Reset your forgotten Windows password

What do you do when you forget your admin or user account password in Windows (non domain joined, workgroup based Windows computers). It’s easy to reset your password without logging in to Windows.

In the following post we will see on how to reset your user account password in Windows without logging into Windows.

Windows 7 logging error

image

One of the ways we can reset the password without logging into Windows is using the Net User cmdlet. The question here is how do we use Command Prompt if we can’t logging to Windows?

See the Ease of Access icon on the logging screen?

image

When you click the Ease of Access button, you get the below options by default.

image 

Now our target is to overwrite the Ease of Access executable file with command prompt executable file.

Boot computer with a Windows 7 media or USB and click next

 image

Select Repair Your Computer Option

image

Click on the Operating System and Click Next (please note the Drive letter where the OS is installed, in this case its D:\)

image

Select and click on the Command Prompt

image

Type the following command in the command prompt window

Copy D:\Windows\System32\utilman.exe D:\

This command will backup/copy the utilman.exe program (ease of access)

image

Now type the following command

Copy D:\Windows\System32\cmd.exe D:\Windows\System32\utilman.exe

Press enter and it will give you an overwrite message, type Y and enter

This command will replace the utilman.exe with cmd.exe

image

Exit Command prompt and restart the computer

 image

Now when you click the Ease of Access button on the Windows logging screen the command prompt will start instead of the previous Window

image

Type the following command to list all the local user accounts in the Computer

Net User

image

Type the following command to reset the password for a particular user name

Net User username password

(username and password to be replaced with actual details. For this case I am resetting the passwords for user account Akfash with the password of password)

image

Close command prompt and type in the new password

image

Successfully logged into Windows

image

How do you kill Multiple Tasks at once?

With the introduction of Tab Based browsing on my favorite web browser Internet Explorer, I seem to forget to close all the unnecessary pages that I have opened, hence at times it crashes/freezes. This is the status of most of the browsers that are their in the market today. I faced a similar situation today and found that I have quite a lot of tabs opened and out of which some are causing the entire IE to hang. I opened my task manager and to see I can only end one task at a time and the “end process tree” does not kill all the process at once.

I order to close multiple tasks at once,

  • Open CMD
  • Type tasklist to display all running process on your computer
  • To kill a specific process group
  • Type taskkill /F /IM iexplore.exe (Explanation: taskkill /F {force} /IM {Image Name} {process name})

image 

for more information on how to use taskkill, open cmd and type taskkill /?

  

Windows Intune – PC Management and Security in the Cloud

Windows Intune will be officially available to the general public to try out/purchase from the 23rd of March 2011. As an IT Pro I have been wanting for a tool as such for a long time, so that I can make sure that all of my organizations client computers are managed and secured up to date, where ever they are and where ever I am with a few mouse clicks and an easy to manage environment.

With the simple web based console Intune provides you greater management insights to your computers in your organizations without no extra infrastructure required by you. Intune helps you to Manage Updates, Malware Protection, Asset Inventory (Hardware and Software), Remote Administration, etc. 

Find the excerpt below which is the requirement for the Windows Intune client software (taken from Windows Intune FAQ)

“The Windows Intune client software is supported on both 32-bit and 64-bit versions of:

  • Windows 7 Enterprise, Ultimate, and Professional
  • Windows Vista Enterprise, Ultimate, and Business
  • Windows XP Professional with Service Pack (SP) 2 or later (SP3 recommended)

The Windows Intune client software has no additional hardware requirements for Windows 7– or Windows Vista–based computers. However, to install the client software on Windows XP–based computers, you will need a CPU clock speed of 500 megahertz (MHz) or faster and a minimum of 256 megabytes (MB) of RAM.

You will also require administrator rights on the computer to complete the Windows Intune client software installation.

To access the Windows Intune web console, administrators will need access to a web browser that supports Silverlight® 3.0, such as Windows Internet Explorer® 7.0 or higher.”

For further information visit http://www.microsoft.com/windowsintune 

Windows 7 and Windows server 2008 R2 Service Pack 1

It is stale news to the IT pro world that Microsoft has released the Service Pack 1 for Windows 7 and Windows Server 2008 R2 recently. The service packs can be downloaded here.

There were no notable new features being added through to Windows 7 Operating System by its Service Pack rather there were some enhancements to certain existing features were done. On the other hand the Windows Server 2008 R2 Service Pack has some new features being introduced, to name a few

1) Dynamic memory

2) Remote FX

3) Enhancements on the Direct Access feature

The service packs are a major update released by Microsoft and it is recommended that it to be tested before being deployed. If you or your organization would like to temporarily prevent installation of Service Pack updates through Windows Update you can use the Windows Service Pack Blocker Tool Kit provided by Microsoft (which can be found here) in order to prevent it.

To find out more on the Service Packs it is advisable to read the Notable Changes document & Release Notes documents which can be found here along with the deployment guides.

Domain Admins vs. Enterprise Admins

Many people have asked me this question on “What is the difference between an Enterprise Admin and a Domain Admin group in an Active Directory environment?” for an example the Enterprise Admin group have complete control of the entire forest (all the domains in the forest) where as the Domain Admins have access only to their specific domain.

The following table is an extract from TechNet

Group

Description

Default user rights

 

 

 

 

 

 

 

 

 

Domain Admins

Members of this group have full control of the domain. By default, this group is a member of the Administrators group on all domain controllers, all domain workstations, and all domain member servers at the time they are joined to the domain. By default, the Administrator account is a member of this group. Because the group has full control in the domain, add users with caution.

Access this computer from the network; Adjust memory quotas for a process; Back up files and directories; Bypass traverse checking; Change the system time; Create a pagefile; Debug programs; Enable computer and user accounts to be trusted for delegation; Force a shutdown from a remote system; Increase scheduling priority; Load and unload device drivers; Allow log on locally; Manage auditing and security log; Modify firmware environment values; Profile single process; Profile system performance; Remove computer from docking station; Restore files and directories; Shut down the system; Take ownership of files or other objects.

 

 

 

 

 

 

Enterprise Admins (only appears in the forest root domain)

Members of this group have full control of all domains in the forest. By default, this group is a member of the Administrators group on all domain controllers in the forest. By default, the Administrator account is a member of this group. Because this group has full control of the forest, add users with caution.

Access this computer from the network; Adjust memory quotas for a process; Back up files and directories; Bypass traverse checking; Change the system time; Create a pagefile; Debug programs; Enable computer and user accounts to be trusted for delegation; Force shutdown from a remote system; Increase scheduling priority; Load and unload device drivers; Allow log on locally; Manage auditing and security log; Modify firmware environment values; Profile single process; Profile system performance; Remove computer from docking station; Restore files and directories; Shut down the system; Take ownership of files or other objects.

 

Most of the IT guys misunderstands the roles of these user groups and their user rights in a domain environment and a forest environment. Now I hope you have a pretty clear picture on what members of these two groups can do.