Bypassing and resetting the Administrator account on Vista

Recently, I ran across a laptop I hadn’t used for several years. It had Windows Vista installed and, for the life of me, I was unable to recall the administrator (or, for that matter, any of the user) account passwords. I had a lot of personal data on the laptop and wanted to gain access. Furthermore, I wanted to update Vista and see whether the laptop (a Dell Studio) would run adequately.

After poking around a little on the Internet, it looked like I was left with a couple of choices regarding recovery of the the administrator account. The first involved what seemed like a protracted and convoluted process involving the original Windows Vista disks, which I did not have. The second involved purchasing one of the many utilities that claim to be able to reset the administrator or other password on Windows boxes. Neither option appealed, so I rolled my own solution. And here’s what I did.

First, create a bootable rescue disk. There are several available for download on the Internet (Google is your friend: “bootable rescue disk”). I have used the Trinity Rescue Kit in the past, which worked well. There are other available, or you could build your own using a Linux or *BSD live system on either a CD, DVD, or USB drive. Just remember you’ll need the necessary kernel modules to mount the Windows filesystem, which could be FAT32 or NTFS.

Anyhow, boot the rescue disk and mount the Windows system partition.

Next, navigate to the windows directory, and the system32 subdirectory.

Within the system32 subdirectory there is a file called Magnify.exe, yes that’s with a capital ‘M’.

Copy the original Magnify.exe executable to a new file, say, Magnify.ori.

Next, make a copy of the windows shell, cmd.exe and call it Magnify.exe. So you’d do something like,

$ cp cmd.exe Magnify.exe

if you used a *nix rescue disk to mount the windows partition. Essentially, you are replacing Magnify.exe with a copy of cmd.exe.

Next, reboot the system, booting Windows Vista from the hard disk.

Once the login screen appears, click the small accessibility button on the login panel and choose the magnify option. This will now bring up a shell with full administrator privileges.

From here, you can reset your passwords as necessary.

net user Administrator

followed by return will enable you to reset the Administrator password. For a full list of user accounts on the system type,

net user

I haven’t tried the same hack on later versions of Windows (Windows 8.1, or Windows 10 etc.), but I see no reason why it wouldn’t work.

Be the first to comment

Leave a Reply

Your email address will not be published.