Kon-Boot – The fastest way to remove a Windows password

Michael PietroforteMVP By Michael Pietroforte - Thu, August 19, 2010 - 23 comments google+ icon

Michael Pietroforte is the founder and editor of 4sysops. He is a Microsoft Most Valuable Professional (MVP) with more than 30 years of experience in system administration.

Update: Kon-Boot is no longer free and I don’t recommend buying a tool to reset a Windows password.  I published a new guide that explains how to reset the Windows 8 administrator password without the need of any third-party tools.

It appears that removing Windows passwords on a machine where you lost the administrator password has become my passion. Kon-Boot is probably the fastest and easiest way to remove a Windows password. All you have to do is insert the Kon-Boot boot CD, and the tool does the rest for you.

Remove Windows Password -Kon Boot Welcome Screen

Shortly after the CD drive starts spinning, you will see the Kon-Boot welcome screen. At this point, you have to press a key for Kon-Boot to continue. Somehow this destroys the beauty of this tool because it would certainly be even cooler to hack Windows without touching a key.

After you press a key, a second “I-am-so-proud-to-be-hacker-screen” appears. You have to wait here until the ego screen finishes its display, and then Kon-Boot will finally do what it is supposed to do. The last part is very quick and only takes a fraction of the time that the tool needs to display its hello-world screens.

Remove Windows Password -Kon.Boot Welcome Screen 2

You don’t receive a message that informs you whether the mission has been accomplished. Kon-Boot just reboots Windows and sets an empty password for all accounts it finds, enabling you to log on to any of the local accounts without a password. Update (see comment below): Kon-Boot changes the contents of the Windows kernel on the fly while booting allowing you to log on without password. Thus the tool doesn’t change the SAM database. If you reboot again without using Kon-Boot you need the old passwords.

I think, this would be the perfect password remove tool for all those desperate computer laymen who want to access their computer as quickly as possible without bothering their heads with terms such as system drive or SAM database.

However, I can’t really recommend this tool. I have tried the tool on a couple of Windows 7 machines and it failed several times. On Windows 7 Ultimate, it simply wasn’t able to remove the password, and crashed a freshly installed Windows 7 Home Premium computer. It worked consistently fine, however, on Vista and Windows XP.

The publisher claims that the recently updated version also supports Windows 7, and reports on the web appear to confirm this. So perhaps all my Windows 7 installations just had something in common that Kon-Boot didn’t like. If you have tried the tool on Windows 7, please let me know in a comment below.

Before you try the tool, you should know that some antivirus vendors identify Kon-Boot as malware. This is probably because its publisher markets Kon-Boot as a hacking tool. It is no wonder that Microsoft’s Security Essentials also classifies the tool as dangerous. It is kind of disrespectful to crack Windows on the fly.

On the other hand, I don’t understand why Microsoft doesn’t put a stop to such tools. It is true that a computer is much easier to crack if you have physical access. However, removing a administrator password appears to me to be too easy. Microsoft certainly could add one or two security levels that would prevent such easy hacks.

I mostly reviewed Kon-Boot to demonstrate how important it is to ensure that computers in your network can’t be hacked within a few seconds by a cleaning lady. Even though tools such as Kon-Boot won’t give an attacker access to domain accounts, it is no big deal to install a Trojan with a keylocker on all your desktops and just wait until users or domain administrators enter more interesting passwords.

In one of my next posts, I will show you what you can do to prevent cleaning lady hacks.

PS: Also check out the options you have to reset a Windows password.

-1+1 - Rate this post
Loading ... Loading ...
Disclaimer
Your question wasn't answered? Please ask in the new 4sysops forum!

23 Comments- Leave a Reply

  1. krimkrimminy says:

    Silly question. Did you use the freely available version at http://www.piotrbania.com/all/kon-boot/ or did you purchase the updated version from http://www.kryptoslogic.com/?area=2&item=2 ?

  2. Tom says:

    It’s pretty easy to prevent these attacks… simply encrypt your hard drive with something like TrueCrypt.

  3. krimkrimminy, I used the free version. I wouldn’t write about a commercial password reset tool.

    Tom, easy, yes, but also expensive, especially if you use TrueCrypt. At least for organizations. I can’t really recommend TrueCrypt hard drive encryption.

  4. Garrett W. says:

    I have a Server 2008 R2 machine that I forgot the admin password on. I must have thought it would be easy enough to remember, cuz I didn’t make a pw reset disk. Do you think this prog would work with my OS?

  5. Garret, I guess it would work, but check out the other options you have to reset the password first.

  6. ElKapitanPingaloco says:

    Just physically secure the computer case, set a power-on BIOS password, and/or disable boot from removable storage drives and network (if possible), it’s simple as anything and the average cleaning lady doesn’t have lock-picking and basic IT hardware skills…

  7. ElKapitanPingaloco, physically securing the computer case is also a good option. We did this at my former employer for public PCs. However, a reliable solution can can get expensive.

  8. Mark says:

    When you say “Kon-Boot just reboots Windows and sets an empty password for all accounts it finds” that is misleading. My understanding is that Kon-Boot does not change any passwords, it just patches the Windows kernel in memory, so any password you type passes the authentication test. Unless you change a s password or some other changes, Kon-Boot makes no changes to the hard drive, so when you reboot everything is the same as it was. At least that’s how it worked when I tested it a year ago.

  9. Cameron says:

    On Windows XP machines, just press F8 at boot(think it’s that function key) and select ‘Safe Mode’. Then, once the computer has booted, another user called Administrator will appear with NO PASSWORD. I used that to recover a Win XP Home machine that my friend forgot the password to. Don’t know about Professional editions, and I think that’s probably easier than burning .iso files (for most users anyway)

  10. Mark, thanks a lot for the hint. I corrected the error in the text.

    Cameron, don’t you have to configure an Administrator password when you install XP?

  11. dick says:

    Michael,

    no you don’t have to.. but many people who would create accounts with passes will also put a pass on their admin account, so Cam’s suggestion is just based on circumstance.

  12. dick, I haven’t installed XP for ages, but doesn’t installation wizard ask for the admin password?

  13. Lars Berntrop-Bos says:

    @Michael XP Pro does, XP Home doesn’t, and creates Admin account with blank password. Makes for real easy entry…

  14. Lars, oh yeah, thanks. I always forget about XP Home.

  15. Konboot v1.1 says:

    Konboot v1.1 32/64bit support 2010 updates

    Version 1.1
    —————-
    - Added 64-bit environment support
    - Added USB support tools (grldr, klmemusb)
    - Added debugging code to make it easier to track down various compatibility problems
    - Added help file
    - Fixed bug in Windows 7 support failures
    - Removed Linux support
    - Many performance improvements to source code
    - Improved BIOS support by reducing code size significantly

    http://www.mediafire.com/?l9klacnfwlav6gb

  16. Paulo says:

    Amazing program ultra easy, simply enter win without password, and remove pass, if needed create new administrator user enter with new account and remove pass from 1st account u have lost pass.
    Thk U Konboot

  17. Andrew says:

    The Kon-Boot worked great on Windows Vista. I just booted and logged into an Administrative account, went to accounts and created a new account with admin rights and rebooted, logged into the new account with no passwords.
    went back into accounts and created a password for the new account

  18. Bob says:

    I used Kon Boot on a very old (9 years) computer that had Windows XP Pro on it and it didn’t work. Kon Boot has some problems with certain bios’ according to some info I found. I used the same Kon Boot distro on a newer computer (Compaq desktop about 4 years old) with XP Pro installed and it worked fine. I also used it on a Toshiba laptop (3 years old) that has Vista installed on it and it also worked fine. I took this same Kon Boot CD over to a friends house and tried it on both his daughters and sons ASUS laptops ( both less than a year old) with Windows 7 installed on them and it didn’t work on either one. So it’s a mixed bag. I helped this same friends son some time ago when he messed up his password and I was able to blank his password with a linux type password blanker. That worked fine on his Windows 7 laptop and it’s an emergency tool I’ve had for years.

  19. Alan says:

    Can someone post the 2.0 version

  20. Jared says:

    I agree with Alan. Will somebody please post the 2.0 version? I was willing to pay for it, but I can’t check out with PayPal, and that’s the only check-out method they offer.

  21. Kayla says:

    Ok, here’s my situation.
    Just got my computer back after about 7 months of it being away (at my grandma’s house collecting dust).
    I had a password for my account, the only administrator account on the computer. ANNDD silly me. I can’t remember it for the life of me. I have one account that is unlocked and I can get into but you can’t do crap in it because the password is required if you want to download anything. Suggestions??

  22. Bob says:

    Kon-Boot is not a freeware now. I prefer to use PCUnlocker and Ophcrack.

  23. Rob says:

    Windows XP Professional: Logging on in Safemode allowed me to reset the Adminstrator password via the control panel–yippeee, thanks!

Please share your thoughts in a comment!

Login

Lost your password?