In this tutorial we will remove Syskey start up password and reset the administrator password. Syskey is the additional layer of security. An average user barely implement it. Scammers take advantage of this tool to scam. Scammers usually contact computer owner identifying himself as a member of Microsoft support team. They will informs you that your PC have number of critical problems, those need to be fix immediately or your system will fail to work properly. They will convince you to allow them to connect system remotely and fix the issues. If you do make the mistake of letting them connect, they will ask you to pay $$$ for fix. If you refuse to pay, they will enacted SysKey encryption on the SAM registry hive.
In Window XP, Security Accounts Management (SAM) database stores hashed copies of user passwords. To keep the SAM database secure, Window requires that the password hashes are encrypted. SAM database is encrypted with a locally stored system key. SysKey utility can additionally secure the SAM database by moving the SAM database encryption key off the Windows-based computer. The SysKey utility can configure a start-up password that must be entered to decrypt the system key so that Windows can access the SAM database.
In this tutorial
Administrator is the built in super user account in Window XP. Whenever you install XP, it automatically created. By default administrator account is not password protected, unless you make it during the installation. This account have privilege to access everything in computer. With this account you can change any password on that system. If you have purchased any branded computer like Sony, HCL, Dell, with pre XP installed, you would be able to login to computer with administrator account using blank password.
This account usually doesn't show up on the logon screen and average user don't know it exists. Usually user won't need to use computer under this account very often. You need this account in safe mode or at recovery console.
To set administrator account password Click Start button and Right click on My Computer, from context menu click Manage
From left pane expend Local users and groups, Click Users.
In right pane, Right click Administrator, from context menu Click Set password
Click Proceed on alert message box
Set password and Click OK
Click OK on confirmation message box
We have protected administrator account with password to enhance the security of system.
To enable Syskey encryption, Click Start button and Click Run
In Run dialog box type Syskey and Click OK
From opened dialog box select Encryption Enabled option and Click Update. When this option is selected, Windows will always encrypt the SAM database.
We have two options here Password Startup and System Generated Password, if you do not want to require a startup password use second option.
Click Password Startup and set password and Click OK
Click OK on success message We have successful setup the Syskey start up password.
Now we have set both password administrator and Syskey.
On next reboot you will get following message.
This computer is configured to require a password in order to start up. Please enter the Startup Password below.
Enter the Syskey password and try to access administrator account with blank password. This time you will get alert message
If you have done above procedure to enhance the security of system, congratulation you have now more secure computer than your colleagues.
But if a scammer has done this, you are in you are in lockout situation.
Very first thing user do in this situation is to call Microsoft or post thread on their support form for help. But it is useless as Microsoft Support Engineers do not help users to get forgotten or stolen password. You will ended up with following policy page
Furthermore Microsoft ended support for Windows XP on April 8, 2014. Now you have limited choice to deal with this situation.
In this tutorial we will use a Linux script to crack the password. Before you start make sure
Download this open source Linux script
Extract the zip file
It contains an ISO file
You need to burn this ISO image. You can use any standard ISO burner software for this purpose.
Or you can download from following URL
Official URL http://infrarecorder.org/?page_id=5
Official URL http://www.freeisoburner.com/
Burn image to CD, and boot system from this CD ( You need to set boot priority in bios, to boot system from CD/DVD).
Press Enter to boot system from CD
Script will make a quick scan of hard disk and return with all available window installation. Usually there will be only one, unless you have dual operating system installed. Type the disk number (Most probably one, or see the returned result for appropriate number) and press Enter
We need to provide registry files path. Usually script will automatically find the path, all you need to do is just press Enter and go with default selected path
Our primary goal is to reset the password, Type 1 and press Enter
We will first disable the Syskey, Type 2 and press Enter
Type y and press Enter to confirm the Syskey disable.
When you disable Syskey, this script will also invalidate (set to blank) all users passwords from system. You need to reset them as well. From this point you can save change to disk and return to window. Type q and press Enter to return previous menu
Type y and press Enter so script can write the change to disk
If you want, you can run the script again. Type n and press enter.
Remove the disk and reboot the system.
We have successfully disabled the syskey and set administrator password to blank. Now you can login to system with administrator account using blank password. From administrator account you can set password to all other user accounts.
If you have disabled the syskey following the above method then no need to run this script again, all users password including administrator will automatically set to blank while you disable the syskey. If you have disabled the syskey protection and only need to reset the administrator password follow these steps.
Boot system from our script disk
Select disk and Press Enter
Type 1 and press Enter
Type 1 to select Edit user data and passwords on chntpw main interactive Menu
Script will list all available user accounts, type the username of account which password you want to change. Administrator account is by default selected, press Enter
Script will fetch the details associated with user account, make sure you have selected right user account. You can set new password directly from the script, but I will not recommend this. Instead of setting new password, we will use option 1 to clear (Set to blank) the password. Type 1 and press Enter
Type ! and press Enter to return to menu
Type q and press Enter
Type q and press Enter
Type y and press Enter to save the change
Type n to exit from script
We have successfully cleared the administrator password. Remove disk and reboot the system and login from administrator account. Once logged in, you can set up the password by following the steps given above.