Sneaky Command-Line Fu: Reset the Password with the System Rescue CD
If you need access to the operating system itself, the Linux-based System Rescue CD is a good option for breaking in. You’ll need to do a bit of command line work, but as long as you follow the instructions closely you should be fine. Hat tip to our friends at the How-To Geek.
How It Works: Just download the .iso file for the System Rescue Live CD and burn it to disc. Boot from the disc and hit the default option when the blue screen comes up. After everything loads and you’re presented with a command-line interface, type
fdisk -l to see the drives and partitions on your computer. Pick the Windows partition (usually the largest NTFS partition) and note the name, e.g.
Then, run the following command:
Make sure to replace
/dev/sda3 with the partition you noted earlier. Next,
cd to your Windows/System32/config directory with this command:
We want to edit the SAM file in this folder, so type the following command to get a list of users:
Note the username you want to access, and then type the following command, replacing
Whitson Gordon with the username in question.
At the next screen, choose the first option by typing the number
1 and hitting Enter. This will clear the user password, making it blank. When it asks you to write hive files, hit
y and press Enter. It should say OK, and then you can type
reboot to reboot the computer. When you boot into Windows, you’ll be able to log in to that user’s account without a password.
How to Beat It: Once again, the weakness of this method is that it still can’t beat encryption. Changing the password will disallow you access to those encrypted files, which, if the user has encrypted their entire OS, makes this method pretty useless. If they’ve only encrypted a few files, though, you’ll still be able to access all the unencrypted stuff without a problem.