Obviously, you’re not supposed to be able to log onto Windows without knowing the password. But sometimes, it has to be done.
Can the technique I’m about to describe be used unethically? Yes, but keep two issues in mind. First, it doesn’t reveal the password; it removes it. That way, if someone breaks into your PC with this technique, you’ll know something is fishy the next time you boot. Second, the logon password really doesn’t protect all that much to begin with.
To remove the password, you’ll need the Offline NT Password & Registry Editor–a free, bootable program. You can download either the CD or USB version, depending on how you want to boot into the PC. Either way, you’ll have to set it up on another computer.
The CD version comes as an .iso file, inside a .zip archive. If the computer you’re running has Windows 7, you can simply double-click the .iso file to bring up the Windows Disc Image Burner. Otherwise, try double-clicking the file. If that doesn’t work, you may have to download and install a third-party iso-burning program, such as Active@ ISO Burner.
If you’d rather boot from a flash drive than a CD, download the USB version. This also comes in a .zip archive; but this one contains several files. Read the readme.txt file for setup instructions.
One important caveat: If the PC contains EFS encrypted files, removing the password with this program will leave those files unreadable. I’ve never been a fan of EFS, and this gives me just one more reason to hate it.
The Offline NT Password & Registry Editor is not a pretty interface. Text- and prompt-based, it’s ugly to look at and intimidating. But it’s really not that difficult.
At each prompt, always at the bottom of the screen, you’ll be given some options, then asked to pick one. You choose an option by typing the appropriate number or letter. Or just press RETURN for the default, which is displayed in brackets. If you’re unsure, go with the default.
A few tips:
When you get to the “User Edit Menu” option, select 1 for “Clear (blank) user password.”
And when you’re asked about writing files back, answer with a y.
When you’re done, and you remove the CD or flash drive and reboot, you won’t even be asked for a password.
By the way, I tried another program that many people like: Ophcrack. This one, which is also bootable and has a much friendlier interface, actually tells you the correct password. But it only works with short and simple passwords.