use the XP installation CD to start the computer and press F6 during startup to allow the system to use a Third-party driver. At this point, it is the best time for us to insert the floppy disk will automatically jump to the Windows key interface. He would have forced the password of the administrator to 12345, so what's the big deal? ho Ho! When you reboot, you will be asked to revise your password again.

2--uses Office NT PASSWORD & REGISTRY EDITOR. The software can be used to make a Linux boot disk that can access the NTFS file system, so it can support Windows 2000/xp well. Using a tool that runs under Linux in this floppy disk NTPASSWD can solve the problem and can read the registry and rewrite the account. The use of the method is very simple, just according to the prompts after the start of the step-by-step to do it. Here, it is recommended that you use the quick mode, which lists the user's password for you to choose to modify. The default choice of Admin group users, automatically find the name of the administrator to replace the user, very convenient.

3--erd.commander2003 for Windows Administrators and end users, in the face of a system that can crash at any time, everyone may have their own set of tools to save data and repair systems. ERD Commander This is the most powerful component of the Winternals Administrators Pak tool, and one of the compelling features is to modify the password, Windows nt/2000/xp/2003 Any user's password in the system can be modified by the ERD without knowing the original password.

Method 8--Modification

Screen saver (if you have a screensaver installed)

Use Ntfsdos, a tool that can write NTFS partitions from DOS. Use the software to make a DOS boot disk, then rename the screensaver Logon.scr under C:win ntsystem 32, then copy Command.com to C:win Ntsystem 32 (WIN2000 can be used CMD.EXE). and rename the file to Logon.scr. After starting the machine for 15 minutes, the screen protection that should appear is now in the command line mode and has administrator privileges, so that he can modify the password or add a new administrator account. Don't forget to change the name of the screensaver after you have finished.

Method 9--Use startup scripts (Prerequisites ...). will use DOS basic commands on line)

The Windows XP startup script (startup scripts) is a batch file that the computer runs before the logon screen appears, and functions like an automated batch file Autoexec.bat in Windows 9x and DOS. With this feature, you can write a batch file to reset the user's password and add it to the startup script, which achieves the goal. The following are concrete steps (assuming the system directory is c:windows).

1. Use the Windows98 boot disk to start the computer. Create a new file called A.bat in DOS, the content only needs a "net User" command: "NET user rwd 12345678". The meaning of this command is to set the user RWD password to "12345678" (for the use of the Net command, refer to Windows Help). Then save the file A.bat to "C:windowssystem32grouppolicymachinescriptsstartup".

2. Write a startup/shutdown script configuration file Scripts.ini, this filename is fixed and cannot be changed. The contents are as follows:




3. Save the file Scripts.ini to "C:winntsystem32grouppolicymachinescripts". Scripts.ini holds setup data for computer startup/shutdown scripts, which typically contain two data segments: [Startup] and [Shutdown]. Under the [Startup] data segment is the startup script configuration, and the [Shutdown] data segment is a shutdown script configuration. Each script entry is divided into the foot name and the script parameters are stored in two parts, the Xcmdline keyword is saved under the key, the parameter is saved under the Xparameters keyword, here x represents the script sequence number starting from 0 to distinguish multiple script entries and flags the order in which each script entry is run.

4. Remove the Windows 98 boot disk, reboot the computer, and wait for the startup script to run. The user RWD password is restored to "12345678" after the startup script is run.

5. After successful login, delete the two files created by the above steps.

[You can actually borrow another computer to write A.bat and Scripts.ini with Notepad, and then copy it to your computer with a floppy disk).


The above script uses the FAT32 file system, and if you use the NTFS file system, you can do this from disk mode to other computers that recognize the NTFS file system, such as Windows 2000 or Windows XP. This method restores the administrator's password. The password recovery for local computer users and domain users in the Windows2000 system is also valid.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.