How to use the Windows recovery console.

Additional information:

The Microsoft Windows recovery console was first introduced in Microsoft Windows 2000 and is available in all later versions of Windows including Windows XP. This feature enables users to get to a mode that allows them to recover, change, or fix files or settings that may be causing their computer not to boot properly.

A listing of available Windows 2000 and Windows XP recovery console commands can be found on our recovery console definition.
-------------------------------------------------------------------------------------------------

First, to get into the Microsoft Windows recovery console you must have a Microsoft Windows CD, if your computer came with another restore or recovery cd it's possible the below steps my not apply to your CD. Place the Windows CD in your computer and boot from the CD


If you do not have a standard Microsoft Windows XP CD you can get into the recovery console by using the Windows XP bootable diskettes.

How to use a password reset disk

If you forget your password, you can log on to the computer by using a new password that you create by using the Password Reset Wizard and your password reset disk.

To gain access to your local user account on a computer that is a member of a domain, or has been disconnected from a domain, follow these steps:

1. In the Welcome to Windows dialog box, press CTRL+ALT+DELETE.
2. In the Log On to Windows dialog box, type an incorrect password in the Password box, and then click OK.
3. In the Logon Failed dialog box that appears, click Reset. The Password Reset Wizard starts. You can use the Password Reset Wizard to create a new password for your local user account.
4. On the Welcome to the Password Reset Wizard page, click Next.
5. Insert the password reset disk in drive A, and then click Next.
6. On the Reset the User Account Password page, type a new password in the Type a new password box.
7. Type the same password in the Type the password again to confirm box.
8. In the Type a new password hint box, type a hint that will help you remember the password if you forget it.
   
   Note This hint is visible to anyone who tries to log on to the computer by using your user account.
9. Click Next, and then click Finish. The Password Reset Wizard quits and you return to the Log On to Windows dialog box. The password reset disk is automatically updated with the new password information. You do not have to create a new password reset disk.
10. In the Log On to Windows dialog box, type your new password in the Password box.
11. In the Log on to box, click the local computer--for example, click Computer (this computer), and then click OK.

You are logged on to the local computer with your local account information.

create a password reset disk

Note that this procedure requires one blank, formatted floppy disk.

To create a password reset disk for your local user account, follow these steps:

1. Press CTRL+ALT+DELETE. The Windows Security dialog box appears.
2. Click Change Password. The Change Password dialog box appears.
3. In the Log on to box, click the local computer--for example, click Computer (this computer).
4. Click Backup. The Forgotten Password Wizard starts.
5. On the Welcome to the Forgotten Password Wizard page, click Next.
6. Insert a blank, formatted disk in drive A, and then click Next.
7. In the Current user account password box, type your password, and then click Next. The Forgotten Password Wizard creates the disk.
8. When the progress bar reaches 100 percent complete, click Next, and then click Finish. The Forgotten Password Wizard quits and you return to the Change Password dialog box.
9. Remove and then label the password reset disk. Store the disk in a safe place.
10. In the Change Password dialog box, click Cancel.
11. In the Windows Security dialog box, click Cancel.

you can easily change or wipe out your Administrator password for free during a Windows XP Repair.

Here’s how with a step-by-step description of the initial Repair process included for newbie’s.

1. Place your Windows XP CD in your cd-rom and start your computer (it’s assumed here that your XP CD is bootable – as it should be - and that you have your bios set to boot from CD)

2. Keep your eye on the screen messages for booting to your cd Typically, it will be “Press any key to boot from cd”

3. Once you get in, the first screen will indicate that Setup is inspecting your system and loading files.

4. When you get to the Welcome to Setup screen, press ENTER to Setup Windows now

5. The Licensing Agreement comes next - Press F8 to accept it.

6. The next screen is the Setup screen which gives you the option to do a Repair.

It should read something like “If one of the following Windows XP installations is damaged, Setup can try to repair it”

Use the up and down arrow keys to select your XP installation (if you only have one, it should already be selected) and press R to begin the Repair process.

7. Let the Repair run. Setup will now check your disks and then start copying files which can take several minutes.

8. Shortly after the Copying Files stage, you will be required to reboot. (this will happen automatically – you will see a progress bar stating “Your computer will reboot in 15 seconds”

9. During the reboot, do not make the mistake of “pressing any key” to boot from the CD again! Setup will resume automatically with the standard billboard screens and you will notice Installing Windows is highlighted.

10. Keep your eye on the lower left hand side of the screen and when you see the Installing Devices progress bar, press SHIFT + F10. This is the security hole! A command console will now open up giving you the potential for wide access to your system.

11. At the prompt, type NUSRMGR.CPL and press Enter. Voila! You have just gained graphical access to your User Accounts in the Control Panel.

12. Now simply pick the account you need to change and remove or change your password as you prefer. If you want to log on without having to enter your new password, you can type control userpasswords2 at the prompt and choose to log on without being asked for password. After you’ve made your changes close the windows, exit the command box and continue on with the Repair (have your Product key handy).

13. Once the Repair is done, you will be able to log on with your new password (or without a password if you chose not to use one or if you chose not to be asked for a password). Your programs and personalized settings should remain intact.

I tested the above on Windows XP Pro with and without SP1 and also used this method in a real situation where someone could not remember their password and it worked like a charm to fix the problem. This security hole allows access to more than just user accounts. You can also access the Registry and Policy Editor, for example. And its gui access with mouse control. Of course, a Product Key will be needed to continue with the Repair after making the changes, but for anyone intent on gaining access to your system, this would be no problem.

And in case you are wondering, NO, you cannot cancel install after making the changes and expect to logon with your new password.

Cancelling will just result in Setup resuming at bootup and your changes will be lost.

Ok, now that your logon problem is fixed, you should make a point to prevent it from ever happening again by creating a Password Reset Disk. This is a floppy disk you can use in the event you ever forget your log on password. It allows you to set a new password.

Here's how to create one if your computer is NOT on a domain:

• Go to the Control Panel and open up User Accounts.
• Choose your account (under Pick An Account to Change) and under Related Tasks, click "Prevent a forgotten password".
• This will initiate a wizard.
• Click Next and then insert a blank formatted floppy disk into your A: drive.
• Click Next and enter your logon password in the password box.
• Click Next to begin the creation of your Password disk.
• Once completed, label and save the disk to a safe place

How to Log on to your PC Using Your Password Reset Disk

Start your computer and at the logon screen, click your user name and leave the password box blank or just type in anything. This will bring up a Logon Failure box and you will then see the option to use your Password Reset disk to create a new password. Click it which will initiate the Password Reset wizard. Insert your password reset disk into your floppy drive and follow the wizard which will let you choose a new password to use for your account.

Note: If your computer is part of a domain, the procedure for creating a password disk is different.

Reset password from another user account with administrator credentials

If you cannot log on to Windows by using a particular user account, but you can log on to another account that has administrative credentials, follow these steps on how to do the trick:

1. Log on to Windows by using an administrator account that has a password that you remember. You may need to start WinXP in safe mode.
2. Click Start, and then click Run.
3. In the Open box, type “control userpasswords2″, and then click OK.
4. Click the user account that you forgot the password for, and then click Reset Password.
5. Type a new password in both the New password and the Confirm new password boxes, and then click OK.

Administrator Password recover or reset Tips

John the Ripper password cracker

John the Ripper is a fast password cracker based on dictionary attack with a wordlist currently available for many flavors of Unix (11 are officially supported, not counting different architectures), Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix flavors, supported out of the box are Kerberos AFS and Windows NT/2000/XP/2003 LM hashes, plus several more with contributed patches.

Download link:

John the Ripper 1.7.0.1 for Windows

EBCD – Emergency Boot CD

EBCD is a bootable CD, intended for system recovery in the case of software or hardware faults. It is able to create backup copies of normally working system and restore system to saved state. It contains the best system software ever created, properly compiled and configured for the maximum efficient use. Features are such as copy files from unbootable volume, recover master boot record of HDD, recover deleted file, recover data from accidently formatted disk and floppy disk. EBCD also includes function to change password of any user, including administator of Windows NT/2000/XP OS without the need to know the old password.

Download link:

EBCD Lite 0.6.1
EBCD Pro 0.6.1

Both contains necessary NT password recovery feature.

Hack and Reset Windows NT 4.0 and Windows 2000 Administrator or Domain Admin Password with LOGON.SCR Trick

1. Logon or login to the Windows computer
   
   with any user account.
2. Navigate to %systemroot%\System32 in Windows Explorer. %systemroot% is your Windows installation folder, and normally located in \WINNT or \Windows (i.e. \WINNT\System32).
3. Save a copy of LOGON.SCR file, or simply rename the logon.scr file to something else. Just make sure that you remember where and what name is the backup copy.
4. Delete the original LOGON.SCR from the %systemroot%\System32 sub-folder after you have backed it up. The file should no longer exist if you rename it.

   Note: If you having problem to delete or rename LOGON.SCR, it may be due to permission settings. Try to take ownership of the LOGON.SCR (by right clicking on LOGON.SCR, then select Properties and go to the Security tab, then click on the Ownership. Click “Take Ownership” and then click Yes to the prompt message.), and give the Everyone group Full Control permissions (by right clicking on LOGON.SCR then select Properties, then go to Security tabs. Click on Add and browse to and add the Everyone group. Give Everyone Full Control and then click on OK.) You may need to install an alternate second copy of Windows on the machine to do so as detailed at the end of this article.

5. Copy and paste the CMD.EXE located in %systemroot%\System32 to create additional copy of CMD.EXE in the same directory, then rename the new copied file as LOGON.SCR. This will let the Windows NT or Windows 2000 to use CMD.EXE command prompt program as the screen saver that will be activated after computer idle for specific minutes.
6. Ensure that you activate the screen saver of the Windows.
7. Wait for the computer screen saver activation idle wait time timeout, so that Windows will load the unprotected DOS command prompt in the context of the local system account as if it’s the screen saver.
8. In the CMD command prompt that is opened, key in the following command to reset and change the administrator’s password:

   net user administrator newpassword

   And the user account for administrator will have the new password of newpassword (which you should change to your own password). With the syntax of net use user_name new_password, it can be used to reset or modify the password of other administrative user account’s passwords.

9. You can now log on to the administrator account with the new password. You may want to replace back the original LOGON.SCR that has been backed up or renamed.
10. You may want to delete the alternate installation of Windows, by deleting the installation folder or format the partition (if you install in different partition), and removing the second Windows entry in BOOT.INI file at the root. Use attrib -r -s -h c:\boot.ini to change and allow the boot.ini to be modified and viewed.