Monday, September 27, 2010

Reset Password in Windows Server 2008 (RTM and R2) and Windows 7

OK, time to fess up here.  I screwed up, so needed to find out how to do this for a machine we set up some time back that has been sitting idle - I was *sure* I recorded the authentication details in the OneNote build documentation for this client, but for the life of me, I can't find it.  Now I need to finish the install and, well, that's a little difficult without logon details...

So, I Googled and found these instructions that I've added to a bit (net group) and added some handy screen captures as well:

1. Boot from DVD or USB media - this media can be Windows Server 2008 RTM, 2008 R2, SBS 2008 or even Windows 7.




2. Change the language to English (Australia) if you want - but we're not installing anything, so it really doesn't matter right now




3. Click on the "Repair your computer" link




4. Choose the OS instance that you wish to reset the Administrator (or other Administrative) password for, taking note of the drive letter that was chosen for it (normally D:)




5. Choose "Command Prompt"




6. Change to the Windows\System32 directory of this OS instance and move the Utilman.exe file to a  backup, then copy cmd.exe to Utilman.exe




7. Remove the USB Key, reboot into the Windows install you need to change the password for and when at the Login prompt, hit Windows+U


8. Type 'net group "Domain Users"' to see a list of all the domain users on this system (Domain Controllers only)




9. Type 'net group "Domain Admins"' to see which administrative accounts exist on the system (Domain Controllers only) then type 'net user Administrator Select_a_decent_passphrase' to change the password of the Administrator account




10. Log in using the new password.  Immediately go and change this password to a nice, secure passphrase.


11. Reboot with the DVD/USB boot media and copy the backed up Utilman.exe.bak file to Utilman.exe to make sure we don't leave this hole open for now.  And that's it!  :)






Regards,

The Outspoken Wookie

25 comments:

anyone said...

very useful. big thanks

Anonymous said...

You are great. Did not know this was possible.

Nick said...

This saved me a day's worth of work. Thank you for the very clear explanation with screenshots.

Anonymous said...

If the bad guys have unrestricted access to your computer it is not your computer anymore....

One of the 10 Immutable Laws.

http://technet.microsoft.com/en-us/magazine/2008.10.securitywatch.aspx

Hilton Travis said...

Nobody's saying anything to the contrary.

Anonymous said...

exactly what i needed, thanks you !

Anonymous said...

Good job. Thanks a lot.

kevin said...

THANK YOU SO GODDAMN MUCH.

That is all.

johnckirk said...

Thank you, that's very useful, although I'm also a bit shocked at how easy it is to break in! As a tip, you can use Windows PE media in step 1, then skip steps 2-5. (You can create a Windows PE disk using the WAIK - Windows Automated Installation Kit.)

Rafa said...

Thanks a lot, really helpfull and cheap :)

Anonymous said...

Thanks, really helpfull and cheap!!! :)

Hilton Travis said...

@johnckirk: If a hacker has physical access to your machine, it is no longer your machine. It's that simple (always has been and always will be unless TPM or similar system encryption is used).

And yes, you definitely can streamline this process with Windows PE media in step 1, however most of the people who'll find and use this blog entry won't have pre-downloaded the 1GB of WAIK and made their own PE media before encountering this problem (nor want to do it as they need to reset their password). It is definitely worth mentioning this WinPE option, though.

Richard said...

Super! Works like a dream. Saved me a days work. Thank you!!

Tricky said...

This post is very useful. But is there any probability of loosing data after completing the job?

Hilton Travis said...

You will only lose data if you're using EFS as the encryption is tied to your password. There is not much chance you are using this unless you're in a corporate environment, in which case there should be clearly defined recovery procedures for the encryption keys so that you won't lose data.

Anonymous said...

Great, it works. Thanks a lot.

Unknown said...

Great info but surprised on-one's mentioned the inspired user names in the screen shot!

Anonymous said...

This did not work for me. Even though i got the same reply on executiin at command prompts

Ekachakra said...

Good way to reset password in Windows Server 2008. Thanks for share.

Jack Wallen said...

Thank you for this method. Many hours have been saved. I managed to reset Windows 2008 password on my own.

Agus Darmawan said...

Thank you very much, but how if the harddisk was encrypt?
Can you tell how to solve this problem

Hilton Travis said...

If the drive was encrypted, then you cannot *reset* the password and recover the data - you need to find a way to recover the old password or write the drive off as unrecoverable.

michie said...

Its not working for me.
once i get to the cmd window and run the 1st line i get'specified path could not be found'.

i am running server 2008 R2 enterprise.

urgently help. thank you

Hilton Travis said...

If you have installed Windows into an alternate directory (the default is C:\Windows) then you will likely encounter the error you see, Michie. So just type the actual path of the Windows folder you are using and you'll be off.

James Khoo said...

I am running window 10 and I am unable to find utilman.exe. Is the an alternative to utilman.exe?