twitter
    Find out what I'm doing, Follow Me :)

Saturday, October 1, 2011

How to Enable the Hidden Windows 7 Admin Account

Lead Image

Imagine you have a Windows PC with a single user account, and you just lost your password. Here’s how to enable the hidden Administrator account with nothing more than the install CD and some registry hacking magic so you can reset your password.
Normally if you wanted to enable the hidden administrator account from within Windows, you’d need access to an Administrator mode command prompt, but that won’t work if you don’t have access, right? This is a great way to quickly enable the hidden admin account so you can reset the password on your main account.
Note: This will require editing the registry which is risky. Proceed only if you know what you are doing and at your own risk.

Enabling the Hidden Administrator Account

Now prepare your Windows 7/Vista DVD and restart the computer with the DVD in the DVD Drive—you’ll want to boot from the DVD so you may need to change the boot order in the BIOS. Depending on your system you will need to press Del, F2, or F12.
After you’ve successfully booted from the DVD you’ll be presented with the language setting of the Windows setup. Click next.

Language Sellection

In the next screen click “Repair your computer” from the bottom left corner of the window. Now the setup will search for Windows installations then display them, choose the Windows you want and click next. The setup may try to search for problems and may ask you if you want to restore your computer, just click no. Finally you’ll arrive at
the System Recovery Options window that looks like this:

System Recovery Options

Click Command Prompt. This will open up a command prompt window where you’ll have to type “regedit” and press enter. From this point on you have to be extra careful as one mistake might ruin your Windows and render it unusable. In the left side of the Registry Editor click “HKEY_LOCAL_MACHINE” then in File menu click “Load Hive”.

Load the Hive

In the file name field type the following and hit enter.
%windir%\system32\config\SAM

Enter the file name

The hive needs a name, give it a name and remember it. For the purpose of this article we will name it “test” so replace it with the name you chose for the next steps. What you just did is load the SAM file into the Registry Editor so we can edit it. The SAM file is the Security Accounts Manager and contains encrypted information about the account names and passwords. Now that it’s loaded into the registry, navigate to “HKEY_LOCAL_MACHINE\test\SAM\Domains\Account\Users”. Click on “000001F4” and from the right side pane double-click the “F” entry.

Click on 000001F4 then F

A new window will open allowing you to edit the “F” entry. The line that starts with “0038” is what you want to edit. The value next to “0038” is “11”, replace it with “10”. Be careful not to change anything else. Just double click the “11” and type “10” then hit the OK button. “11” is for disabled and “10” for enabled.

Replace the 11 with 10

Back in the Registry Editor, from the left side click on the name you gave to the hive you loaded earlier and click “Unload Hive” from the File menu, restart the computer and you are done. The Administrator account is now enabled.

1 comment: