Despite being Microsoft’s most secure operating system ever, it’s possible
to clear or change a user’s Windows 8 password without using anything but the
built-in troubleshooting tools. All it takes is ten minutes, a Windows 8 System
Recovery disc or USB flash drive, and the patience to execute a few simple
directives from the command prompt. The trick, as detailed by Jamal Naji,
boils down to replacing the Ease of Access center application (utilman.exe)
with another copy of the command prompt (cmd.exe).
Once you’ve made the swap from inside the System Recovery environment and
rebooted, you’ll see the Windows 8 login screen again. In the bottom-left
corner of the screen sits the Ease of Access button. Click it, and a command
prompt will appear — and it’s no ordinary command prompt. It’s got full
administrative privileges, and that means you can modify things like other
users’ passwords. The trusty old net command is happy to oblige and will
wipe out a Windows 8 password with minimal fuss. Once you’re done, just reboot
and restore utilman.exe and cmd.exe to their original states, and you’re good
to go.
This password reset hack isn’t unique to Windows 8. It works on Windows 7,
Windows Vista, and Windows Server 2008, too. So why hasn’t Microsoft bothered
to fix what seems like a glaring security oversight? It’s anyone’s guess, but ultimately
if someone has enough free time with your Windows system to pull off the
utilman password hack you’re going to be in trouble even if Microsoft does fix
the flaw.
While this trick works, there are other ways to reset a Windows password
that are far speedier. The Offline NT Password and Registry Editor, for
example, is a tiny, Linux-based tool that can blank a password in fewer steps
and much less time.
Still, it might be a good idea for Microsoft to patch a password security
hole that’s been known about since the days of Vista.
No comments:
Post a Comment