Update!: Regardless of the fact that the method described below still works for Windows 2012 incl. Domain Controllers, it is not a supported way and you use it at your own risk.
There are several ways to reset a local admin password. The one I’m posting here is one of the simplest one, and YES!, it works for a domain admin password too! So I think you’ll gonna think about your physical server storage and access security again after you’ve read this post.
So how that works?
- Use a windows bootable installation media (physical or ISO)
- Choose Language
- Choose “Repair” option
- Choose instance of windows to repair
- Select “command prompt” as recovery option
- Change to %systemdrive%\Windows\System32
- Rename utilman.exe to utilman.exe.orig
- copy cmd.exe to utilman.exe
- Reboot from local disk
- At the logon prompt Press “Windows-Key – U” (this opens a command prompt
- net user administrator MyNewDamnPassword
- Logon with your new password
- Delete utilman.exe and rename utilman.exe.orig back to utilman.exe
Surprised? Shocked? Don’t mind about tricks like this one, but think about your servers physical placement and who has access to them!
(and of course in a virtual world you might think about who can mount a ISO to VM and boot it from that)