Now and then many of you find yourselves in the unfavorable position of having to retrieve an NT system's lost Administrator account password. I can't even count the number of "help me!" messages I've received in this regard.
As I tell those of you who email me for help in this situation, there a couple of different approaches you can take, depending on your exact position. In any event you have two basic choices when recovering an Administrator password: you must either crack it or forcefully reset it to something known. It seems obvious to me that resetting the password will take much less time that brute force cracking, so it's a more cost affective way to handle the situation.
If you do want to brute force the password to see what it was set to, then you must obtain a copy of the system's SAM database and use a tool such as L0phtcrack to brute force crack the password. To get a copy of the SAM database, use NTFSDOS or a Linux boot disk with NTFS drivers on it. Either of those tool will allow you to boot a system from floppy and then read the installed NTFS partitions. You can find NTFSDOS at Winternals (http://www.winternals.com,) while Linux boot disks are available at various sites such as Ken Pfiel's NT Toolbox Web site (http://www.nttoolbox.com).
But if you've got access to the SAM database, then why not just reset the Administrator password to something known and be done with it? In that scenario, you can use NT Locksmith, also available at the Winternals Web site. Of course Locksmith costs money, so if you must have a cost-free way out of password recovery, then use a Linux boot disk that comes with a tool that can perform that action.
The Linux boot disk available for download at The NT Toolbox comes with the ability to reset an NT system's Administrator password, and its completely free of charge. Of course you get what you pay for, so don't expect a ton of documentation and an experience professional waiting for you to call for help. When it comes to support you'll have to wing it. But don't worry, using the boot disk to reset a password is much easier and quicker than re-installing NT, so it's worth any problems you may encounter.
I think every security administrator should have a copy of a Linux boot disk like the one at NT Toolbox. Be sure to download a copy, and don't forget to have a floppy disk available. Once you download the zip file, just unzip it and run the included executable file to create the actual floppy-based boot disk. While you're at The NT Toolbox be sure to check out the other great security-related tools available for download