Recover Windows 7 password of admin account with auto-logon enabled

I have a Windows 7 installation with just one (admin) account (guest is disabled). It is set to auto-login so I can get in without any problems and I can also 'right click' -> 'run as administrator' things without having to type any password, just by clicking 'yes' when the UAC prompt appears.

I forgot the password and I'd like to recover it.

I've read that (because of auto-logon) I should have this keys:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoAdminLogon = "1"
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\DefaultUserName = username
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\DefaultPassword = password

I have AutoAdminLogon and DefaultUserName but not DefaultPassword.

How can the system auto-logon if the password is not there? Can it be somewhere else?

Having that I can run things as administrator I feel like there should be a way to change the password without entering the old one, but can't figure how...

EDIT I don't think my password is blank because if I try to change it in the account settings leaving the old password field black it tells me the password is wrong

EDIT2 ophcrack finds 4 hashes and yelds no error but the .txt where it is supposed to put the password is empty. I'm really starting to think that the admin password is indeed empty... Is there a way to be sure of it? And if it's really empty, shouldn't there be a not-hacky way to set one?

EDIT3 As suggested by the user @abhishekkannojia i tried the command:

net user *account name* *new password*

But before going through the steps to get a super user shell I tried it on a shell runned as administrator and surprise surprise... it worked! It did not ask me the previous password and I've cheked that the new one is effectively active. Out of curiosity I tried that command again and it still let me change the password of the account I'm logged into without asking me the previous one. This is kind of strange but... it worked.

So, I'm accepting @abhishekkannojia answer but I recommend anyone who will read this question to try my "soft" version firt (using administrator shell). A special thank to @Jason C who posted the software: http://securityxploded.com/windows-autologin-password.php which would have been perfect for me if I had configured the auto-logon like this


Solution 1:

I remember when I forgot my Windows Admin Password and how tried various methods to recover password. The following method worked for me.
You cannot recover password by following method but you can reset it. The idea behind the method is that somehow obtain Super User Privilege (System User in Windows) to modify admin's user account.

Steps:

  1. First of all rename this file located in system32 sethc.exe to sethc.exe.old and create a copy of cmd.exe located in same directory. Now rename the new copied cmd.exe to sethc.exe. These files are locted in C:\Windows\System32\ .
    Note that Windows 7 does not allow you to modify system files. To do that you can get any Live Bootable Linux which can be booted through USB. There are tons of them, choose any of them. Now when system is booted in Linux mount Windows Parition and perform above task.

  2. Now Reboot into Windows. At the login Screen. Press Shift Key 5 times. A Command Window will appear (This Prompt will be having System User privileges). Now type following command to change password.

    C:\> net user admin new-password

    Replace admin with your username and new-password with the new desired password.

  3. You can now Login with New password. You also need to revert back the changes you made in 1st step. You can again login through live bootable media and change the files to their original state.

Hope It helps. Let me know if this worked for you. :)

Solution 2:

There are plenty of ways to recover a Windows 7 password, most can be found by searching for "windows 7 recover password".

There is a tool specifically for recovering auto-login passwords. I have not tried it but if it works it is likely the quickest option:

  • http://securityxploded.com/windows-autologin-password.php

See "windows 7 recover autologin password" for more options along that line.

The easiest, failing that, is probably to use one of the 8 password recovery tools found here, which include:

  • Ophcrack
  • Offline NT Password & Registry Editor
  • PC Login Now (deletes password; then you log in with no password and set a new one)
  • Kon-Boot
  • Cain & Abel
  • LCP
  • Trinity Rescue Kit
  • John the Ripper (a classic)

There is also a less convenient but slightly more legit (still hacky) way here. Although I do not know if that one will work with auto-login enabled. It is likely quicker than the above, however. Another answer below (or above as the case may be) describes a similar technique.

Once you are done, if you feel this may happen again, consider creating a password reset disk.

Solution 3:

Contrary to micwallace, another SO/SU question (here) confirms that this CAN be done in Windows 7 (and, actually, we do it on some machines where I work and the steps are identical). This should work on non-domain installs too.

Returning to your question: If the "password" box is empty then, at a guess, the admin password is blank. Especially if the machine logs in automatically and the registry keys don't have password containing any text.

Solution 4:

Another easy way to change the password without needing to know it first would be via the Local Users and Groups section in Computer Management.

Just right click on the user and select Set Password.

Its possible that some editions of Windows don't have this though - I can't remember which.

Note that you'll need to reset your auto login afterwards so that it continues to auto-login.