Tip

Conquer forgotten Windows passwords with Password Reset Wizard

A common problem in any organization is a forgotten Windows password. When it happens, the employee typically calls the help desk, and someone on the help desk staff performs a password reset. This procedure works great for employees who are logged into a domain, but for mobile employees, password resets pose a more complex problem.

Many mobile employees log in using a local account most of the time, and this is a problem because there is no way for the help desk staff to reset a local account's password without having physical access to the machine. If the user is traveling, then physical access for the help desk staff is out of the question.

Password security extras
Password security FAQs

Password Hardening Journal

Good news! These mobile employees can now reset their own password by using the Password Reset Wizard. The catch, however, is that doing so requires a bit of pre-planning. Users will have to create a password backup disk that will allow them to reset their password.

Before I show you how to create a password backup disk, I want to stress that this disk does not contain the employee's password. That would pose a tremendous security risk. Instead, the disk simply contains a copy of the employee's public and private key pair. When the backup is run, Windows uses the employee's public key to encrypt the employee's password and SID. This information is then stored on the computer's hard drive in its own file, completely separate from the Security Accounts Manager (SAM).

The procedure for backing up the password varies depending on whether or not the machine has been joined to a domain. If the machine is not joined to a domain, then follow these steps to create a backup of the password:

  • Open the Control Panel and click the User Accounts icon. Then select the account that you are currently logged in with.
  • Click the Create A Password Reset Disk button. This causes Windows to launch the Password Reset Wizard.

If the machine is joined to a domain, then you will have to follow these steps to access the Password Reset Wizard:

  • Verify that you are logged in locally (not logged into a domain).
  • Press Ctrl+Alt+Delete.
  • Click the Change Password button.
  • Click the Backup button.

Now that you have launched the Password Reset Wizard (renamed to The Forgotten Password Wizard somewhere along the way), follow these steps to back up the password:

  • Click Next.
  • Insert a blank, formatted disk into the specified drive. If the computer in question does not have a floppy drive, you can use a USB flash drive.
  • Enter your current password when prompted.
  • Click Next.
  • When Windows finishes creating the disk, click Next again.
  • Click Finish.
  • Click Cancel.
  • Click Cancel again.

In case you are wondering, you do not have to create a new password reset disk every time you reset a forgotten Windows password. The reset file is always encrypted with the original password. Subsequent passwords are simply appended to the file.

Performing a password reset is simple. When an employee enters a bad password, Windows presents them with a dialog box that allows them to click OK to try again or click Reset to reset their password. Upon clicking Reset, the employee is prompted for the password reset disk and then is prompted to reset the password.

About the author: Brien M. Posey, MCSE, is a Microsoft Most Valuable Professional for his work with Windows 2000 Server and IIS. He has served as CIO for a nationwide chain of hospitals and was once in charge of IT security for Fort Knox. As a freelance technical writer, he has written for Microsoft, TechTarget, CNET, ZDNet, MSD2D, Relevant Technologies and other technology companies.


This was first published in October 2007

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.