Restoring access to locked Windows accounts. Restoring access to locked Windows accounts Elcomsoft system recovery mouse does not work

Not so long ago, they brought me someone else's laptop, the owner of which forgot the password to log into his Microsoft Account. On the one hand, it's okay, you can change it on-line. But as it turned out, for some reason unknown to me, he could not do this and asked me to just reset his password on the laptop. Quite a trivial task, I was sure of this, because sooner or later we all have to deal with the fact that we need to recover a forgotten or lost password to enter the system.

At the same time, I faced the difficulty of the fact that the computer uses UEFI and the disk is already formatted for just such a boot.

That is, it seems like there are a number of tools, but I have nothing to use, especially since the tool that I am used to - Elcomsoft System Recovery, at that moment did not yet support booting and working with UEFI.

Knowing that it is, in principle, wide enough known issue, especially since up to 40% of calls to services technical support associated with forgotten or lost passwords for logging into the system, I decided to contact the developers at Elcomsoft. In response, I was kindly provided for testing a new version product. What to say?

By using of this application You can instantly regain access by resetting passwords or unlocking accounts, maintaining both local accounts (including Microsoft accounts) and domain controller accounts. But the main thing is that today this tool can already handle UEFI. Just in case, let's repeat what this abbreviation means.

What is UEFI

The BIOS system, developed over thirty years ago, has been considered a relic for fifteen years, but there have been no corresponding alternatives for quite a long time.

The UEFI (Unified Extensible Firmware Interface) system appeared back in 1998 as the Intel Boot Initiative. In 2005, the UEFI Forum consortium was specially created, the main members of which, in addition to Intel, were AMD, Apple, IBM, Microsoft and a number of others.

Unlike the BIOS boot code, which is always hard-coded into the corresponding chip on motherboard, much more extensive UEFI codes are located in a special directory / EFI /, the physical location of which can be very diverse - from a memory chip on a board or a partition on a computer's hard drive to an external network storage.

By default, the disk layout when using UEFI looks like this.

Drawing1 Creating a partition structure in GPT markup on a PC with UEFI

Drawing2 Disc 0 Marking underGPT

For us, the main problem will be that the boot disk for Elcomsoft System Recovery simply will not see this HDD.

This is why a new version of ESR with UEFI support was created. In fact, if we proceed from the set of functions, we have in front of us all the same set, but already created on the basis of booting under Windows 10 with UEFI support.

Elcomsoft System Recovery allows you to reset account passwords, while at the same time including a number of attacks, with the help of which, in some cases, original passwords can be found in a short time.

Elcomsoft System Recovery unlocks Administrator and other user accounts in Windows Windows 7, Windows 8 / 8.1, Windows 10, as well as many legacy systems, including Windows Vista, Windows XP, Windows 2000 and Windows NT, including all server editions. Both 32-bit and 64-bit versions are supported.

How it works?

To create an EsrBoot disk, you must run the appropriate software, in which you will be prompted to either create bootable USB drive or iso image boot disk.

Drawing3 Creating a bootable USB drive

At the end of formatting and copying, you will receive a bootable USB flash drive.

After downloading, in case you need a driver for IDE / SCSI / RAID hard drives, you can download it.

Drawing4 Download the required driver

After downloading, you have to choose which account (local or domain) you want to work with.

Drawing5 Choice of further actions

My task required local account management. So I saved backup SAM and saved a SAM hash dump for future decryption.

And after that I just reset my password. account, or rather replaced it with another one, because he knew with confidence that the owner did not use EFS encryption.

Drawing6 The changeSAM

Drawing7 Change Password

Drawing8 Database editorSAM

Naturally, you need to remember about the capabilities of this software.

Elcomsoft System Recovery Features

Ready to boot - based on Windows PE (Preinstallation Environment)
Recovering or resetting passwords for the accounts of both the Administrator and all other users
Recover original passwords (in some cases) allowing access to data encrypted using EFS
Unlocking accounts (with a locked or disabled status)
Raising privileges (up to administrator level) for any account
Access to accounts that have expired passwords
Support for a wide range of hardware; native support for file FAT systems, FAT32 and NTFS
Familiar graphic Windows interface- easy and convenient to use
Support for the full range of operating systems up to Windows 10 and Windows Server 2012
Support for American, Russian and other localized versions of Windows; work with usernames and passwords in all languages
Automatic detection of all installed copies of Windows
Ability to download password hashes (for further analysis and recovery) both from the local registry and from Active Directory

If there is no EFS-encrypted data on the PC under study, then the most simple option will reset the password to restore access. The easiest way is to change the password for this account, moreover, you do not need to know the original one. And besides, there is no need to carry out attacks to recover the password, because it can be both time-consuming and resource-intensive, and may not guarantee the result at all. It is much easier to ask a new one. Again, you shouldn't have EFS encryption on your PC.

If, for some reason, you need a saved password, then ESR includes recovery tools. Moreover, you do not need to ask special parameters... The software is able to carry out both a simple search of possible passwords and a check against the lists of the most frequently used passwords. If the attack fails, you can extract the password hashes and save them for later research.

In addition, you need to know that Elcomsoft System Recovery allows not only recovering or resetting passwords, but will also help with some other problems associated with accessing the system. For example:

Assign Administrator privileges to any user account
Unblock the account (which was explicitly blocked by the Administrator, or after several unsuccessful attempts to enter the password)
Reset or change the password for a user account
Show a list of all accounts in the system, highlighting those that have Administrator privileges
Show a list of user privileges
Find accounts with blank password
Instantly recover passwords for some special / system accounts (for example, IUSR_, HelpAssistant, etc.)
Create backup copies of SAM / SYSTEM files (and, if necessary, restore from them - for example, after logging in with a new password or after privilege escalation)

Thus, a researcher gets a new, very interesting tool that allows him to solve password recovery tasks.

To reset / restore administrator password, we recommend using

Below we give another step by step instructions to recover (change / reset) the administrator password using the bootable ISO image of Elcomsoft System Recovery. The method is much more complicated for advanced users.

Important: If your VDS uses Virtio drivers (almost all new VDS with Windows 2008 from our OS templates) - change the type HDD controller to "default" in. If this is not done, the LiveCD will not "see" the server's hard drive and you will fail. Remember to change the controller type back after resetting the password.

Step 2. Open VNC console and initiate reboot of your VDS server.

Step 3. To boot from ISO, press the key F12 immediately after the message " Press F12 for boot menu"then enter the number of the DVD / CD version (usually 1) and then you must have time to press the spacebar or another key immediately after the start of the VDS boot (when the prompt" Press any key to boot from CD .... "appears, otherwise the server will continue booting from your hard drive!

Step 4. Wait for the server to boot from the mounted ISO image, then select " I accept the agreement", and press the button" OK":

Step 5. In the next window, make sure that the list of disks contains your server's HDD. If HDD disks there is no suitable size - most likely you have not changed the type of HDD controller as described at the beginning of the manual and the system "does not see" your drives. If the disks are in the list, click the "Next" button:

Step 7. Make sure that Windows folder discovered. If you have several systems, you can select the one you need manually (note that the drive letter will be different!) Otherwise leave "Auto selection". Uncheck the "Test short andsimple ...." checkbox, then click the "Next" button:

Step 8. A list of accounts on the server opens. Double click on administrator (or whatever you want to change the password for):

Step 9. In the window that opens, enter a new password (the password must be complex! If you specify a simple password, then it will most likely not be possible to enter the system!). If at the same time "only numbers are printed" - check that the English layout is enabled on your (!) Computer, not Russian. Make sure the "Administrator account" checkbox is checked and NOT "Account is disabled" and "Account is locked out". Press the "Apply" button, then you will be prompted to save a backup copy of the SAM file (optional, you can answer "No"):

Step 10. We confirm the understanding that access to all will be lost personal certificates, encrypted files, etc., click "Yes":

Step 11. A message will appear stating that the user data has been changed and if we want to reboot the system. We answer "Yes" and VDS will reboot into the regular system:

Step 12. Once the download is complete, you can log in with your new password. Do not forget to disable the ISO image in the control panel and return to HDD controller mode if you changed it.

Attention: If something does not work out for you or goes wrong, you can

Hello everyone! In the last article I wrote how, now we will consider a super program how to recover a password on windows 7/8 and download this program Elcomsoft system recovery professional.

Elcomsoft system recovery professional - Forgot windows 8 password, reset windows 8 password

Elcomsoft system recovery professional - password recovery for windows 7/8

The Elcomsoft system recovery professional program is not just a utility that will help you reset your Windows password, it is a rather powerful tool to help the system administrator, as you can see from above, you will see a list of accounts, status - locked, active, password expired and much more. You can manage any parameters of all accounts in your Windows OS. In the screenshot, the program is in English, but don't worry, when you start you can select Russian.

How to write system recovery professional to a usb flash drive

elcomsoft system recovery professional is supplied as iso image, in order to use the program, you need to write to disk or usb flash drive... Writing to a disk is not difficult, let's look at how to write to a usb flash drive:

Downloading the program - https://yadi.sk/d/UlRuVMstekWgP
Launch, select your USB flash drive (ATTENTION, all data on the flash drive will be erased), put a tick, select iso file, and click Do It. Minutes 7 and ready, a message will come out.

Download Elcomsoft system recovery professional

Guys we opened new section"" You can easily make money on articles.

Hello friends. And again an article devoted to the issue of password-protected access to Windows. On the pages of the site, we have more than once solved the issue of a forgotten, lost or initially unknown password to accounts. operating system, that's even there. But all this time we gave instructions on how to reset the password. How can you find out without leaving traces of a hacked Windows account? This kind of services can be offered by two specialized programs, they are on board the two popular resuscitation and AdminPE10. Let's see how to solve the problem with their help.

But, alas, I want to upset those who are going to spy on Windows 10 users: none of the proposed programs will help if you want to secretly peep the password of the one who uses latest version systems from Microsoft. And I will also not please those who want to know the password from someone else's account. Microsoft records... Everything suggested below will only concern simple passwords for local accounts. The programs do not display complex passwords, they can only offer the classics of the genre - reset them.

Elcomsoft System Recovery onboard Live-disk AdminPE10

The first program is Elcomsoft System Recovery. It is a specialized multifunctional product that can:

Reset and change passwords for accounts - local, Microsoft, Active Directory;

Spy on simple passwords;

Manage accounts, in particular, block, unblock, disable;

Book special system files for the possibility of recovering subsequently reset or changed passwords;

And such other possibilities.

Elcomsoft System Recovery works from bootable media, its distribution kit can be downloaded from the official website www.elcomsoft.ru. Also, this program, among other tools for solving problems with password-protected access, is presented on board the Live-disk for system administrators - AdminPE10. Its ISO image for writing to a USB flash drive can be downloaded from the project website:

http://adminpe.ru/download/

We boot, for example, from AdminPE10. Launch Elcomsoft System Recovery.

We accept the license agreement.

And now we get a list of accounts with their passwords, if they exist, of course.

Reset Windows Password onboard the Live-disk of Sergey Strelets

Reset Windows Password is an analogue of the previous program, it can be the same as Elcomsoft System Recovery, but in addition it also provides additional functions such as: defining passwords for web accounts, decryption Bitlocker, removal of personal user information, etc. Reset Windows Password also works from bootable media, the program distribution kit is available on its official website www.passcape.com. And it is also part of the software for solving problems with password-protected Windows access onboard Live-disk from Sergey Strelets. You can download its ISO image on Sergey's website:

http://sergeistrelec.ru/

We start the computer, for example, from the Sagittarius Live-disk. We find the Reset Windows Password program on it.

In its window, select the Russian language. And in the column "What do you want to do" - "Search for user passwords."

If you know that the password is relatively complex, at this stage, instead of a quick search, we can choose a deep one. This will increase the time it takes for the program to scan passwords, but it is not a fact that the result will be successful. Simple passwords can also be found with a quick search. Click "Next".

If the computer has only Windows, then just click "Next". If there are several - from the drop-down list, indicate the paths to the files on the corresponding partition of the disk where the required system is installed.

We press "Search for passwords".

After a while, we get the result.

How to deal with Windows 10 and complex passwords

So, friends, in a simple usable way using the programs proposed above, we can only get simple passwords from local accounts Windows 7 and 8.1. Perhaps there are some ornate ways how to spy on complex passwords in all Windows versions... But the same programs Elcomsoft System Recovery and Reset Windows Password, as mentioned, offer the ability to create a backup of passwords and rollback to the values captured in these backups. And this means that, having created a backup, we can reset the password, do our own thing, and then boot from the Live-disk again and recover the password, in fact, without even knowing it. But this is already a topic for a separate article, if, of course, you, friends, will be interested in it.

And in principle, the procedure for peeping a password for serious espionage is still not suitable.

First, the user can change the password at any time.

Secondly, the contents of a computer and, in particular, a specific user profile, are perfectly viewed from the same Live-disks. Well, if you need, for example, to delve into someone's Internet correspondence, just copy it to the cloud or to a removable media of the browser folder inside. And we replace them with the same folders of the same browser on our computer. But there is still better way discreetly track someone else's Internet activity, it includes all possible software through which any Internet communications were carried out:

We make a Windows backup on the computer of the spy object using Acronis or AOMEI backup software. By the way, they are on board AdminPE10 and the Sagittarius disc;

We go into the account, open all available browsers, instant messengers, and other client software. And we slowly explore everything that the object has been doing on the Internet. Outside the launch, of course.

The Windows backup method leaves no traces, but in terms of efficiency, it is naturally inferior to specialized espionage software, which can offer both a convenient format for delivering information and its relevance when setting up real-time data delivery over the Internet.

Standard situation - the administrator has blocked many functions of the computer user. What to do, how to reset or find out the password Windows administrator ? There are many options to reset or change the Windows administrator or user password, one of which is the ERD Commander tool. However, your interference with the security of your computer will be detected immediately the next time you visit your PC. system administrator... Much attractive is the option of opening the administrator password, logging into Windows under his password, making the necessary changes or removing the necessary information available only to the computer administrator and safely logging out of the system without a trace of his visit. Elcomsoft System Recovery Professional does an excellent job with these and many other functions related to admin and user accounts. Using it, you can find out the administrator password for Windows 7, XP, 2000, Server (server) 2003 and 2008. The program is paid, but it is not difficult to find its "specific" version on the network. Let's take a step by step how you can find out Windows password with its help, as well as its other possibilities.

Remove Windows password - Elcomsoft System Recovery Professional

Remove Windows password in the following way. After spending some time looking for the image of the Elcomsoft System Recovery Professional program, we downloaded it and burned it to disk. Next, we set up the BIOS to boot from the drive and, having booted from the disk, we get the first window. We choose desired language, agree to the terms of the license and move forward "ok"

Here, most likely, in most cases nothing needs to be done and we continue moving "Next".

Since our goal is to find out the Windows password, here we leave everything unchanged and go to the next item.

At this stage, we are asked to select the Windows directory of the system we are working with. If several operating systems are installed on a computer in different logical partitions or on one, then we need to know which one belongs to our system (Windows, Windows 0, etc.). But in most cases, one operating system is installed, so there will be no choice. We leave the default settings and move on to the fun part.

After a short work of the program to determine passwords, statuses and other attributes of accounts, the program will give us a window with the passwords of all users and the administrator, investigated operating room Windows systems... Here we can rewrite all the passwords of interest and exit the program - "Close". However, if you want to work with any account, we need to select it and click "Next", going to the next window for editing the account settings.

In this window, you can see what actions we can take to change the parameters and password of the administrator (user) account: changing the password, raising the privilege of the account to the admin status, unlocking the account with the "disabled" or "locked" status. The program supports any file systems, defines passwords written in all languages that are localized in OS Windows. Using the program, you can find out the administrator password for Windows 7, NT 4.0, Windows Vista, 2003 Server, 2000, XP and Windows 2008 Server.

Agreeing with possible problems we get the last window before restarting the computer.

If, at the stage of viewing all passwords, you click "Close", you will get the following window. If it comes just about finding out the Windows password, it is advisable not to risk possible problems, but to calmly log in with the opened admin password and from under the system make all the necessary changes to the accounts. Well, if we are talking about unblocking an account or its password has expired, then there is nothing you can do about it.