**Disclaimer**
These instructions are provided **AS IS** ! Use it at **your own risk** !!! We are not encouraging you to crack or hack systems where you have no authorized access. This post is intended for educational purposes.
### Step 1 – Boot from Window ISO Depending your scenario (physical machine or virtual machine), you will need to boot from you Windows ISO Bootable image. When the installation wizard start, set your settings as required and press Next [](https://wikipedia.mutschlerhome.com/uploads/images/gallery/2025-03/yPJimage.png) In the next installation screen, click on the **Repair your Computer** link in order to have access to the command line tool we will use to perform the necessary change [](https://wikipedia.mutschlerhome.com/uploads/images/gallery/2025-03/UHOimage.png) In the **Choose an option** screen, Select the option **Troubleshoot (so the second option on the screenshot !!!)** [](https://wikipedia.mutschlerhome.com/uploads/images/gallery/2025-03/7evimage.png) Finally, in the **Advanced Settings Page**, select the option **Command Prompt** [](https://wikipedia.mutschlerhome.com/uploads/images/gallery/2025-03/85Uimage.png) After clicking on the command Prompt, you can see that indeed we have access to a nice command line interface [](https://wikipedia.mutschlerhome.com/uploads/images/gallery/2025-03/yzDimage.png) ### Step 2 – Modify “Offline Registry” In the command prompt, you will issue the follow command : **regedit**. This will open the registry editor. [](https://wikipedia.mutschlerhome.com/uploads/images/gallery/2025-03/Xw1image.png) In the registry editor, Select on the **HKEY\_LOCAL\_MACHINE** Node and from the **File menu**, Select **Load Hive** [](https://wikipedia.mutschlerhome.com/uploads/images/gallery/2025-03/IqWimage.png) In the dialog box, find **your os partition** and navigate to **c:\\Windows\\System32\\config.** From the location, select the file **Software (not the software.txt file but the software file)** [](https://wikipedia.mutschlerhome.com/uploads/images/gallery/2025-03/6Dvimage.png) Provide a new name to the hive and **press OK** [](https://wikipedia.mutschlerhome.com/uploads/images/gallery/2025-03/NiHimage.png) Expand the newly created folder (i.e. PWD\_HACK) and browse to the following location : **HKLM\\<%Name of loaded HIVE>\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options** [](https://wikipedia.mutschlerhome.com/uploads/images/gallery/2025-03/zjAimage.png) Under the **Image File Execution options**, create a new key called **LogonUI.exe** [](https://wikipedia.mutschlerhome.com/uploads/images/gallery/2025-03/EdFimage.png) [](https://wikipedia.mutschlerhome.com/uploads/images/gallery/2025-03/Vm0image.png) Select the **LogonUI.exe** key and create a new **REG\_SZ (String Value) called Debugger.** Select the String Value **Debugger**, **double-click** on it and put as value the following **c:\\Windows\\system32\\cmd.exe.** [](https://wikipedia.mutschlerhome.com/uploads/images/gallery/2025-03/Ic8image.png) When done, you can reboot your machine…. ### Step 3 – Recover your Password ! The change we have made in the registry will basically start a command prompt with Admin rights instead of the login shell where you would need to enter your username and password… You have to do nothing, the prompt is there and you are ready to reset or create a new user account with admin rights in order to restore your lost access…. [](https://wikipedia.mutschlerhome.com/uploads/images/gallery/2025-03/5KEimage.png) To reset the password of the administrator; type in the command prompt **net user administrator <%newPassword%>****You can also create a new admin user with the commands below. net user newuser01 newPassword /add net localgroup administrators newuser01 /add**
### Step 4 – Revert your Changes while logged in Since we are already on the machine and since we have reset the admin password, we can already revert the changes we have made. We simply need to start registry again and delete the key we have created under **HKLM\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Option** [](https://wikipedia.mutschlerhome.com/uploads/images/gallery/2025-03/vzUimage.png) Wait a few minutes and normally the **standard Login shell** will be displayed. [](https://wikipedia.mutschlerhome.com/uploads/images/gallery/2025-03/M0eimage.png) At this stage, you can try to login into your system with the newly password you have set and you can perform whatever action is needed to restore services on this specific machine.