56 - Forgotten Windows password? No problem with Kon-Boot!

counter for tumblr

If you have a Windows Install or Recovery DVD, you can create a new Windows user account using a Windows security loophole (see end of this article), but if you don't want to do this because it alters the system, you can log-in to most Windows PCs without changing the system at all using Kon-Boot.

See also the Easy2Boot project which supports KonBoot and the PassPass download (PassPass patches a Windows dll to allow any password to work on XP-Win8.1)
You can also use the UtilMan.exe hack to create a new Admin account on any unencrypted Windows computer that will boot from a USB (see here for a semi-automated Easy2Boot method).
Also see blog post for how to add KonBoot+UEFI booting to an Easy2Boot USB multiboot drive.

If you have forgotten your user password to your Windows system, you can bypass the password entry using Kon-Boot (provided you have not encrypted your drive using a free utility like TrueCrypt).
Kon-Boot does not make any changes to your system and does not alter the hard disk in any way, it just patches in memory the Windows code that requires you to enter a password.

For Windows 8.1 you will need KonBoot 2.4 or later (approx $15)

Here are the 5 steps you need to take:

1. Make a bootable USB drive (or burn an ISO to a CD) - the instructions to make a USB Flash drive are detailed below.
2. Boot the target system from the USB drive (or CD).
3. Allow Kon-Boot to run (you will need to press Enter) and then allow it to reboot your system - if it boots from the USB drive again use the menu item to reboot to the hard disk. You must boot to KonBoot immediately before the system boots into Windows - if the Windows boot manager reboots the system before loading Windows, then you must boot to KonBoot again.

Hit a key to continue at this point The system will reboot after this screen is displayed.

4. Now allow the system to boot to Windows and log-in as usual (choose an account that has Administrator rights) - no password will be required
5. Now you can use Control Panel to change the user account password(s) as you require and then reboot Windows as normal.

Warning: If you use KonBoot, it may cause some applications to loose Windows account auto-authentication. This means that when you reboot normally, you may have to re-enter some application or website usernames and passwords again that normally used to log in automatically. In some cases, you may have to re-install the applications again (e.g. DropBox) in order to re-enable it.

The steps below assume you want to create a bootable USB Flash drive from which you can run Kon-Boot.

Please note: It is illegal to use this on someone's system without their permission!

Your anti-virus software may warn you or even delete the Kon-Boot downloaded file. As far as I know, Kon-Boot is virus-free and safe to use.

  • A USB Flash drive (2MB or larger)
  • RMPrepUSB installed on your system (or download the portable version)
  • A Windows computer to prepare the USB Flash drive with
1. Download the latest version of Kon-Boot from www.kryptoslogic.com which costs $16. There is an older free version at http://www.piotrbania.com/all/kon-boot/ (download the floppy image for Windows&linux - the password needed to unzip it is kon-boot). You need to extract the file FD0-konboot-v1.1-2in1.img . A version that works with XP/Vista/Windows 8 (v1.1 2010-2013) should be used for Vista/7/8 32 or 64-bit.

2. Use RMPrepUSB to format and prepare your USB Flash drive. You can choose any bootloader option or filesystem but remember to tick the Boot as HDD option. If you are unsure what options to use, just copy the settings from the picture below:
Click on the 6 Prepare Drive button to format your USB drive

3. Now install grub4dos by clicking on the Install grub4dos button and follow the instructions - press Enter when prompted to copy over the grldr file

4. Now press F4 and Notepad will create a new file called menu.lst. Copy and paste the following text into menu.lst and save the contents.

title KONBOOT\nRemove the USB drive and press Enter once Kon-Boot starts to run then allow it to reboot your system to Windows
errorcheck off
map --mem /FD0-konboot-v1.1-2in1.img (fd0)
map (hd1) (hd0)
map (hd0) (hd1)
map --hook
map --harddrives=1
map --floppies=1
pause --wait=3 Remove USB Pen NOW!
chainloader (fd0)+1
rootnoverify (fd0)

# Next 2 examples from a post by Survivor at reboot.pro... (DID NOT SEEM TO WORK for me!..)
title KONBOOT for XP - use if first hard disk is not your XP disk\nPress Enter once Kon-Boot starts to run then allow it to reboot your system to Windows
errorcheck off
map --mem /FD0-konboot-v1.1-2in1.img (fd0)
find --set-root --devices=h /ntldr && map () (hd0)
map --hook
chainloader (fd0)+1
rootnoverify (fd0)

title KONBOOT for Vista or Win7/8 - use if first hard disk is not your Vista/7/8 disk\nPress Enter once Kon-Boot starts to run then allow it to reboot your system to Windows
errorcheck off
map --mem /FD0-konboot-v1.1-2in1.img (fd0)
find --set-root --devices=h /bootmgr && map () (hd0)
map --hook
chainloader (fd0)+1
rootnoverify (fd0)

title Boot to Internal Hard Disk
map (hd0) (hd1) && map (hd1) (hd0)
map --hook
chainloader (hd0)+1
rootnoverify (hd0)

5. Copy over the FD0-konboot-v1.1-2in1.img file to the USB drive. You should now have 3 files on the USB drive:


6. The USB Flash drive is now ready to test. If you wish you can test it harmlessly within Windows by clicking on the Test using QEMU Emulator (F11) button in RMPrepUSB (type 0 for the Virtual hard disk size and use the default memory size offered) - you should see the first two screens at the top of this page (press a key to get to the second screen).

7. Now you can use the USB Flash drive on the target system. Insert the USB FLash key and switch on the system. Set the BIOS options on the target system so that it boots to a USB drive or use the Bios Boot Selection menu (often invoked by pressing the ESC, F11 or F10 key during BIOS start-up) and choose to boot from the Flash key. You should see the grub4dos menu below:

grub4dos Kon-Boot menu
Press Enter to run Kon-Boot - once it is running, remove the USB Flash drive. Now press a key to allow Kon-Boot to start and then reboot from the target system's hard disk drive automatically. You should now be able to log in to any Windows user account without needing a password.

Note: If you reboot the system or switch it off before making any account changes, the patch will be lost and the target Windows system will boot normally and Windows will require the normal passwords. In this case just reboot using Kon-Boot again.

Alternate method without requiring any 3rd-party program

If you have a Windows Vista or Windows 7 Recovery or Install DVD, or have a bootable WinPE drive, it is possible to create a new account with Administrator rights on any Vista/Windows7 computer as follows:

  1. Boot to Windows PE or your Recovery DVD or Install DVD and cancel any 'repair' options - you need to get to the command prompt (there should eventually be a menu option for this)

    Run the Command Prompt menu option

  2. Type the following command in the black console window: copy c:\windows\system32\sethc.exe c:\ (where c: is the drive letter where your OS is installed)
  3. Now type the following command: copy /y c:\windows\system32\cmd.exe c:\windows\system32/sethc.exe
  4. Switch off and on again to reboot your computer - press F8 and choose 'Boot as Normal' do NOT choose the 'Repair' option if it is offered.
  5. Allow the computer to boot to Windows as normal and when you see the log-on screen, press the Shift key five times.
  6. You should see a command prompt window. Type: net user test pwd to create a new user account called 'test' with a password of 'pwd'
  7. Now you can use your new 'test' account and password to log in. Don’t forget to restore the Sticky Keys application afterwards using: copy /y c:\sethc.exe c:\windows\system32\sethc.exe (you will need to enter this command from an Administrator console window - Start Menu - All Programs - Accessories - Command Prompt - (right-click) - Run as Administrator).
This method and a similar method for Windows 8/10 using UtilMan.exe can also be used to create a new Admin account on any unencrypted Windows computer that will boot from a USB (see here for a semi-automated Easy2Boot method).

Additional Info