Guru
join:2008-10-01
kudos:2 Reviews:
 ·TekSavvy DSL
1 edit | [WIN8] Windows 8 Password Reset Recently I was challenged with resetting the password for Windows 8.
The user of course didn't had the following:
- Only 1 user admin account, no other accounts
- User didn't create password reset disk
- And of course user can't remember their HINT
I quickly goggled and found to be few useful tricks but none of them worked and since I was left with minimal resources to work with, was unsuccessful.
I tried to the following:
- Offline Windows Password & Registry Editor - it didn't work because Win8 is set to UEFI, turned on Legacy mode but still wouldn't read the HDD.
- Tried this trick I found on google: »www.addictivetips.com/windows-ti···assword/
The problem I discovered that I was unable to copy Utilman.exe, didn't research as to why...
- Tried with another linux tool which I don't remember but didn't work also.
Question is, What could I have done other than what I already tried?
Is there any 3rd Party tool possibly free that works in Windows 8 to reset the passwords?
What would you have done if you couldn't reset the password? Restore the OS?
Thanks! |
|
|
|
 JohnInSJPremium
join:2003-09-22
San Jose, CA
 ·PHONE POWER
 ·Comcast
| I've not researched the options for bypassing/recovering/resetting on win8, I'd have done pretty much what you did.
Although unfettered physical access usually trumps all other security, one would hope it would be fairly difficult to reset "root" access to a machine short of wiping it.
For Win8, you should be able to boot into recovery and reinstall/wipe, as a last resort to at least regain use of the hardware
»windows.microsoft.com/en-US/wind···password
The suggestion for anyone using a microsoft live account as their admin account on win8, with a forgotten password is excellent. Simply change your password online. Log into the machine when it has network access, and it will validate against the new password you've just changed.
Or, just google for the answer. This seems both safe (vs downloading something from the internet to run, shudder) and possibly like it would work
»www.geek.com/articles/geek-pick/···0121213/
--
My place : »www.schettino.us |
|
Guru
join:2008-10-01
kudos:2 | Tried what you listed. In fact, the Geek link you posted is using the method which I listed in my OP.
Of course last resort is reinstall/wipe. |
|
JohnInSJPremium
join:2003-09-22
San Jose, CA Reviews:
·PHONE POWER
·Comcast
| said by Guru:Tried what you listed. In fact, the Geek link you posted is using the method which I listed in my OP.
Of course last resort is reinstall/wipe.
Guess they closed that hole then. I got nothing (unless they're using a live account, which they should. are they?)
--
My place : »www.schettino.us |
|
Guru
join:2008-10-01
kudos:2 Reviews:
·TekSavvy DSL
| said by JohnInSJ:said by Guru:Tried what you listed. In fact, the Geek link you posted is using the method which I listed in my OP.
Of course last resort is reinstall/wipe.
Guess they closed that hole then. I got nothing (unless they're using a live account, which they should. are they?) Ye, it sucks. There seems to be some Paid softwares to reset the passwords but never used it and not sure if it's reliable in a legit way!..!
Anyone else? |
|
 CudniLa Merma - VigiladoPremium,MVM
join:2003-12-20
Someshire
kudos:13 | reply to Guru
If you are opt out for paid software then either Elcomsoft or Passware are a good choice. Check if they support UEFI of course
Cudni |
|
pslossPremium
join:2002-02-24
Alpharetta, GA | reply to JohnInSJ
said by JohnInSJ:said by Guru:Tried what you listed. In fact, the Geek link you posted is using the method which I listed in my OP.
Of course last resort is reinstall/wipe.
Guess they closed that hole then. That does still work with Windows 8 as it has with previous versions of NT. Of course, that doesn't mean it always works.
The question to the OP would be what error(s) occurred when trying to overwrite the Utilman.exe file with the cmd.exe file.
(The other question is what drive letter was assigned to the system partition when the computer was running off the recovery disc -- generally speaking, it's not the C drive when viewed through recovery disc glasses. As with Windows 7, default and OEM installs create that separate boot partition which Windows doesn't attach a drive letter to during standard boot. When booting from WinPE-based recovery media, however, that partition is usually given a drive letter.) |
|
Guru
join:2008-10-01
kudos:2 Reviews:
·TekSavvy DSL
| said by psloss:said by JohnInSJ:said by Guru:Tried what you listed. In fact, the Geek link you posted is using the method which I listed in my OP.
Of course last resort is reinstall/wipe.
Guess they closed that hole then. That does still work with Windows 8 as it has with previous versions of NT. Of course, that doesn't mean it always works. As you said, it works, have you tried it in Windows 8? If yes, that confirms it that it works and if you didn't can you try it? Thanks! The question to the OP would be what error(s) occurred when trying to overwrite the Utilman.exe file with the cmd.exe file. (The other question is what drive letter was assigned to the system partition when the computer was running off the recovery disc -- generally speaking, it's not the C drive when viewed through recovery disc glasses. As with Windows 7, default and OEM installs create that separate boot partition which Windows doesn't attach a drive letter to during standard boot. When booting from WinPE-based recovery media, however, that partition is usually given a drive letter.) Answer to your questions: It gave me a error saying "Utlman.exe" does not exist or cannot be copied, not 100% sure, didn't take screenshot or wrote the error code word per word.
Drive letter was "X:" as it showed in the above posted guide! According to the guide, it should've created a copy of cmd where Ease of Access. Just like it's showed in this URL: »www.addictivetips.com/windows-ti···assword/ |
|
Guru
join:2008-10-01
kudos:2 Reviews:
·TekSavvy DSL
| reply to Cudni
said by Cudni:If you are opt out for paid software then either Elcomsoft or Passware are a good choice. Check if they support UEFI of course
Cudni
Thanks Cudni for the suggestions. Elcomsoft looks very promising but it's so pricey!! Passware is dirt cheap in comparison to Elcomsoft. |
|
pslossPremium
join:2002-02-24
Alpharetta, GA | reply to Guru
said by Guru:Answer to your questions: It gave me a error saying "Utlman.exe" does not exist or cannot be copied, not 100% sure, didn't take screenshot or wrote the error code word per word.
Drive letter was "X:" as it showed in the above posted guide! According to the guide, it should've created a copy of cmd where Ease of Access. Just like it's showed in this URL: »www.addictivetips.com/windows-ti···assword/
The convention used for Windows-based recovery media (see 'WinPE', short for 'Windows Preinstallation Environment') is to mount the recovery operating system as drive X. There are at least two copies of Windows in play in this situation:
1) The 'online' version of Windows mapped from the boot media to a RAM drive; that's the X drive, the one being used for repair.
2) The 'offline' version of Windows, the one that is being repaired.
If you look at the reference cited, the author makes multiple asides to this:
quote:
You will see a list of your disk partitions, from which you can easily find your Windows installation partition. Usually it is the C drive but if it is a different one, make sure to use that throughout the rest of the tutorial.
quote:
(make sure to replace C in the first command to the appropriate drive letter for your Windows partition, if it’s different in your case)
And then in the instructions, the first command after using diskpart (to identify the offline Windows partition) is 'C:', switching from the online recovery Windows drive to the offline Windows drive. Here's PNG from the blog showing that:
»cloud.addictivetips.com/wp-conte···ep-8.png |
|
Guru
join:2008-10-01
kudos:2 Reviews:
·TekSavvy DSL
| said by psloss:said by Guru:Answer to your questions: It gave me a error saying "Utlman.exe" does not exist or cannot be copied, not 100% sure, didn't take screenshot or wrote the error code word per word.
Drive letter was "X:" as it showed in the above posted guide! According to the guide, it should've created a copy of cmd where Ease of Access. Just like it's showed in this URL: »www.addictivetips.com/windows-ti···assword/
The convention used for Windows-based recovery media (see 'WinPE', short for 'Windows Preinstallation Environment') is to mount the recovery operating system as drive X. There are at least two copies of Windows in play in this situation: 1) The 'online' version of Windows mapped from the boot media to a RAM drive; that's the X drive, the one being used for repair. 2) The 'offline' version of Windows, the one that is being repaired. If you look at the reference cited, the author makes multiple asides to this: quote:
You will see a list of your disk partitions, from which you can easily find your Windows installation partition. Usually it is the C drive but if it is a different one, make sure to use that throughout the rest of the tutorial.
quote:
(make sure to replace C in the first command to the appropriate drive letter for your Windows partition, if it’s different in your case)
And then in the instructions, the first command after using diskpart (to identify the offline Windows partition) is 'C:', switching from the online recovery Windows drive to the offline Windows drive. Here's PNG from the blog showing that: » cloud.addictivetips.com/wp-conte···ep-8.png It looks like I might've made a boo-boo  but if I recall correctly, I had switched to c: but somehow it managed to give me error.
I am going to try on another machine which has Win8. But thanks for pointing that out.
Does anyone have any experience using the above Paid software?
Elcomsoft or Passware. Thanks! |
|
CudniLa Merma - VigiladoPremium,MVM
join:2003-12-20
Someshire
kudos:13 | said by Guru:Does anyone have any experience using the above Paid software?
Elcomsoft or Passware. Thanks!
Either work extremely well
Cudni
--
"what we know we know the same, what we don't know, we don't know it differently."
Help yourself so God can help you.
Microsoft MVP, 2006 - 2012/13 |
|
fox7
join:2001-02-12
Culver City, CA | reply to Guru
I have not used this with Windows 8, but have had great success with Win 7 and XP with it. They are saying some have had success with Win 8.
Download:
»www.hirensbootcd.org/download/
go down to where the page is green and the filename is Hirens.BootCD.15.2.zip to download. Unzip, burn to disk.
How to:
»www.hirensbootcd.org/resetting-w···assword/
Hope this is ok to post here, if not remove. I am not around enough anymore to know all the rules, written and unwritten. I apologize if I am out of line.
fox7 |
|
pslossPremium
join:2002-02-24
Alpharetta, GA | reply to Guru
said by Guru:It looks like I might've made a boo-boo :) but if I recall correctly, I had switched to c: but somehow it managed to give me error.
Not a biggie; what's important is to check the drive letter where the offline Windows directory is. The author's note about it 'usually' being the C drive is the opposite of my experience -- I'm dealing mostly with consumer OEM builds or clean, 'non-custom' installs, though.
The drive letter assigned to the offline Windows directory is rarely 'C' for me. Couple of examples are included here. The screengrab above is looking at a clean Windows 8 x64 install from the Windows 8 install CD in "repair" mode; the copy/paste text quoted below is from a WinPE 3.0 CD looking at an Acer OEM Windows 7 machine. In these cases, the offline Windows directory is on drive 'D', not 'C'.
Microsoft Windows [Version 6.1.7600]
X:\Tools>diskpart
Microsoft DiskPart version 6.1.7600
Copyright (C) 1999-2008 Microsoft Corporation.
On computer: MININT-DIMMTMN
DISKPART> list volume
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 F CD_ROM CDFS DVD-ROM 139 MB Healthy
Volume 1 C SYSTEM RESE NTFS Partition 100 MB Healthy
Volume 2 D Acer NTFS Partition 447 GB Healthy
Volume 3 E PQSERVICE NTFS Partition 18 GB Healthy Hidden
DISKPART> exit
Leaving DiskPart...
X:\Tools>dir C:\ /a
Volume in drive C is SYSTEM RESERVED
Volume Serial Number is B08E-B461
Directory of C:\
11/10/2012 12:43 PM <DIR> Boot
11/20/2010 07:23 PM 383,786 bootmgr
11/10/2012 01:04 PM <DIR> System Volume Information
1 File(s) 383,786 bytes
2 Dir(s) 75,362,304 bytes free
X:\Tools>dir D:\ /a
Volume in drive D is Acer
Volume Serial Number is 5290-A5B6
Directory of D:\
01/07/2013 04:13 PM <DIR> $Recycle.Bin
11/10/2012 01:08 PM <DIR> book
10/14/2011 02:10 AM 8,192 BOOTSECT.BAK
07/13/2009 09:08 PM <JUNCTION> Documents and Settings [C:\Users]
11/10/2012 01:36 PM <DIR> Dolby PCEE4
02/26/2013 02:54 AM 3,104,722,944 hiberfil.sys
11/10/2012 01:05 PM <DIR> Intel
11/10/2012 10:58 AM <DIR> OEM
02/26/2013 02:54 AM 4,139,630,592 pagefile.sys
07/13/2009 07:20 PM <DIR> PerfLogs
01/27/2013 06:27 AM <DIR> Program Files
02/06/2013 03:31 AM <DIR> Program Files (x86)
02/06/2013 03:39 AM <DIR> ProgramData
11/10/2012 10:56 AM <DIR> Recovery
02/08/2013 10:07 AM <DIR> review
02/22/2013 04:02 AM <DIR> System Volume Information
01/07/2013 11:54 AM <DIR> Users
03/19/2010 03:55 PM 2,073,703 VS_EXPBSLN_x64_enu.CAB
03/19/2010 03:58 PM 551,424 VS_EXPBSLN_x64_enu.MSI
02/06/2013 03:34 AM <DIR> Windows
5 File(s) 7,246,986,855 bytes
15 Dir(s) 224,921,772,032 bytes free
X:\Tools>
|
|
Guru
join:2008-10-01
kudos:2 | Yeh, I see that. That could've been the problem, thanks for taking the time to explain in detail. |
|
Guru
join:2008-10-01
kudos:2 | reply to fox7
Thanks fox7! That will definitely come in handy! |
|
