Changing the Administrator password if you have forgotten it.
March 4, 1999
A. A. The instructions below require a second installation of NT on the machine you have forgotten the password to. I uses the srvany.exe resource kit utility.
Install a second copy of NT onto the machine into a difference dir/drive (it only has to be a minimal installation) and boot into this installation
Copy the srvany.exe from the resource kit into a dir, e.g. c:temp
Start regedt32
Move to HKEY_LOCAL_MACHINE and select the root
From the Open menu select "Load Hive"
Move to %systemroot%system32config of the main NT installation, i.e. if your main installation (the one whose password you are trying to change) is installed at d:winnt you would move to d:winntsystem32config
Select System and click Open
You will be asked for a key name, enter Mainreg and click OK
Select the "Select" branch and write down the Default value, e.g. 0xn, e.g. 0x1. This will be used to load the ControlSet00n
Move to HKEY_LOCAL_MACHINEMainregControlSet00nServicesSpooler and take a note of the ImagePath value (it will usually be %SystemRoot%system32spoolss.exe).
Change ImagePath to c:tempsrvany.exe (or where ever you copied the file to), click OK
Move to Parameters and add a Value of type REG_SZ called Application. Once added double click the new value and set to %systemroot%system32et.exe
Add another Value of type REG_SZ called AppParameters. Once added double click the new value and set to "user Administrator password".
Move back to HKEY_LOCAL_MACHINEMainreg and select "Unload Hive" from the open menu. Click Yes to the confirmation
You should now reboot and boot off of your original NT installation. Wait a few minutes and then logon as the administrator with password password.
You now need to correct the changes made
Start Regedt32.exe
Move to HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSpoolerParameters and delete Application and AppParameters values.
Move down to HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSpoole and change ImagePath back to its original value (%SystemRoot%system32spoolss.exe)
You may now delete the second installation of NT if you wish and remove it from the boot menu (edit boot.ini after removing the hidden, read only and system attributes attrib c:boot.ini -r -s -h).
All this actually does is change the spooler service to use the SRVANY.EXE program which runs NET as the service with parameters "user Administrator password", which is the same as net user Administrator password which is a way to change the password. Check the resource kit for more information on SRVANY.
About the Author
You May Also Like