- Physical access to the machine
- (If needed) Ophcrack or EBCD (Emergency Bootable CD) after all other options are exhausted
Introduction:
Lost or forgotten the password to your Windows XP computer? Don't worry, it can be easier to retrieve than you think. What's described below is for educational purposes and to be used only on your own system or that you have permission to do so, also these only work for local system accounts.
Using Safe Mode:
This method will only work if the Safe Mode Administrator account is not password protected (the case more often than you think!) but in a pinch it might be your only option to check.
1) Reboot the computer by whatever means you deem appropriate at that time.
2) Once the Bios notices loads take note of the hot key to enter Safe Mode and hit it.
3) Enter any of the Safe Mode versions but I'd recommend sticking to Safe Mode with no networking.
4) You have 3 options to get to the same end (that I know of at least).
4.1) Navigate to the Control Panel and enter the User Accounts screen, select the user account(s) in question, and select the option to "Remove Password". If this is not available skip to bullet #5.
4.2) Reboot the computer once more and enter the account(s) that were specified in bullet #4 without the need to enter a password.
5) Enter DOS if possible.
5.1) Enter Run (if available) and type in "control userpass2" to the Users Panel. If the Run option is not available for some reason skip to bullet 6.0, if these options are not available skip to the Software portion of this.
5.2) From here either reset or blank out the password on the account(s) in question or even create a new account with whatever user level you want.
5.3) Reboot the computer once more and enter the account(s) that were specified in bullet #5.2.
6.0) If Run isn't available you can make a batch file to get you there as well. Enter Notepad or whatever text editor available that supports saving "All Files".
6.1) Type out the command "control userpass2", perform a "Save As", name it whatever you want but be sure to name the extension a *.bat (which is why the "All Files" part comes in.
6.2) Double click the batch file to run the command you saved in it and you're in the Users Panel, move back up to bullet 5.1.
Using Third Party Software:
7) Two very useful utilities I've found that work (with a bit of time) 99.99% of the time if the above options are not available are EBCD and Ophcrack. You need to insert one of these CD's and reboot in order to use them. Refer to their documentation at the time of use for the most up to date information.
7.1) The fastest option is called EBCD (Emergency Bootable CD) found at http://www.prime-expert.com/ebcd/. It's a Linux Live CD (aka an operating system that runs without needing to be installed) that attempts to remove the password on specified account(s) completely and of course doesn't need to be logged into Windows to run so security is at a minimal. Unfortunately to download it now is behind a pay wall but older versions can probably be found easily enough.
7.2) The best option by far, since it leaves the existing password intact on the system is using a Linux Live CD called Ophcrack which has a very robust brute force password cracker. Length of time need to crack the password will depend on the speed of the PC's RAM and CPU, length/complexity of the password, speed/condition of the CD drive optics and rotating components. In my experience it usually takes 5-15 minutes at worst for an average user's password. A Windows Vista version exists as well.
7.3) Reboot the computer once more and enter the account(s) that were specified in bullet #7.2.
Keep in mind there a a LOT of other ways to go about this process but the above has always been as much as I ever needed.