Windows2000/NT/XP Administrator Password loss Solution

What should I do if my administrator password is lost? Below is a simple summary of the Solutions for Windows 2000/NT/XP systems, of course not comprehensive.

1. Clear the Sam file:
SYSTEM account information of WINNT series exists in the Registry File % SystemRoot % \ system32 \ config \ SAM. If there are no important accounts in the system or there are few accounts, it is relatively easy to delete % SystemRoot % \ system32 \ config \ SAM, however, because the system will restore to only two accounts, namely Administrator (the password is blank) and guest, some programs will be lost because their dependent accounts, such as IIS and VMWare, cannot be started.
I have heard that this method can only be applied to NT Workstation series (2 kpro) and cannot be used for server. I have tried it successfully on 2000professional and 2000 Advanced Server. I don't know why the above statement may be caused by the failure of the Active Directory ad.
First, you must be able to access the system partition to rename or delete the Sam file. For FAT32 and fat partitions, use 98 to start the disk. If the partition is NTFS, you can use the NTFS for DOS and NTFS for 98 of winternal, or enable the disc that supports NTFS, or attach it to another machine such as Win2000 and Linux, or reinstall a new Win2000.

2. Dedicated tools:
Windows administrator password loss Another solution is to use the offline nt password editor http://home.eunet.no of Petter nordahl-Hagen /~ Pnordahl/ntpasswd/). This tool is used to modify the Registry File Sam offline to set the password. I need to use his image file to create a boot disk for guidance, and then access the NTFS partition to reset the password. Although the author often updates his program, I am still worried that he will directly operate the security of the SAM file, it may sometimes cause system errors.
There may be other similar tools, so I am not sure.

3. Another idea is to use a password-changing applet to replace the necessary program for system startup, and then replace the password when the system starts, then we can restore the replaced program. Of course, you must first be able to access system partitions to replace programs started with the system.

One way to replace the necessary programs started by the system is to write a cleanpwd, which clears the administrator password. The usage is as follows:
(2). Usage
1) Use a dual system, a boot disk, or a mounted disk to another system. If it is an NTFS partition, another system or boot disk should be able to read and write the NTFS partition, and set system32 \ drivers under the Windows installation directory.

2) Start the system and clear the administrator password. you can log on directly.

3) Restore svchost.bak.exe. (If svchost is replaced, it is best to start the RPC service again)

(32.16.for example, svchost.exe is used instead of other programs.
Each Windows2000 system has these processes,
System (kernel executive and kernel)
SMSs (Session Manager)
CSRSS (Win32 subsystem)
Winlogon (logon process)
Services (Service Control Manager)
LSASS (Local Security Authentication Server)

If any one is killed or fails, the system restarts. However, you cannot change the password before starting LSASS, so you cannot use these programs.

In addition, the system generally has the following programs:
Svchost.exe (Remote Procedure Call (RPC) and other services)
WBEM \ winmgmt.exe (Windows Management Instrumentation)
Mstask.exe (Task sched.exe)
Regsvc.exe (Remote Registry Service)

There may be other service programs. You may have disabled services other than RPC, but RPC is not disabled. Otherwise, the system will not work properly. So I chose SVCHOST. If you know that other services will automatically start, you can also choose it.
Of course, if the system has installed anti-virus software, you can also replace the anti-virus software, because generally, anti-virus software will start the anti-virus firewall in the system for anti-virus.

(4). Miscellaneous
I had this idea a few months ago, but I never wrote this program: (the program runs in c: \ cleanpwd.txt to record a simple log. I also attached the source code, you can modify it to meet your requirements, such as adding a user instead of changing the administrator password (or renaming the administrator ).

4. I still see this method on a website:
It means to run net user administrator "in % SystemRoot % \ system32 \ drivers. After successful execution, the administrator password is also cleared. Close cmd or explorer and you can log on with an empty password.
In fact, this method is consistent with the above idea.