Password Reset Disks

How many times users forget their passwords! Authentication issues such as forgotten passwords can be easily resolved in a network environment with domain controllers. A domain administrator can perform a password reset for the user’s account from Active Directory while a local administrator can use the Users node of the Computer Management console or using the Manage Accounts option within the Users Accounts control panel. It is important to note that changing a user password will make the user lose access to all EFS-encrypted files, personal certificates and stored passwords for web sites or network resources. In order to be able to recover these files, users need to have a backed up copy of the EFS key or through the EFS recovery agent if one is configured on the computer. If passwords and certificates were backed up then restoring the Windows Vault may help you recover some items.

Password Reset Disks can be created using universal serial bus (USB) storage devices. The weakness of password reset disks is that users need to be well accustomed as to keep these disks update whenever they create new users or change their passwords. Apart from this, users need to store these disks in a locked location as anyone in possession of this disk can gain access to the user’s files.

To create a password reset disk go to the Control Panel, then User Accounts (select View By: Small or Big icons) and click on the Create A Password Reset Disk item. The Forgotten Password Wizard starts and you are prompted to select the removable storage device and to enter the current user account password. It’s that simple – just store the USB device in a secure location!

Recovering a forgotten password is done through the Password Reset Wizard. This wizard can be invoked when a user enters an incorrect password on the Window 7 logon screen, where a Reset password … link becomes available. Click the Reset password … link and then specify the password reset disk’s location and enter a new password. It’s that simple – that’s why the password reset disk is a high security risk!

Note: There are situations when a user account may become locked out. This happens if account lockout policies are configured and a number of incorrect password entries were detected which will lock down the user account. You can reset a locked account from the Computer Management console by removing the check next to the Account Is Locked Out setting. This has nothing to do with users passwords hence, users still need to remember their passwords.