..Stupid password restrictions on Windows machines.. ;-) Just booted up
a test Windows ADS Server in a VM where I couldn't remember the
password. The 12345 didn't work because I couldn't set it to that
initially... :-p
Anyway, a quick research revealed that there's a nice 'hook' where I
could sneak in.. In Windows there's the 'magnify.exe' which is just
perfect to get replaced by a cmd.exe. As the magnify.exe can be loaded
on the login screen, we can do just everything if we do this.
OK, let's start:
- Boot the Windows Server using a Linux Live-CD (I recommend to have a look at http://grml.org/
- mount your Windows Partition using NTFS-3G
- move the file 'magnify.exe' to 'magnify.old' in C:\Windows\System32 (of course the path in Linux differs)
- copy the file 'cmd.exe' to 'magnify.exe' in C:\Windows\System32
- Unmount it again and reboot again into your windows
- As soon as you've got the logon screen, you can click on the 'easy access' tools. Enable the 'magnifier' there and press apply
- Now you should get a new cmd
- in the cmd enter 'net user
/domain' and press enter (replace user/password accordingly, also /domain is only required for domaincontrollers -- example 'net user Administrator blabla /domain') - Reboot (don't try to login yet!) and then login as usual
That's it, now you've got your password reset. If you like you can remove the cmd.exe and put the original magnifier back in place. Same procedure but in reverse :-D
Notes
- I've tested this on a Windows 2008 Server. I assume this works for most Windows Versions where you can access the magnifier tool using the logon-screen.
- Source http://serverfault.com/questions/115028/administrator-password-reset-in-windows-server-2008
Cheers,
Raphi