Imagine you have a Windows PC with a
single user account, and you just lost your password. Here’s how to
enable the hidden Administrator account with nothing more than the
install CD and some registry hacking magic so you
can reset your password.
can reset your password.
Normally
if you wanted to enable the hidden administrator account from within
Windows, you’d need access to an Administrator mode command prompt, but
that won’t work if you don’t have access, right? This is a great way
to quickly enable the hidden admin account so you can reset the
password on your main account.
Note: This will require editing the registry which is risky. Proceed only if you know what you are doing and at your own risk.
Enabling the Hidden Administrator Account
Now
prepare your Windows 7/Vista DVD and restart the computer with the DVD
in the DVD Drive—you’ll want to boot from the DVD so you may need to
change the boot order in the BIOS. Depending on your system you will
need to press Del, F2, or F12.
After you’ve successfully booted from the DVD you’ll be presented with the language setting of the Windows setup. Click next.
In the next screen click “Repair your
computer” from the bottom left corner of the window. Now the setup will
search for Windows installations then display them, choose the Windows
you want and click next. The setup may try to search for problems and
may ask you if you want to restore your computer, just click no.
Finally you’ll arrive at
the System Recovery Options window that looks like this:
Click Command Prompt. This will open
up a command prompt window where you’ll have to type “regedit” and
press enter. From this point on you have to be extra careful as one
mistake might ruin your Windows and render it unusable. In the left
side of the Registry Editor click “HKEY_LOCAL_MACHINE” then in File
menu click “Load Hive”.
In the file name field type the following and hit enter.
%windir%\system32\config\SAM
The hive needs a name, give it a name and remember it. For the purpose of this article we will name it “test” so replace it with the name you chose for the next steps. What you just did is load the SAM file into the Registry Editor so we can edit it. The SAM file is the Security Accounts Manager and contains encrypted information about the account names and passwords. Now that it’s loaded into the registry, navigate to “HKEY_LOCAL_MACHINE\test\SAM\Domains\Account\Users”. Click on “000001F4” and from the right side pane double-click the “F” entry.
A new window will open allowing you to edit the “F” entry. The line that starts with “0038” is what you want to edit. The value next to “0038” is “11”, replace it with “10”. Be careful not to change anything else. Just double click the “11” and type “10” then hit the OK button. “11” is for disabled and “10” for enabled.
Back in the Registry Editor, from the left side click on the name you gave to the hive you loaded earlier and click “Unload Hive” from the File menu, restart the computer and you are done. The Administrator account is now enabled.
