Top 3 Products & Services


Dated: Aug. 12, 2004

Related Categories

Windows NT
Network Security

If you have lost the Administrator password, you must have the following to recover:

  1. A regular user account that can logon locally to your Windows NT Workstation, Server, or PDC whichever you are recovering. If you already have an alternate install of NT, skip to The Process, Set 02.
  2. The Windows NT CD-ROM and setup diskettes (winnt /ox to make them from the CD-ROM).
  3. Enough room to install a temporary copy of NT (Workstation will suffice, even to recover on a PDC).
  4. Your latest Service Pack.
  5. The Process:
  6. Install a copy of Windows NT as TEMPNT, on any drive. Install your latest Service Pack.
  7. Boot the alternate install.
  8. At a command prompt, type AT HH:MM /INTERACTIVE CMD /K where HH:MM is 10 minutes from now (or however much time you need to complete the remaining steps and logon to your primary installation).
  9. Use Regedt32 to edit:
  10. Double click Schedule and click the one sub-key.
    Administrator Password Hack

  12. Double click the Schedule value name in the right hand pane and copy the REG_BINARY string to the clipboard.
  13. Select HKEY_LOCAL_MACHINE and Load Hive from the Registry menu.
  14. Navigate to your original installation\System32\Config folder and double-click System.
  15. At the Key Name prompt, type ORIGSYS.
  16. Navigate to ORIGSYS\Select and remember the value of Current; i.e. n.
  17. Browse to ORIGSYS\ControlSet00n\Services\Schedule and if Start is not 0x2, set it to 0x2.
  18. With Schedule selected, Add Key from the Edit menu.
  19. Type 001 in Key Name and click OK.
  20. Select 001 and Add Value name Command as type REG_SZ and set the string to CMD /K.
  21. Select 001 and Add Value name Schedule as type REG_BINARY and paste the string from step 06.
  22. Select ORIGSYS and Unload Hive from the Registry Menu.
  23. Use Control Panel / System / Startup... to make your original install the default.
  24. At a CMD prompt:
    attrib -r -s -h c:\boot.ini edit c:\boot.ini and either change the id of the TEMPNT lines to Maint 4.0 on both entries if you intend to keep this maintenance install or delete them. attrib +r +s +h c:\boot.ini
  25. Shutdown and restart your original install.
  26. Logon as your user account and wait for HH:MM from step 03.
  27. When the CMD prompt opens, it will be under the context of the Schedule user, either the System account or an administrative account. If this machine is the NOT the PDC, type MUSRMGR.EXE, if it is the PDC, type USRMGR.EXE. If you get an error, click YES and type your domain name.
  28. Set the Administrator password and logoff.
  29. Logon as Administrator.
  30. If you are deleted the TEMPNT entries in step 18, delete \TEMPNT
  31. Promise To: Never forget the Administrator password again implement physical security.

Note: If the Schedule service runs under the context of a Domain Administrator on any member workstation, all you need to recover the PDC Administrator is a network login. Back to Top

Now that you've gotten free know-how on this topic, try to grow your skills even faster with online video training. Then finally, put these skills to the test and make a name for yourself by offering these skills to others by becoming a freelancer. There are literally 2000+ new projects that are posted every single freakin' day, no lie!

Previous Article

Next Article

arif's Comment
nice web
25 Thu Nov 2010
Admin's Reply:


m's Comment
09 Tue Feb 2010
Admin's Reply:

Gracias M

Muhammad Ali's Comment
Hi, I am ali. Administrator password remove for windows 2000 & xp sp2 Thanks....
25 Fri Dec 2009
Admin's Reply:

I'm glad it came in handy .