Administrator and User Passwords in Windows XP
How to Hide the Logon Script Dialog Box on a Windows Client
Direct Bootup Without Typing Password
1. At a command prompt, type "control userpasswords2" and press
Enter to open the Windows 2000-style User Accounts
application.
2. On the Users tab, clear the Users Must Enter A User Name And
Password To Use This Computer check box and then
click OK.
3. In the Automatically Log On dialog box that appears, type the
user name and password for the account you want to be
logged on each time you start your computer.
Remove Login Password
Control Panel/Administrative Tools/Local Security Settings/Minimum
Password Length/Reduce it to 0 (No password required). Control Panel/User
Account/Your Account/Remove Password.
After you log on as an administrator to a computer that is not
a member of a domain, when you double-click User Accounts in Control
Panel to change the password for the built-in Administrator account,
the Administrator account may not appear in the list of user accounts.
Consequently, you cannot change its password.
This behavior can occur because the Administrator account logon
option appears only in Safe mode if more than one account is created
on the system. The Administrator account is available in Normal
mode only if there are no other accounts on the system.
To work around this behavior:
- If you are running Windows XP Home Edition, restart the computer
and then use a power user account to log on to the
computer in Safe mode.
- If you are running Windows XP Professional, reset the password
in the Local Users and Groups snap-in in Microsoft
Management Console (MMC):
1. Click Start, and then click Run.
2. In the Open box, type "mmc" (without the quotation marks), and
then click OK to start MMC.
3. Start the Local Users and Groups snap-in.
4. Under Console Root, expand "Local Users and Groups", and then
click Users.
5. In the right pane, right-click Administrator, and then click
Set Password.
6. Click Proceed in the message box that appears.
7. Type and confirm the new password in the appropriate boxes, and
then click OK.
How to use the net user command to change the user password at
a Windows command prompt. Only administrators can change domain
passwords at the Windows command prompt. To change a user's
password at the command prompt, log on as an administrator and type:
"net user <user_name> * /domain" (without the quotation marks)
When you are prompted to type a password for the user, type the
new password, not the existing password. After you type the new
password, the system prompts you to retype the password to confirm.
The password is now changed.
Alternatively, you can type the following command: net user
<user_name> <new_password>. When you do so, the password changes
without prompting you again. This command also enables you to change
passwords in a batch file.
Non-administrators receive a "System error 5 has occurred. Access
is denied" error message when they attempt to change the password.
If you set a computer for auto logon, anyone who can physically
obtain access to the computer can gain access to all of the computer
contents, including any network or networks it is connected to.
In addition, if you enable autologon, the password is stored in
the registry in plaintext. The specific registry key that stores
this value is remotely readable by the Authenticated Users group.
As a result, this setting is only appropriate for cases where
the computer is physically secured, and steps have been taken to
ensure that untrusted users cannot remotely access the registry.
1. Start/Run/Regedit, and then locate the following registry
subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon
2. Using your account name and password, double-click the DefaultUserName
entry, type your user name, and then click
OK.
3. Double-click the DefaultPassword entry, type your password, and
then click OK.
NOTE: The DefaultPassword value may not exist. If it does
not:
a. Click Add Value on the Edit menu.
b. In the Value Name box, type DefaultPassword, and then click REG_SZ
for the Data Type
c. Type your password in the String box, and then save your changes.
Also, if no DefaultPassword string is specified, Windows automatically
changes the value of the AutoAdminLogon key
from 1 (true) to 0 (false), thus disabling the AutoAdminLogon feature.
4. Click Add Value on the Edit menu, enter AutoAdminLogon in the
Value Name box, and then click REG_SZ for the Data
Type.
5. Type "1" (without the quotation marks) in the String box, and
then save your changes.
6. Quit Regedit.
7. Click Start, click Shutdown, and then click OK to turn off your
computer.
8. Restart your computer and Windows. You are now able to log on
automatically.
NOTE: To bypass the AutoAdminLogon process, and to log on
as a different user, hold down the SHIFT key after you log off or
after Windows restarts.
Note that this procedure only applies to the first logon. To enforce
this setting for subsequent logoffs, the administrator must set
the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon
Value: ForceAutoLogon
Type: REG_SZ
Data: 1
After you upgrade a Microsoft Windows 2000-based computer, Windows
XP Professional may start directly to the desktop without stopping
at the Welcome screen or requiring you to type a username and password.
If you then create a new user account, you may not receive any option
that allows you to log on by using the new account.
This behavior can occur if Windows 2000 was configured for automatic
logon (Autologon). Windows XP inherits this configuration setting.
To resolve this behavior, turn off the automatic logon feature
and require a username and password at logon:
1. Click Start on the Windows taskbar, and then click Run.
2. In the Open box, type control userpasswords2, and then click
OK.
3. In the dialog box that appears, click to select the "Users must
enter a user name and password to use this computer"
check box, and then click OK.
To work around this behavior, log off from the Autologon account,
and then log on by using the new account.
When you create a new user on a Microsoft Windows XP Home Edition-based
computer, you are not prompted to create a password. To create
a password for a user account, click the icon for the account, and
then click "Create a Password".
By default, the Stored User Names and Passwords feature
creates a "key" for any connection that you make in the graphical
user interface (GUI) that requires alternate credentials. When you
make a connection at a command prompt by using the net use command
and by passing alternate credentials, a key is not created.
For the net use command to save the credentials in Credential
Manager, use the /savecred switch. When you use the /savecred switch,
any credentials that you are prompted for when you use the net use
command are saved as a key.
Therefore, if you are prompted for the user name and password
(or if you are prompted only for the password) when you use the
net use command (but not because you used an asterisk [*] in the
net use command for password prompting) and the /savecred switch,
the credentials are saved.
When you type the net use * \\ computer_name \ share_name
/savecred command, the user is prompted for a user name, and then
the user is prompted for a password.
When you type the net use * \\ computer_name \ share_name /u: domain_name
\ user_name /savecred command, the user is prompted for a password.
However, when you type one of the following commands, a key is not
created:
net use * \\ computer_name \ share_name * /user: domain_name \ user_name
/savecred
-or-
net use * \\ computer_name \ share_name * /savecred /user: domain_name
\ user_name
If you type net help use at a command prompt, more information is
displayed about the net use command.
Start/Programs/Administrative Tools/Local Security Policy/Account
Policies/Password Policy. In the right pane, right click,
properties, modify (use accordingly). And Start/Programs/Administrative
Tools/Computer Management/Local Users and Groups/Right Click "User"(intended)/Properties...Or
with Admin privileges, at a command prompt type: net accounts /maxpwage:unlimited.
To Create a Password Reset
Disk
The Forgotten Password Wizard lets you create a password
reset disk that you can use to recover your user account and personalized
computer settings if you forget your password. The steps to
perform this task differ depending on whether your computer is a
member of a network domain or is part of a workgroup (or is a stand-alone
computer).
My Computer is on a Domain
Press CTRL+ALT+DELETE to open the Windows Security dialog box.
Click Change Password.
Click Backup to open the Forgotten Password Wizard. Click Next and
then follow the instructions as they appear on the screen.
My Computer is not on a Domain
The steps to perform this task differ depending on the type of user
account you have. If you have a computer administrator account:
Open User Accounts in Control Panel. Click your account name. Under
Related Tasks located on the left side of the window, click Prevent
a forgotten password. In the Forgotten Password Wizard, follow the
instructions as they appear on the screen.
If you Have a Limited Account
Open User Accounts in Control Panel. Under Related Tasks located
on the left side of the window, click Prevent a forgotten password.
In the Forgotten Password Wizard, follow the instructions as they
appear on the screen.
Notes: To open User Accounts, click Start, point to
Settings, click Control Panel, and then click User Accounts.
Certain Programs Do Not Work Correctly
If You Log On Through a Limited User Account.
After you log on to a computer
by using a Limited User Account, you may observe one or more of
the following
behaviors when you try to use a program that is not expressly
designed for Windows XP. Information
here.
Password Reset Disk Overview
To protect user accounts in the event that the user forgets the
password, every local user should make a password reset disk and
keep it in a safe place. Then, if the user forgets his or her password,
the password can be reset using the password reset disk and the
user is able to access the local user account again.
After you reset the password of an account on a Windows XP-based
computer that is joined to a workgroup, you may lose access to the
user's: Web page credentials, File share credentials, EFS-encrypted
files, Certificates with private keys (SIGNED/ENCRYPTed e-mail).
More information in detail here.
I assume no responsibility
for the purpose to which this information is used. This includes
employees attempting to bypass restrictions put into place by System
Administrators on corporate machines.
Delete Admin Password
Boot up with DOS and delete the sam.exe and sam.log files
from Winnt\system32\config in your hard drive. Now when you boot
up in NT the password on your built-in administrator account will
be blank (No password). This solution works only if your hard drive
is FAT. [Editor's note: Use with caution, there may be other
ramifications from performing this tip.]
Forgot your Admin Password
This is a utility to (re)set the password of any user that
has a valid (local) account on your NT system, by modifying the
crypted password in the registrys SAM file. You do not need
to know the old password to set a new one.
It works offline, that is, you have to shutdown your computer and
boot off a floppydisk. The bootdisk includes stuff to access NTFS
partitions and scripts to glue the whole thing together. Note: It
will now also work with SYSKEY, including the option to turn it
off! More
information here.
Download here.
All Passwords-Master Copy
With Darn! Passwords! Just one password opens the safe
that holds all those other ones for programs and web sites that
require you to log in.
Download Here.
Just pick the password, and drag it and it's log-in (if there is
one) into the program that uses it. No retyping is necessary (even
in programs that do not accept the drag, you can just paste the
password in). Go to the URL of a password protected site with the
click of a button.
Information on System Restore and Password Restoration
Passwords That Are Restored:
1. Program passwords are restored, such as Hotmail Messenger, AOL
Messenger, Yahoo Messenger, and other Web server-based passwords.
This behavior is by design: The programs simply cache these passwords;
the actual passwords are
stored on a Web server. System Restore does not actually change
the password, but it changes the password that is remembered by
the program. You can use the current password for the program to
log on to the server.
2. Domain and Computer passwords are restored. This behavior is
by Design and is a limitation of System Restore. System Restore
only rolls back the local machine state. Part of the information
about joining domains resides in Active Directory, and Active Directory
is not rolled back by System Restore.
Migration Wizard Does Not Migrate Passwords
The Migration Wizard does not migrate passwords. Passwords
for Dial-Up Networking connections, Microsoft Outlook Express accounts,
Microsoft Internet Explorer saved passwords, mapped drives, and
so on will need to be reconfigured once the migration is complete.
Administrator Account Not Used for Logon
The administrator account and password created during Setup
are used to log on in Safe Mode only. To create a password for user
accounts, double-click Manage Users in Control Panel.
Therefore, if you are prompted for the user name and password
(or if you are prompted only for the password) when you use the
net use command (but not because you used an asterisk [*] in the
net use command for password prompting) and the /savecred switch,
the credentials are saved.
When you type the net use * \\ computer_name \ share_name
/savecred command, the user is prompted for a user name, and then
the user is prompted for a password.
When you type the net use * \\ computer_name \ share_name /u: domain_name
\ user_name /savecred command, the user is prompted for a password.
However, when you type one of the following commands, a key is not
created:
net use * \\ computer_name \ share_name * /user: domain_name \ user_name
/savecred
-or-
net use * \\ computer_name \ share_name * /savecred /user: domain_name
\ user_name
If you type net help use at a command prompt, more information is
displayed about the net use command.
Logon Name Not in Task Manager or Under Documents & Settings
When the Welcome screen is appears, the names that are
displayed do not match any of the names of users' folders under
the Documents and Settings folder or any of the names on the Users
tab in Task Manager.
This behavior may occur if you have changed the name of the account
in the User Accounts tool in Control Panel. By doing so, the new
name appears on the Welcome screen, but the actual account name
remains the same. The folders under the Documents and Settings folder
and the names that are listed in Task Manager show the actual account
name.
To resolve this behavior, if the display name for a user account
has been changed, you can find out which account the new display
name belongs to by logging on as that user, starting Task Manager,
and then clicking the Users tab.
The user account that is marked as active is the one that is currently
logged on. Also, you can find out which of the folders under Documents
and Settings belongs to the currently logged-on user by right-clicking
Start, and then clicking Explore. Windows Explorer will then start
in the Start Menu folder of the currently logged-on user's folder.
Administrator Unable to Unlock a "Locked" Computer
This behavior can occur
for either of the following reasons: When the default screen
saver is set to use a non-existent screen saver program. And/or
When you use a corrupted screen saver that is password protected.
More Information.
Information About Unlocking a Workstation
The following
registry setting is received every time the computer is locked:
Start/Run/Regedit
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
ForceUnlockLogon
REG_DWORD
0 - Do not force authentication inline (default)
1 - Require online authentication to unlock
The preceding value controls whether a full logon is performed during
the unlock process. This can force a validation at the domain controller
for the user attempting the unlock process.
NOTE: If the value is not present,
it functions as if it had been set to 0 (zero).
Lock Your Computer and Use Other Windows Logo Shortcut Keys
To use the shortcut, press the Windows logo key+L. The following
list has different computer lock-up scenarios that are available
to you, as well as other ways to lock the computer:
Click Here.
Create a Shortcut to Lock Computer
Right click a blank space on the desktop, select new, shortcut.
Copy and Paste this line: "rundll32.exe user32.dll,LockWorkStation"
in the program location box. Click next and create a name for your
shortcut, click finish.
Lock the Taskbar
This restriction is used to force the locking of the taskbar
and restrict users from making any changes to its position. Start/Run/Regedit:
Navigate to this key and create a new DWORD value, or modify the
existing value, called 'LockTaskbar' and edit the value according
to the settings below. Exit your registry, you may need to
restart or log out of Windows for the change to take effect.
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
Value Name: LockTaskbar
Data Type: REG_DWORD (DWORD Value)
Value Data: (0 = Unlocked, 1 = Locked)