I have got this material from a E-book having name Windows NT 4 Server Unleashed.

What to Do if You Lose Your Administrative Password ?

    Many people think that because NT is "so secure," if you loose your administrator account's password, and you don't have any other accounts with administrative permissions, you're up the creek without a paddle. Actually this is not true. I've talked to many people who have reinstalled NT from scratch and lost all their data because they were somehow locked out of their system. You don't have to do this!

I went through a lot of soul searching when I was deciding how to approach this topic. Essentially, I am describing a method of breaking into Windows NT. While it is normally considered bad taste by most people to provide detailed explanations of how to break into systems, I decided that this isn't the case here. This is not some procedure where someone can break into a system undetected over the network. Nor is it even a method of infiltrating NT without leaving a trace. While it is possible to set up scenarios where both of these tasks are possible, what I will describe in this scenario is a simple method of recovering important files from a system to which you have full physical access. Additionally, in the process of performing this procedure you will effectively destroy the system in order to get to data stored on the disk.

So why are we doing this? Well, if all other methods of accessing your NT Server fail, you would use this as a last resort. I've had people forget the only administrative password to a system. Or, even worse, a disgruntled administrator leaves your company and changes all the administrative passwords. If you keep backups, that might be fine. However, in case there is data on the system that cannot be recovered from backup, you could use this method to recover the necessary data before restoring the rest of the system from backup.

WARNING:

While this procedure is a useful method for recovering data from an otherwise-inaccessible NT system, it will completely replace the user account, registry, and configuration information.

While the steps for performing this procedure are relatively simple, many people don't realize it can be done, because it is not fully explained in Microsoft's NT documentation.

You will need a copy of the NT distribution media. The example here assumes you have the NT Server CD-ROM and three accompanying setup disks. Here are the steps to perform this operation:

1.    Boot your system with the NT Setup Boot Disk in drive A.

2.    When prompted, insert Disk 2.

3.    NT Setup will load and present you with four options. You should press Enter, indicating you want to install Windows NT.

4.    Allow NT Setup to detect any mass storage devices by pressing enter when prompted. If you prefer, you can specify them yourself.

5.    Insert Disk 3 when prompted.

6.    At the bottom of the screen the setup program will indicate that it is searching the system for existing NT installations.

  A message indicating the existing NT installations will appear. At this point the NT Setup assumes that you are trying to upgrade one of these installations, which it will do if you press enter. This is not what you want to do. If you choose this option, the security account information will not be replaced, thus defeating our purpose.

7.    Press N to indicate that you want to install a new installation of     Windows NT.

8.    A list of your hardware configuration will appear on the screen. If everything is correct, press Enter to continue.

9.    Now a list of all the drives and existing partitions will appear on the screen. Use the up and down arrow keys to select the partition with the installation of Windows NT that you want to "break into." Press Enter when it is highlighted.

10.   You will now be prompted about what you want to do with the file  system. You should choose the option "Leave the current file system intact (no change)" and press Enter.

11.   You will not be prompted to enter the path where you want the NT system files to be installed. You should enter the path for the existing system files, such as \WINNT, or \WINNT35. Press Enter.

12.   The setup program will display a message indicating that the directory you entered contains an existing NT installation, which will be overwritten, replacing the user account, security, and configuration information. Press Enter to continue.

13.   The setup program will now copy files from the CD-ROM to the hard drive. Depending on the speed of your system, this could take 5 to 20 minutes.

If someone played around with the NTFS security permissions on the system directory where you are reinstalling NT, you might get errors indicating that certain files could not be copied. This is fine. You can just choose the option to ignore it.

14.   When it's finished, you will be prompted to remove the floppy disk and press Enter to reboot the system. Do this.

15.   NT will reboot and enter the GUI part of the installation procedure. Depending on your goals here, you can just skip various parts of the system setup. I recommend that you do only what is necessary to recover your necessary files. If you have a tape drive, you can backup the system to tape, reinstall a good, clean copy of Windows NT and recover the files you need.

If you get "access denied" errors when logging on, or trying to access data, simply take ownership of everything on the drive and grant the administrator account full access permissions to everything.

        Granted, this procedure is messy, but sometimes you need to recover files that might be otherwise unrecoverable. It's actually a good thing that this procedure does destroy the system. This way, you can tell if your system has been infiltrated. Also, by breaking into a system using this method, you replace the system's unique identifier token, which identifies itself to other systems in the NT domain. This means that if someone can gain physical access to a machine on your network and uses this method to break into it, they cannot use that to leverage an assault on other machines in the domain.