Changing the Administrator password if you have forgotten it.

John Savill

March 4, 1999

2 Min Read
ITPro Today logo in a gray background | ITPro Today

A. A. The instructions below require a second installation of NT on the machine you have forgotten the password to. I uses the srvany.exe resource kit utility.

  1. Install a second copy of NT onto the machine into a difference dir/drive (it only has to be a minimal installation) and boot into this installation

  2. Copy the srvany.exe from the resource kit into a dir, e.g. c:temp

  3. Start regedt32

  4. Move to HKEY_LOCAL_MACHINE and select the root

  5. From the Open menu select "Load Hive"

  6. Move to %systemroot%system32config of the main NT installation, i.e. if your main installation (the one whose password you are trying to change) is installed at d:winnt you would move to d:winntsystem32config

  7. Select System and click Open

  8. You will be asked for a key name, enter Mainreg and click OK

  9. Select the "Select" branch and write down the Default value, e.g. 0xn, e.g. 0x1. This will be used to load the ControlSet00n

  10. Move to HKEY_LOCAL_MACHINEMainregControlSet00nServicesSpooler and take a note of the ImagePath value (it will usually be %SystemRoot%system32spoolss.exe).

  11. Change ImagePath to c:tempsrvany.exe (or where ever you copied the file to), click OK

  12. Move to Parameters and add a Value of type REG_SZ called Application. Once added double click the new value and set to %systemroot%system32et.exe

  13. Add another Value of type REG_SZ called AppParameters. Once added double click the new value and set to "user Administrator password".

  14. Move back to HKEY_LOCAL_MACHINEMainreg and select "Unload Hive" from the open menu. Click Yes to the confirmation

  15. You should now reboot and boot off of your original NT installation. Wait a few minutes and then logon as the administrator with password password.

You now need to correct the changes made

  1. Start Regedt32.exe

  2. Move to HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSpoolerParameters and delete Application and AppParameters values.

  3. Move down to HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSpoole and change ImagePath back to its original value (%SystemRoot%system32spoolss.exe)

You may now delete the second installation of NT if you wish and remove it from the boot menu (edit boot.ini after removing the hidden, read only and system attributes attrib c:boot.ini -r -s -h).

All this actually does is change the spooler service to use the SRVANY.EXE program which runs NET as the service with parameters "user Administrator password", which is the same as net user Administrator password which is a way to change the password. Check the resource kit for more information on SRVANY.

About the Author

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like