Tutorial Thursday

The other day I had someone who ran into a big problem that many of us hope to never come across. What happened was the user had forgotten the administrator password for their Windows Vista machine, and had no idea how they could log on. I’ve had people ask how to do this kind of thing in the past, but had never actually looked for a viable solution myself.

I was determined to find a workaround this time, and it had to be one that didn’t involve reinstalling Windows. That’s when I came across the free Trinity Rescue Kit, which turned out to be exactly what the doctor ordered. As you might expect this is a Linux-based password reset tool, and it takes no time at all to put it to work. In fact this works so well that it will make you think twice about the security of your own system!

Here’s what you have to do:

  1. Download and burn the Trinity Rescue Kit (TRK) ISO image to a CD or DVD.
  2. Restart your computer, and make sure it boots from the TRK CD/DVD.
  3. When presented with the TRK menu be sure to select the first option that reads Run Trinity Rescue Kit 3.3 (default):
    trinity menu.jpg
  4. TRK will take a minute or so to finish loading, and when it’s done you should be left with a prompt where you can type your commands. Note that Steps 5 and 6 are not needed to change a password, but can be helpful.
  5. The main command we’ll be working with is winpass, and for getting started you should type winpass -l to see a list of users on the machine. When you type that command it will ask you which drive you want the user list retrieved from, and in most cases you’ll want to type the number 1 followed by the Enter key (this selects the primary partition):
    trinity winpass l.png
  6. After you’ve selected the partition you’ll be presented with a list of users on the machine along with what accounts have been disabled or locked:
    trinity user list.png
  7. You should once again be at a prompt, and this time we’re actually going to change or reset a password for one of the accounts on the machine. At the prompt type:
    winpass -u Administrator
    In this example “Administrator” is the username you want to reset the password for. Replace it with the username you’re working with.
  8. You’ll now be asked which partition you’d like to have analyzed/mounted just like in Step 5, and you’ll likely want to select the first one. After that you can look under the Account Bits section which lets you know whether the user’s password ever expires, if the account is disabled, and more. What you’ll want to focus on, however, is the User Edit Menu that lists the type of operations you can perform on the account. The easiest thing for you would probably be to choose the first option, which will just clear the password on the account:
    trinity password reset-1.png
  9. That’s all there is to it. After that you should receive a message stating that a backup of the account has been made, and all you have to do now is restart the computer. If you’ve chosen to clear the password the next time you boot up you want to be sure to leave the password blank.

If you look at the options available in Step 8 you’ll also notice that there are other things you can do to accounts on the machine. This includes changing a password, promoting a non-admin user to an administrator, or enabling a disabled account. Once you get the hang of this tool you’ll pretty much be able to give yourself full access to any Windows machine that you can physically get your hands on. Crazy, huh?

Get Trinity Rescue Kit