Recovering from a Lost Windows Password with Hiren’s BootCD


This classroom lab started as a way to teach students about the BIOS and its usefulness. For example, what if you forgot your Windows 7 or Windows 8 password and you could not login to your computer? Is there a way to bypass user authentication and access your system? Yes, there is. In this lab exercise, you will bypass a login failure, caused by a forgotten Windows password, by using Hiren’s BootCD. To accomplish this, you will need to be able to access your computer’s BIOS and set the boot order. What about the opposite situation? What if you wanted to protect your system from someone booting to the CDROM, or a USB thumb drive and bypassing your password with special software? Is there a way to protect your system from someone trying to bypass your password by accessing the optical drive or USB port? Yes there is, and in that particular situation setting the BIOS boot order and password protecting the BIOS is very useful.

Here are the different topics that this lab covers:

BIOS – a program or firmware stored on a ROM chip that runs the power on self test, locates and runs the boot loader, and is an interface to the computer hardware.

CMOS – integrated circuit used to store configuration settings in BIOS. One of those settings is the Boot Order. When the computer is powered off CMOS configuration settings are retained because of a small battery plugged into the motherboard.

boot order – a setting configured in BIOS that determines the priority device order from which to boot the system. Devices will be checked in order, for the presence of boot code and boot files from which to boot the system. For example, if the CDROM drive is listed first in the boot order, the system will check the CDROM drive for the presence of a bootable disk, if one is found like a Windows installation CD/DVD then the system will boot to the install disk, but if none is found, the system will check the next device in the boot order. If the hard disk drive is listed first in the boot order, and has an operating system installed, then the system will boot from the hard disk drive and the CDROM will always be bypassed when the system boots.  Bootable CD/DVDs – to create a bootable CD or DVD you will need a burning program like ImgBurn, capable of burning a bootable disc from a .iso bootable image file. Note, AVG antivirus will by default flag and block ImgBurn as having a virus. After doing some research on ImgBurn I decided that this is not warranted and I have personally clicked to allow it. You can always find an alternative program with which to burn bootable CDs from .ISO image files.

Bootable USB thumb drive
– to create a bootable USB thumb drive you will use a program like Universal USB Installer, designed to format thumb drives, install boot code and boot files, and you will also need a .iso bootable image file to copy to the thumb drive.

Hiren’s BootCD – a custom built operating system and live CD that can be run from memory through a CD or removable device like a USB thumb drive. Hiren’s BootCD contains programs that can be used to recover from a lost password, lost files and data, registry tools, antivirus tools and more.

Kaspersky Rescue Disk 10 – custom built operating system and live CD that can be run from memory through a CD or removable device like a USB thumb drive. Kaspersky Rescue Disk 10 is an antivirus, rootkit and malware scanning tool designed to disinfect computer systems.

VMware Player – desktop virtualization software used to create virtual computers (virtual machines) that run an entire operating system within a window on your desktop. Virtual machines running alongside the host computer system are visible on the network just like any other computer on the network.

Recovering from a Lost Windows Password – Lab Steps

In this lab you, you start with a hypothetical situation that you have forgotten your Windows password and you need to clear the Windows password to access your computer. To do this you will need to use the BIOS, the boot order, and Hiren’s BootCD burned to a bootable CD or installed on a bootable thumb drive.

Step 1 – If you are testing this lab on your main computer system, I recommend that you start by creating an additional user account with password that you will pretend to lose. You will use this test account as the account that you are attempting to clear the password on. Go to Start > Control Panel > User Accounts and create a new user with administrative privileges and password.

Step 2 – Next, go to, click the Download link, scroll down the page and download the compressed file The file extracts into a folder and within that folder you will find the bootable .iso image file: Hiren’s.BootCD.15.2.iso. To boot your computer to this file you will need to burn the Hiren’s.BootCD.15.2.iso file to a bootable image disc (CD) with a program like ImgBurn, or you can create a bootable USB thumb drive with a program like Universal USB Installer, which is optimized to create bootable thumb drives for Hiren’s Boot CD.

Virtualization Option: Another choice is to do this entire lab on a Windows 7 virtual machine running on your desktop. To do that you will need a Windows 7 or 8 virtual machine running in either VMware Player or VirtualBox. For that option you only need the .iso image file, no bootable CD or thumb drive is necessary. Go to edit virtual machine settings, select the CD/DVD (IDE), and under connection select use ISO image file and browse for the Hiren’s.BootCD.15.2.iso file. Make sure Connect at power on is selected. You will also need to boot to the virtual machines BIOS and set the boot order as well (see below).

Burning a Bootable CD with ImgBurn

Run the program ImgBurn and select “Write image file to disc”

Then click the browse file location button to find the Hiren’s.BootCD.15.2.iso file ,
Place your CD in the CD Drive and press Write

Creating a Bootable USB thumb drive with Universal USB Installer

Select Hiren’s Boot CD from the pull down menu

Browse for the Hiren’s.BootCD.15.2.iso file,

Put in a blank USB thumb drive and select the corresponding drive letter,
Checkmark format the drive as Fat32, and click Create


Step 3 – Start your computer and go into Setup Mode (BIOS) – To do this, as you start your computer, look to the corners of your monitor screen for information on how to enter Setup Mode. It usually involves pressing a key like the F2 or Delete key. The instructions will only flash momentarily so you need to be ready to press the key quickly.

Computer monitor screen with instructions on entering setup mode at the bottom

BIOS Setup screen


Step 4 – Using your keyboard arrow keys find the Boot Menu where you can change the boot order. To boot to a CD or thumb drive you will need to have the CD-ROM drive and Removable Devices placed above the Hard Disk Drive in the order. This is usually done with the + and – keys on your keyboard.


Step 5 – Place your newly created Hiren’s BootCD in the CD/DVD drive or your Hirens thumb drive in a USB port and restart your computer. If the BIOS was configured to boot to the CD/DVD drive and Removable Devices prior to the Hard Disk Drive then your computer should boot to the Hiren’s BootCD and you should see a welcome screen.


Step 6 – Now that you are running the Hiren’s BootCD environment from memory, use your keyboard arrow down to Offline NT/2000/XP/Vista/7 Password Changer and press enter.

Step 7 – Press Enter and then Enter again at the boot: prompt on the next screen:

Step 8 – On the following screen you need to select the partition where Windows is located. In my screenshot you can see that 1) is the small 100Mb boot partition and 2) is the larger Windows partition. So, in my case I typed in the number 2 and then pressed enter. Your situation may be different if you have multiple partitions or hard disk drives

Step 9 – The following screen shows that the Windows installation was found and that the path to the registry directory at Windows/System32/config was also found. The prompt displas the path as the default choice between brackets. Press enter to accept.

Step 10 – Choose the default choice [1] – Password reset [sam system security] and press enter.

Step 11 – Again choose the default choice [1] – Edit user data and passwords and press enter

Step 12 – This screen shows that four users were discovered: Administrator, Guest, student, and testuser. The account that I am trying to clear the password on is the student account. Notice at the bottom of the screen that I have typed in student and now I just need to press enter.

Step 13 – At this screen you are given a choice to clear the user password, edit the user password, promote the user to administrative privileges, or quit. I recommend clearing the password and then resetting it later through the control panel once you are logged in.  Enter 1 – Clear (blank) user password and press enter.

Step 14 – You can see from this screen that account bits have been set to: password does not expire, normal account, and password not required. You can also see the response to the last entry: Password cleared! Enter an ! to quit and press enter.

Step 15 – Enter q to quit and press enter.

Step 16 – This screen shows that we have reached the final step: Writing back changes. Enter y for yes and press enter.

Step 17 – This screen shows Edit Complete. and prompts you if you want to run it again. Accept the default [n] for no and press enter.

Step 18 – This screen shows that you have reached the end of the scripts. Remove the boot CD or boot USB thumbdrive and press Ctrl+Alt+Delete to reboot your computer. After rebooting you will be able to test the user account to see if the password has been removed.

Step 19 – You can see from the image below that I have more than one user account. At the beginning of the lab, I recommended creating an extra user account to use to test clearing the password on. In this case, I cleared the student account password. If the password was successfully cleared then I should go directly to the desktop after clicking the student login icon.

Step 20 – Success! The system goes directly to the desktop without a user password prompt.

Video Tutorial

Author: Dan

Dan teaches computer networking and security classes at Central Oregon Community College.

Leave a Reply

Your email address will not be published.