Windows Password Blanker – Offline NT Password & Registry Editor
There are plenty of legitimate reasons to need to be able to get into a machine with a local account that has a password set that you don’t know. People either forget these passwords or if you inherit the machine, the login info isn’t transferred. With the “Offline NT Password & Registry Editor,” you can simply make a bootable CD, run it and walk through its instructions to choose an account and set the password to something you know or to blank it out (no password). I’ve had the best luck with blanking the password.
This is another reason to make sure the boot device priorities in your BIOS are set properly along with a BIOS setup password. You’ll also want to physically secure the machine so that somebody can’t get to the motherboard and either flip a CMOS switch, or set a ‘password reset’ jumper.
This is not a subtle way of getting into somebody’s machine unauthorized because the password is changed and they will find this out the next time they try to log in with that account. Recommended for legitimate causes only.
One tip: The password can not be set on a machine with its Safe Mode flag enabled, so be sure to shut down normally. If you’re still getting a message about being unable to write the settings, boot up into Windows and shut down normally again.
http://pogostick.net/~pnh/ntpasswd/
OphCrack – LiveCD to break passwords
Booting off of the LiveCD provided by Ophcrack, one can take a look at the strength of their local passwords. Ophcrack can crack a scary amount of passwords that are 14 characters in length or less. With the cd alone, you can get a lot of passwords, but there’s also a way to connect the software to a library on an external hard drive and let the cracking go wild.
This is a much more subtle approach and another good reminder why the BIOS boot priority setting is important. OphCrack can also be a good indication of whether or not you might consider making your password stronger. If you have a hard time coming up with a strong password for your local account, you can always use this function under the command prompt:
net user [username] /random
This will set the password to a random string of alphanumerics with varying capitalization.
You might also try sites like: http://strongpasswordgenerator.com/
http://ophcrack.sourceforge.net/
Windows XP Home Safe Mode – Default Administrator Account
If you’re having problems getting into your Windows XP Home machine, you can try booting into Safe Mode (Press F8 immediately before the Windows splash screen at boot up). There is an Administrator account with a blank password for default. If this is still the case, you can get into the Administrator account and change the passwords of the account you’ve forgotten. Or, you might not need to change passwords, as you’ll now have access to all local files if that contains the information you need.