One of a network administrator’s biggest headaches is dealing with users who forget their passwords. However, it’s a headache you can do something about. If you’re using Windows XP, you can create password reset disks that let users reset their own passwords, freeing you from the tedious procedure. In this Daily Feature, I’ll show you how to create and use a Windows XP password reset disk.
Why use a password reset disk?
If you’ve previously administered other versions of Windows, you’re probably wondering why you should bother creating a password reset disk instead of just logging on as an administrator and resetting the password the old-fashion way. The short answer is that you can use an administrator account to reset either a local or a domain account’s password. However, creating a password reset disk lets users reset their own passwords, freeing up your time for other duties.
Using an administrator account to reset the default user account’s password also compromises some important settings in the process:
- All accounts on the machine will permanently lose access to any files that have been encrypted.
- Users will also permanently lose access to any e-mail messages that have been encrypted with a public key.
- Any other passwords, such as passwords to Web sites that are stored on the machine, will be lost.
A password reset disk will preserve these settings, further reducing the burden on the administrator.
Creating a password reset disk
There are two different methods for creating a password reset disk. You’ll have to create one type of disk for resetting local user accounts (such as the default user account) and another type to reset passwords on a Windows XP machine that’s attached to a domain.
Creating a password disk for a standalone or workgroup computer
To create a password reset disk for a standalone workstation or for a workstation that is a member of a workgroup rather than a domain, you must begin by determining whether you’re logged on as an administrator or as the user who needs the disk.
If you’re logged in as an administrator, open the Control Panel and double-click the User Accounts icon. When the User Accounts properties sheet opens, look in the Users For This Computer pane on the Users tab and select the user account you want to create a password reset disk for. Next, in the Related Tasks section, click the Prevent A Forgotten Password button. When you do, Windows will launch a wizard that helps you create the password reset disk. The wizard is very simple. It’ll prompt you to insert a blank disk and enter the current password of the user for whom you’re making the disk. That’s all there is to it—Windows will create the disk.
Creating a password reset disk from a limited usage user account isn’t much more involved. Open the Control Panel and double-click the User Accounts icon. Rather than selecting a user account and clicking the Prevent A Forgotten Password button, just click the Prevent A Forgotten Password button. When you do, Windows will launch the same wizard as before. This wizard will ask for a blank disk and the user’s current password, and it will then create the disk based on that information.
Creating a password disk for a computer that is a part of a domain
Creating a password reset disk for a computer that’s a member of a domain is a bit more involved. The biggest thing to remember is that the disk is user dependent. You can’t simply create one disk that allows all of your users to reset their passwords—each user requires his or her very own disk.
To create this password reset disk, you must be logged in as the user who will be using the disk. Begin by pressing [Ctrl][Alt][Delete] to display the Windows Security dialog box. When this dialog box appears, click the Change Password button to reveal the Change Password dialog box. Now, select the local computer from the Log On To drop-down list.
Pay attention to the computer’s name
You won’t actually see anything that says Local Computer. Instead, it will be the name of the computer. For example, on my test system, the local computer appears as Taz (This Computer).
Once you’ve selected the local computer, click the Backup button. When you do, Windows will launch the Forgotten Password Wizard. The initial screen explains that, no matter how many times you might forget your password, you only need to create the password reset disk once. Click Next to bypass the welcome screen. When you do, Windows will prompt you to insert a blank, formatted, 3.5-inch floppy disk into drive A. After inserting the disk, enter the current password for the account in question and click Next. Windows will then create the password reset disk. On my test system, the process took roughly ten seconds. When the disk creation process completes, click Next, Finish, and Cancel to return to the main Windows screen.
Using the password reset disk
Using the password reset disk is fairly simple. You must attempt to log into Windows, but you must enter the password incorrectly. When you do, Windows will display the Logon Failed dialog box. Click the Reset button on this dialog box to launch the Password Reset Wizard. Click Next to bypass the welcome screen, and you’ll be prompted to insert your password reset disk. After inserting the disk, click Next, and Windows will read the disk’s password file. At this point, you’ll be prompted to enter a new password and then to retype the new password. You can even enter a password hint to help you figure the password out, should you forget it again.
Finally, click Next and Finish. Windows will activate the new password and update the contents of the password reset disk to reflect the new password. Keep in mind that the disk will be reset when you use it to change a password. However, if you change a password without the aid of the disk, you must recreate the disk in order to keep it up to date with the new password.
The password reset disk can make life easier for everyone—your users can reset their own passwords, and you won’t have to do it for them. However, before allowing users to create password reset disks, you should explain to them the sensitive nature of the information on the disk, and that they should keep the disk in a safe place. You should also explain that the disk is both user- and computer-dependent. They can’t use the disk to reset another user’s password, nor can they use it to reset a duplicate account on another machine. The disk can only be used by the designated user account on the designated computer.