There are a multitude of reasons as to why somebody would want to gain access to a computer when they have lost, forgotten or simply don't know the correct authentication credentials. Possible reasons include:
Authentication Credentials Unknown - Not knowing a user account authentication credentials such as the correct user logon name and password is the most common reason for needing to conduct a password recovery procedure or specialized password recovery software.
Regular User Unavailable - Regular user absenteeism is another situation whereby the person who normally uses that machine is unavailable as they may be on holiday, sick or no longer employed or associated with the organization and there are important files that need to be accessed.
Incomplete Documentation - With incomplete or outdated documentation not only may the user have forgotten their password but the network administrator may not have an accessible record of it either.
Malicious Intent - It may well be the case that somebody has changed or modified the genuine authentication credentials. A number of malwares do exactly this. They don't want you to visit your antivirus software's updates.
Before we have a look at how to recover lost or forgotten Windows user account passwords we need to review some essential background information.
Windows Password Recovery Backgrounder
When it comes to recovering lost or forgotten Windows user account passwords you have a number of different alternatives. Which one you use will depend very much upon the password you wish to recover, the operating system, the type and strength of encryption, various application software, password length and complexity, as well as user accounts configuration. Other concepts of weight and relevance here include:
Password Location - Windows passwords are stored in a SAM file which is usually located in the Windows directory (C:windowssystem32driversetclmhosts.sam)
Encryption - Recent versions of the Microsoft Windows operating systems store all passwords in an encrypted format. The algorithm used to encrypt passwords is usually the secure hash standard. If the passwords were to have been stored in an unencrypted format they would be readily available for use once you had located the SAM file where they are stored. Many other applications also store passwords encrypted using the secure hash standard.
Brute Force - One of the easiest to implement methods of “cracking” an encrypted password is by a technique known as “brute force”. The brute force approach essentially tries every possible combination of characters and numbers until it finds a password that works.
Modern PCs - Modern computers can typically succeed in cracking an encrypted password using a brute force attack within a matter of seconds for passwords of less than 6 characters and a day or so for medium length passwords. Longer more complex passwords will take longer to crack/recover.
Now let us have a look at the possible avenues open to us.
Network Administrator/Help Desk
This is probably the easiest way to recover your lost or forgotten passwords. Get somebody else to do it for you.
In a client/server network environment you are best advised to go to your network administrator or help desk and apply for a new password. An authorized person can access Active Directory and reset your password for you.
Probably the easiest method for them is to change the password to something simple such as “password”. Then reset the account such that you can logon using your usual user logon account's user logon name and the new one-time (single use) password (e.g. “password” as the password). You will now be presented with the change password dialogue.
Don't worry when you see a notification saying that your password has expired and must be changed. This is the dialogue where you change from the once only “password” password to whatever your new password will be. You will see the standard enter new password and retype new password input boxes.
Note that you will most definitely need to change the password as the machine will not allow you to proceed past the change password dialogue otherwise.
Using another Account
If the above method is not available to you then your next strategy will depend upon how the machine has been setup. If there is another account to which you do know the password then you can use this to log onto the machine. The Guest or Anonymous accounts will do fine if they have not been disabled.
If you can do this then once logged in all you need to do is to use some password cracking software to recovery the lost passwords. I will explain about how to use this type of software shortly.
If you cannot logon to the machine using an account with a known password or the account that you can logon with does not permit you to install and run the password cracking/recovery software on the machine you wish to recover the passwords from then you will need to recover the user accounts password file and copy it to removable storage device (floppy disc, flash drive etc.).
