Recovering Windows XP Passwords and Backing Up, Web Tech Support: If you never connect your computer to the Internet and no one else ever has physical access
to it, passwords can be an annoyance. But the minute those two situations reverse, having
a password is your first line of defense in securing your data and system. Having a good
password is even more important.
For example, for best security your password should not include personal information,
any part of your user name, or easily guessed words. What’s more, the password should
include a mix of letters, numbers, and special characters to make it impossible to guess and
not susceptible to a brute-force password attack in which an automated system repeatedly
attempts to crack the password.
Here's some Good tips for creating a good password:
• Use a mix of characters and case Use letters, numbers, and special characters such
as ! and #. Example: MyPW2W0rd!9
• Don’t use any real words Many brute-force applications rely on the fact that many
people use words they can remember as their passwords. Example: Be845jd#65!
• Use a mnemonic to help you remember the password Remember Every Good
Boy Does Fine for the lines on the treble cleft in music class? Come up with your
own mnemonic and throw in some special characters. Example: bob eats 3 bananas
with 5 grapes, or be3bw5g.
If you take my advice, your passwords will be much harder
to remember, particularly if you don’t use them often. For example, you may need the
administrator password for your computer only once or twice a month to install some new
software. Even if you use a mnemonic, there’s a chance you’ll forget the password. So, you
should back up your passwords so that you can recover them if needed.
You could tape a sheet of paper with your passwords on it under your desk, but
Windows XP offers a more technically advanced method—a password reset disk. This
method requires that you have previously created a password backup disk.
Recovering from a Lost Administrator Password
If you have the password for any account on the computer with administrator privileges, you can reset the password for any other account through the Local Users and Groups console or Users Accounts applet in the Control Panel. If you lose the Administrator account password, however, you won’t be able to reset any password except your own. You also won’t be able to reconfigure the system or perform other system-wide tasks.
There are a couple of methods you can use if you need to recover a lost Administrator password. The method you use depends on the computer’s configuration. Here is a summary of the methods, requirements, and consequences:
• Delete the SAM registry hive file This method deletes all accounts and blanks the Administrator account password. Although accounts are deleted, user profiles and their corresponding documents are not lost. However, you might have to re associate
the profile directory with the user account after re-creating the account. This method also requires access to the file system so that you can delete the SAM file.
• Use a third-party recovery tool There are a handful of recovery tools available for recovering passwords and failed systems. One I like is ERD Commander, from http://www.winternals.com.
Delete the SAM Registry Hive File
This method is a bit drastic because it deletes all accounts on the system. However, applications and other settings are unaffected, and user profile folders and documents are retained. After you create new local accounts, you can re associate the new accounts with their old profiles. Before you take this approach, however, check the next section for a list of third-party alternatives that don’t delete the SAM and therefore don’t delete the accounts from the system.
The SAM file is the portion of the registry that stores user accounts.
If you choose to go the route of deleting the SAM, you’ll need to gain access to the %systemroot%\System32\Config folder, which is where the registry hive files are located. Using one of the methods described in the preceding section, navigate to the %systemroot%\System32\Config folder and rename the SAM file: C:\Windows\System32\Config>rename sam sam.old Then, reboot the system. The Administrator account will now have a blank password.
Useful Third-Party Password Recovery Tools:
Lots of tools are available for various recovery tasks, including resetting the Administrator account password. The following list summarizes some of these tools and indicates whether they are freeware, shareware, or commercial software:
• Winternals ERD Commander is a favorite recovery tools. It boots even unbootable systems from a CD and gives you the capability to reset the Administrator password, recover lost files, recover Windows XP restore points, and perform many other tasks. http://www.winternals.com.
See Part 2 Here -> Creating a Password Reset Diskette for a Workgroup Computer: Here’s how to create the backup disk for a computer in a workgroup.