Forgot Windows login password!

My friend forgot his Windows 2000 login password. This is the password that they ask for when you turn on the PC and before Windows starts.

Is there any way to reset this password? He has his original CD.


I may be running an older system, but if your boot allows you to enter in Dos mode you can delete the .pwd files and start over.

Here’s the Microsoft Advanced Search page;EN-US;kbhowto&sd=GN&ln=EN-US&FR=0

And specifically;en-us;258289

Are we talking about a boot-up password, or an actual Windows login password? You say before Windows starts, do you mean before Windows begins loading or once it has loaded? If it’s a boot-up password (before Windows begins loading, in other words as soon as you power up the PC), you are in luck because the password is stored in CMOS, and most motherboards allow you to reset the CMOS settings by shorting two points on the motherboard, or by taking the CMOS battery out and leaving it out for about 8 hours.

But if it’s a Windows login password…well that’s a bit tougher because Windows 2000, a network operating system, was built with security in mind. In other words, don’t forget your password. BUT, since your friend is obviously not very computer literate, I assume he did not know to disable the default system Administrator account, and unremovable Administrator account. So try logging on as just “Administrator” then from there you can modify all other accounts.

Thanks for the replies. I will pass along the info and let you know how it goes.

There are several utilities out there for resetting a Win2k or XP password. This site lists several of the better ones.

Tee Hee Hee. Ha Ha Ha Ha Ha Ha! Oh my, I haven’t had such a good laugh in a while.

Windows 2000 has more security features than Windows 95/98/Me, which isn’t saying much since those versions had no security. However, Windows 2000 security is still pretty weak, unless you are very careful.

Just one silly example:

The login screen saver (you know, the one that comes up if you aren’t logged on, and you let the computer sit idle for 5 or 10 minutes) runs with full privileges (actually higher than admin). The screen saver is just a program residing on the hard drive, and if your PC is setup with a FAT filesystem (very common, since it is easier to recover if something goes wrong), that file is completely unprotected. Change that file to, say, cmd.exe, reboot, go for a coffee, and when you return, voila! instant higher-than-admin-privilege shell.

Haha, god bless microsoft.

Oh please. Set aside your nerdish tendencies for one minute and realize this guy needed help, and I provided it. I know you relish the opportunity to flame microsoft, but please, do it in another post. I didn’t say windows was the end all be all of OS security. Everybody knows it has security loopholes, hence the need for service packs. I simply said it was built with SECURITY IN MIND, meaning it was one of their goals. Everybody knows there is no such thing as “total security”, only degrees of security. But since we’re on the subject, windows 2000 is a network OS, and any sensible network admin is going to require its hosts to use the NTFS file system, not FAT, like some home users might use. Of course the more security you want, the more careful you have to be. Duh. That is the case with a lot of things. Or were you just trying to show off?

I think this speaks for itself.

All of the win9.x operating systems (95, 98, ME) boot DOS first then use DOS to load Windows. All NT operating systems (NT 4, 2000, XP) use the NT loader. You can’t boot DOS mode on NT.

If your drive is FAT32 then you can boot from a win98 DOS floppy.

There are ways into NTFS systems but they are a bit trickier.

Nay, I was flaming you, for implying that Windows 2000 was very secure - to wit “In other words, don’t forget your password”.

Sorry to break this into two posts … clicked submit instead of preview.

NT/2K (but not generally XP) are often setup with a small-ish FAT partition for booting (including all OS files), and a large NTFS partition for everything else. The reason for this is ease of recovery. I have seen this at places that should know better - software companies, hospitals, universities, banks, you name it. I’m not talking about small rural hospitals or 1-branch banks, either.

Here is a very interesting and entertaining thread I started on this very subject back in February…

Essentially I was involved in power wars between a father and son over login usage on a Windows XP machine.

Here is a quote from the thread which is pertinent to the question in the OP…

Hope that helps…

KansasMan, this utility works very well. It is called the Offline NT Password & Registry Editor. It is a bootable CD image which when booted allows you to reset most NT passwords (It WON’T reset your Active Directory Admin password). It’s listed on the page Tourbot recommended.

I’ve used this one many times, it works beautifully. If you haven’t already recovered the password, download this utility and be done with it.

Hmm… how would he access NTFS partitions with a DOS bootdisk? I haven’t tried with that specific boot disk but when I needed to examine my drives in a DOS environment it could not access my drives at all. Of course, there are special loaders that can be made with a floppy or CD (I used one to upgrade my DVD drive’s firmware) and my drives WERE accessible so I’m assuming the flaw is just as bad, you just need a specific loader.

Also, is the SAM file used the same way for XP? I want to try this out myself…

The “vulnerability” posted by 5cents isn’t actually a specific Windows vulnerability, it’s part of the same class of vulnerability as the one Boo Boo Foo posted - something that all computers irrespective of operating system can fall prey to.

Contrary to the popular myth perpetrated by people like 5cents the Linux kernel actually does not have the ability to automatically incarnate as an armoured robot with a power sword in order to defend its hardware from hackers. Unbelievable, but true.

To access NTFS partitions from a DOS boot there’s the NTFSDOS utility from SysInternals (and there’s plenty of other useful stuff there too). DOS does not normally have the ability to read an NTFS partition, so it needs a little extra help like this.

Any OS cannot protect itself when the machine is booted from another OS. That irrefutable fact is central to any discussion.

Sure it could possibly encrypt stuff to make it tougher for the alternate OS to break in, but that’s only changing the size of the challenge, not its fundamental do-ability.

A Linux OS can be cracked by another copy of Linux or a Windows and vice versa. Once it’s not in control, the installed OS is just a large inert lump of data to be massaged (or raped) as you desire.

The fault in using a small DOS partition on an otherwise-NTFS machine is that it places critical system files within easy reach of another easy-to-use and widely available OS – DOS.

Installing NT that way might have been sound advice when it was brand new and not many offline NTFS tools were available and most workstations were still Win98. But in today’s world it’s bordering on negligent to set up a commercial box that way.

It isn’t? So do other operating systems run screensavers at administrative permission? Which ones?

Can you please show me where I mentioned linux? I can’t see it.

Can you please show me where I mentioned DOS boot? I can’t see it, either.

The exploit I showed requires that the boot partition be FAT, and that you have some access to the machine (left logged in unattended, or guest, or whatever). That’s all. It doesn’t require anything else. You only need to bring yourself.

Read my message again. I just reboot NT/2K. No other OS involved.