1. Creating a Password Reset Disk
A password reset disk is an
important part of any password-protected PC. It's the only method of
password recovery that allows you to retain all data in an account in
the event of a forgotten password. Advanced features such as EFS
(Encrypting File System) encryption, personal certificates, and stored
network passwords can be recovered only by using a password reset disk.
The main trick is to create the password reset disk before
you forget the password. You can't do it after you've forgotten the
password. Keep that disk in a safe place where you can find it when you
need it, but where others can't find it to gain unauthorized access to
the administrative account.
|
A jump drive (also called a USB flash drive)
is a small device that plugs into a USB port on your computer and looks
and acts like a disk drive. A memory card is a storage device commonly
used to store pictures in digital cameras. If your computer has slots
for such cards, you can slide a card into the slot and treat the card
just as you would a USB flash drive.
To see examples and get an idea of costs, check out some online retailers. Then search the site for jump drive or memory card reader
to view available products. If you're looking at memory card readers,
the kind that plugs into a USB will be the easiest to install. Many
retail department stores that sell computer or office supplies also
carry flash drives.
|
A floppy disk or jump
drive works equally well as a password recovery tool. If your computer
doesn't have a floppy disk drive, you can use a jump drive or memory
card instead. However, a memory card will work only if your computer has
slots for inserting a memory card.
To create a password
reset disk, log in to the password-protected administrative account you
created. Then insert a blank floppy disk in the floppy drive. Or connect
a jump drive to a USB port, or put a spare memory card in a memory card
slot. Then get to the main User Accounts page. If you've already closed
the user account window, press 
, type user, and click User Accounts on the Start menu. Or go through the Control Panel (click the Start button and choose Control Panel => User Accounts and Family Safety => User Accounts). Then follow these steps:
In the left column, click Create a Password Reset Disk.
Read the first page of the wizard that opens and click Next.
Choose
the drive into which you inserted the floppy, or the drive letter that
represents the jump drive or memory card; then click Next.
Type the password for the administrative account into which you're currently logged and click Next.
When the progress indicator is finished, click Next and then Finish.
Keep the disk (or drive, or card)
in a safe place. If you use a jump drive that you also use for other
purposes, make sure you don't erase the userkey.psw file. That's the file needed for password recovery.
1.1. Using the password reset disk
If you ever need to use the
disk (or drive, or card) to get into the administrative account, first
start the computer and click the administrative account for which you
created the password reset disk. Take a best guess at the password and
press Enter.
If the password is
rejected, insert the floppy disk, jump drive, or memory card you created
as a password reset disk. Wait a few seconds for Windows to recognize
and register the item. Then click Reset Password under the password hint
on the login screen.
Follow the instructions
presented by the wizard that opens. You won't be required to remember
the original password. Instead, you create an entirely new password and
hint for the account. Use that new password whenever you log in to the
account from that point on.
1.2. Cracking into standard user accounts
If a standard user forgets
his or her password, you can use an account that has administrative
privileges to get the standard user back into his or her account. If
you're an administrator and just want to see what a standard user is up
to, you can use this same technique to remove the password from the
account and have full access to its folders.
|
This approach will cause the
standard user to lose access to encrypted files and e-mail messages you
create in an e-mail program such as Windows Live Mail. If the standard
user is advanced enough to use those things, it is better to use a
password reset disk to gain access to the account.
|
|
To remove the password from a standard user account:
Log in to a user account that has administrative privileges.
Get to the Manage Accounts page (click the Start button and choose Control Panel => Add or Remove User Accounts).
Click the password-protected account for which the user has forgotten the password.
Click the Remove the Password button.
The
standard user account will no longer be password-protected. Anybody can
log in to that account from the login page just by clicking the user's
account icon.
2. Running Programs as Administrator
Most newer programs work
with UAC's privilege escalation on the fly. But sometimes that won't
work, especially with older programs. You can run any program with
administrative privileges by right-clicking its startup icon and
choosing Run as Administrator, as in the example shown in Figure 1.
The same method works for
programs that you can't launch from the Start menu. Use Windows Explorer
to get to the folder that contains the executable file for the program.
Then right-click the filename and choose Run as Administrator.
You can make older
programs that aren't part of Windows 7 run with elevated privileges
automatically by changing program compatibility settings. Right-click
the startup icon for the program, or the executable file's icon, and
choose Properties. In the Properties dialog box, click the Compatibility
tab. Then, under Privilege Level, select Run This Program as an
Administrator and click OK.
If the option to run the
program as an administrator is disabled, then one of the following is
true: the program doesn't require administrative privileges to run; you
are not logged in to an administrative account; or the program is
blocked from always running elevated.
