The Windows XP startup script (startup scripts) is a batch file that the computer runs before the logon screen appears, and functions like an automated batch file Autoexec.bat in Windows 9x and DOS.
With this feature, you can write a batch file to reset the user's password and add it to the startup script, which achieves the goal.
The following are concrete steps (assuming the system directory is C:\Windows).
1. Use the Windows98 boot disk to start the computer. Write a batch file A.bat that restores the password, and the content requires only one "net User" command: "NET user rwd 12345678".
The meaning of this command is to set the user RWD password to "12345678" (for the use of the Net command, refer to Windows Help). Then save the file A.bat to "C:\windows\system32\GroupPolicy\Machine\Scripts\Startup".
2. Write a startup/shutdown script configuration file Scripts.ini, this filename is fixed and cannot be changed. The contents are as follows:
[Startup]
0cmdline=a.bat
0parameters=
3. Save the file Scripts.ini to "C:\winnt\system32\GroupPolicy\Machine\Scripts". Scripts.ini holds setup data for computer startup/shutdown scripts, which typically contain two data segments: [Startup] and [Shutdown]. Under the [Startup] data segment is the startup script configuration, and the [Shutdown] data segment is a shutdown script configuration.
Each script entry is divided into the foot name and the script parameters are stored in two parts, the Xcmdline keyword is saved under the key, the parameter is saved under the Xparameters keyword, here x represents the script sequence number starting from 0 to distinguish multiple script entries and flags the order in which each script entry is run.
4. Remove the Windows 98 boot disk, reboot the computer, and wait for the startup script to run. The user RWD password is restored to "12345678" after the startup script is run.
5. After successful login, delete the two files created by the above steps.
Note: The computer uses the FAT32 file system, and if you use the NTFS file system, you can do this on a computer that is attached to the disk mode to identify the NTFS file system, such as Windows 2000 or Windows XP. This method restores the administrator's password. The password recovery for local computer users and domain users in the Windows2000 system is also valid.
More ways to refer to: XP power-on password cracking method Daquan