تیم نرم افزاری پایگاه سایبری استان خوزستان

محلی عمومی برای انتقال دانش برنامه نویسی

تیم نرم افزاری پایگاه سایبری استان خوزستان

محلی عمومی برای انتقال دانش برنامه نویسی

تیم نرم افزاری پایگاه سایبری استان خوزستان کانال رسمی تلگرام پایگاه سایبری استان خوزستان

جهت بیان هرگونه سوال و یا دیدگاه می توانید از کاربری تلگرام زیر استفاده نمایید
Telegram: @saiber89

آپ پیسی نام گروه نرم افزاری ماست که قصد داریم در خدمت جامعه خود با رویکرد انتقال دانش برنامه نویسی و رفع مشکلات شما در ضمینه های برنامه نویسی باشیم ./

آخرین نظرات
نویسندگان

How do I remove a syskey password on Windows 7, 8, and 10 without any software?

چهارشنبه, ۸ فروردين ۱۳۹۷، ۰۴:۴۴ ب.ظ | افسر سایبری | ۰ نظر
5 Answers

You can try below steps:-

1. Boot from windows 7 install cd.

2. When the Install Windows page appears, click Repair your computer to access system recovery options.

3. Run System Restore to last point before syskey password blocked access. (This will fail, but must be done). Click run system restore again (this will take you back to the options list)

4. Open Command Prompt from the options list.

5. Open Regedit (Type regedit into the command prompt). Regedit will open.

6. Navigate to: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa, and change 'SecureBoot' value to 0.

7. HKEY_LOCAL_MACHINE \SAM\SAM\Domains\Account Change F value to 0000

8. Reboot and Login


Removing Syskey startup password in Windows

There are four ways to remove the Syskey startup password: -

  • Using Windows default backup to restore the original Syskey configuration
  • Using third party Syskey removal tools to clear the Syskey startup password
  • Using registry key to disable Syskey startup password
  • Reinstalling Windows without losing any data

Using Windows default backup to remove the Syskey password

Depending on triggers and settings, Windows automatically takes the backup of critical system files including registry hives. During the backup, configuration files and registry hives which control the boot process and authenticate the login process are copied in Windows\System32\config\RegBack folder from Windows\System32\config folder.

Following figure shows RegBack folder without backup

Following figure shows RegBack folder with backup

Have you noticed any difference between both figures?

In first figure, which shows RegBack folder without backup, files are empty while in second figure, which shows RegBack folder with backup, files are not empty.

By looking at file size, we can easily figure out whether the backup is taken or not. If files are empty (0 kb in size) or no files are available in this folder then backup is not taken. If backup is taken, Syskey can be removed easily without using any third party tools or harming any Windows files.

Before we learn how to restore original Syskey configuration back from this folder, let’s quickly understand how Windows default backup is triggered and which settings control it.

To explain following topic I used a separate system in which Syskey startup password is not set.

Understanding Windows default backup

By default Windows default backup is triggered on a scheduled time, but it can also be triggered when system files are changed. When a scheduled backup is performed, it is known as “Last known good configuration”. When a backup is performed before change in system files, it is known as “Restore point”. Both backup are same. The only difference between them is the timing. First is a scheduled type backup while second is as per requirement type backup.

Settings which control the Scheduled Backup

Scheduled backup is triggered from Task Scheduler. Task Scheduler is available at

  1. Control Panel => System and Security => Administrative Tools
  2.  

To check the configuration of scheduled backup in Task Scheduler, open it and navigate to Registry from left pane.

Once Registry hive is selected in left pane, all control and inform options would be displayed in right pane.

In Right pane check the Last Run Time, it should be recent time. If require, you may adjust the trigger time from Triggers and Settings options. You can also run this backup immediately from Run option available in right pane.

Settings which control Restore Point Backup

Restore point settings are available in System Properties. To access System Properties: -

  • In XP and Windows 7, click Start button select Computer and do right click. In Right click context menu click Properties.
  • In Windows 8, select This PC from Start screen and do right click and click Properties from available options.
  • In Windows 10, search About your Pc or Create Restore Point and click the Settings or create restore point respectively.

In System properties, switch to System Protection tab. In Protection Settings, check the Protection field status for Windows partition, it must be on. If it is off, turn it on from Configure option.

Once protection is on, restore point will be created automatically whenever it is required by an application or Windows. We can also create a manual restore point from here. To create it, click Create button and fill the name of restore point and click Create.

Key points

  • By default, Syskey is enabled and stored in Windows\system32\config folder without startup password as a part of Windows.
  • If Windows default backup is taken, the file which stores Syskey without password as a part of Windows will be copied in Windows\system32\config\RegBack folder with other files.
  • When a scammer sets Syskey startup password, only the file which is stored Windows\system32\config folder is changed.
  • The file which is stored in Windows\system32\config\RegBack folder remains unchanged. It still contains the Syskey without startup password.
  • If file from RegBack folder is copied back in config folder, modified file will be replaced with original file.
  • Once original file is restored, Syskey startup password will be removed automatically. As it was set in modified file not in original file and modified file has been replaced with original file.

Restoring original Syskey configuration back from RegBack folder

We have three options to restore the original files back from RegBack folder to config folder.

  • Through Advance Recovery options
  • Through Windows installation disk
  • Through Ubuntu installation disk

Through Advance Recovery options

From version 8.1, Windows has replaced existing recovery console with advance recovery options. Advance recovery options provide several enhanced features and tools for maintenance purpose including command prompt. Through the command prompt, we can easily restore the original files back in config folder. Since command prompt is provided by installed Windows, it would be accessible only after proper authentication with administrative privilege.

To remove Syskey through advance recovery options use following steps: -

When Windows asks for Syskey startup password, do not click any option, just power off the system. Now start the system again, if Windows presents Syskey startup password screen, repeat the same process again until Windows shows following screen.

Once self diagnosing is finished, Windows will start Automatic Repair wizard for further troubleshooting. Click Advanced options

Click Troubleshoot option

Click Advanced options

Click Command Prompt

At this point, if administrator account is not enabled, Wizard will display following error.

Clicking Forgot your password or don’t see your account? link provides more information about why we are not allowed to the access the command prompt.

Sadly from version 8.1, default administrator account is disabled. But if require, it can be enabled with following command.

To learn this option, let’s assume that either default administrator account was enabled or an additional user account with administrator privilege was created before the Windows get locked.

If wizard finds any enabled administrator account, it will further check whether it is password protected or not. If it is password protected, wizard will authenticate it with correct password before displaying command prompt. If it not protected with password, clicking Command prompt will bring the command prompt.

If you are unable to access command prompt from this method, this method will not work for you. Use next method which does not require administrative authentication to start command prompt.

If you are able to access command prompt, run following commands to restore the backup files from RegBack folder

Command

Description

cd Windows\System32\config\RegBack

To move in RegBack folder

dir

To check the size of files.

copy * ..\*

To copy all files from this folder to config folder

Now close the command prompt and restart the Windows. If Windows boots normally and user login screen appears, syskey password has been removed successfully.

Through Windows installation disk

Boot system with Windows installation disk and click Next on Language and preferences screen.

On next screen click Repair your computer instead of Install Now.

On next screen choose Troubleshoot option and in Troubleshoot option screen click Advanced Options to launch the command prompt.

Since in this method command prompt is provided by installation disk instead of installed Windows, administrative authentication is not required. But at the same time, in order to restore the files, we have to figure out the partition in which Windows is installed. If you know the partition in which Windows is installed, switch to that partition. But if you do not know in which partition Windows is installed, check all available partitions in hard disk.

To learn the disk layout, we can use logicaldisk get caption command. This command prints all used drive letters from partition table. Once we know the used drive letters, reset can be done with dir command.

Use dir command to list each partition listed in partition scheme (starting from C:) to figure out the Windows partition.

Once Windows partition is located, we can copy the files from RegBack folder to config folder by following the same commands which we used in first option.

Now remove the installation disk and restart the system. If Windows boots normally and login screen appears, syskey password has been removed successfully.

Removing Sykey startup password from Ubuntu

Boot system with Ubuntu installation disk and select Try Ubuntu. This option will run Ubuntu from installation disk without installing anything in hard disk.

Once Ubuntu is loaded, click Files icon

Click Windows partition in left pane, if Windows was properly shutdown, Ubuntu will mount the partition and display it in right pane.

If Windows was not properly shutdown or turned off in hibernate condition, Ubuntu will not be able to mount the partition. If mount process fails, some additional steps need to be performed at command prompt which I will explain shortly in next section. At this moment let’s assume that Windows was properly shutdown and Ubuntu is able to mount the partition.

In right pane, navigate to config folder. In config folder select RegBack folder and do right click. In right click menu click Open in New Tab.

Depending on settings, failed boot process may trigger Windows default backup. If you have made several failed attempts to boot the Windows, you may see additional log files here. Remove all additional log files from this folder.

Once additional files are removed, copy the original backup files.

Paste copied files in config folder

Confirm the replacement

Once all files are replaced, remove the installation disk and restart the system.

If system was powered off without shutting down the Windows, above process will not work with following error.

Mounting a hibernated Windows partition

A hibernated, crashed or corrupted Windows partition need to be clean before it can be mounted. To clean and mount it, use following steps: -

Access Terminal

And run following commands

sudo /bin/bash

Administrative privilege is required to perform this task. This command is used to get the administrative privilege.

mkdir /media/disk

This command creates a directory which we will use to mount the Windows partition.

fdisk –l

This command lists all partitions from all attached hard disks. Note down the device path (Windows partition) for next commands.

Once device path (Windows partition) is located, use following commands to clean and mount it.

ntfsfix /dev/sda1

This command will remove hibernate state and clean the Windows partition.

mount –t ntfs-3g /dev/sda1 /media/disk –o force

This command will mount the Windows partition in /media/disk directory.

cd /media/disk

This command will change directory to /media/disk

ls

This command will list all data from directory (partition).

Now use following commands to copy backup files from RegBack folder to config folder.

cd Windows/system32/config/RegBack

This command will change directory to RegBack folder

ls

This command will list all data from RegBack folder.

rm *.*

This command will remove any additional log files

cp * /media/disk/Windows/System32/config

This command will copy all files from RegBack folder to config folder.

exit

This command will close the terminal

Once all files are restored, shutdown the Ubuntu.

Now remove the Ubuntu installation disk and restart the system to confirm the removal of Syskey.

Syskey can be removed from RegBack folder only if Windows default backup is taken. But if Windows default backup is not available or scammer has deleted all files from RegBack folder then above methods will not work. In that case we have only three options left; user third party Syskey recovery tool, change registry key or reinstall the Windows. Unless you have technical knowledge, do not use these options. These options are only for advanced users.

Using third party Syskey removal tools to clear the Syskey

There are several third party Syskey removal tools available. Some are version specific while others are universal. Which tool should you use is completely depend on situation and your personal choice. Regardless which tool you select, use it with additional care only after reading all related documents carefully, because Microsoft neither recommends nor provides any support for damage in Windows causing by any third party tool. More information about this policy is available at following URL

https://support.microsoft.com/en...

In order to understand how third party tools are used to remove Syskey, let’s take an example. This example tool is based on open source Linux script. It can remove Syskey from Windows XP.

Don’t use this script to remove Syskey from other Windows, which is higher than XP in version such as Windows7, 8.1 or 10. This script supports only Windows XP or Windows which is lower than or equal to Windows XP in version.

Download following script and extract it

Linux script to remove syskey

It contains a bootable ISO image file.

To boot system form this image, we have to burn this ISO image in a disk. You can use any freeware ISO burner software for this purpose such as

Downloads " InfraRecorder

Or

Free ISO Burner

Once bootable disk is prepared, boot the system with this disk.

Script makes a quick scan of hard disk and returns with all available Windows partitions. Unless we have dual installation, there should be only one Windows partition.

Type the Windows partition number (Most probably one, or see the returned result for appropriate number) and press Enter

In next step script needs registry files path. Usually it automatically selects the correct registry files path but if not, set it toWindows/System32/config.

Type 1 and press Enter key

Type 2 and press Enter

Type y and press Enter. This will disable the Syskey.

Type q and press Enter to return in previous menu

So far nothing is changed in disk. Script asks for final confirmation before it writes the change in disk. Type y and press Enter to confirm the action.

Finally type n and press Enter key to close the script.

Now remove the disk and reboot the system. Syskey has been removed.

Changing registry key to remove the Syskey

In boot process, Windows reads following registry keys to determine the Syskey state.

Key

Configuration

Default Value

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa

SecureBoot

0

HKEY_LOCAL_MACHINE \SAM\SAM\Domains\Account

F

0000

When Syskey is implemented, default values of above keys are changed. If we reset the default values again, Syskey will be removed.

In order to change the registry key we have to access the command prompt. I have already explained how to access it in Windows 8.1 and in Windows 10, so let’s use Windows 7 this time.

Boot system with Windows 7 installation disk and click Next on language preference screen. On next screen click Repair your computer instead of Install now

This will scan all attached hard disks for Windows partition. If any partition with Windows installation is found, it will be listed in System Recovery options wizard at next screen.

Select Restore your computer using a system image that you created earlier and click Next.

Since we did not provide any system image, wizard will fail to locate to it. Click Cancel two times to close the wizard.

This will bring System Recovery Options wizard again. But this time it has more options to recover the Windows. Click Command Prompt.

Now locate Windows partition and move in it. In Windows partition, switch to Windows directory and run regedit.exe command to open the registry editor.

I have already explained how logicaldisk get caption command can help us in finding Windows partition. If require, you can take the help of this command. The regedit.exe command will works only if it is executed from Windows folder of Windows partition. Windows partition is the partition of hard disk where Windows is installed.

In Registry Editor, navigate to following key in left pane

  1. Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
  2.  

In right pane, select SecureBoot and double click to open it.

Change value data to 0 and click OK

Now navigate to following key in left pane.

  1. Computer\HKEY_LOCAL_MACHINE\SAM\SAM\Account
  2.  

In right pane, select F key and double click to open it.

Change value data to 0000 and click OK.

Now remove the installation disk and close the Registry editor and click Restart

Since Syskey has been removed, Windows will boot normally and present login screen.

I have explained all possible methods of removing Syskey without reinstalling the Windows. If nothing works for you, consider reinstalling the Windows. Instead of paying ransom money to a scammer, it’s always good to get a local technician from same money. He will reinstall and reactivate the Windows on a very nominal charge.

Sanjay

There are three ways to remove the Syskey startup password: -

  • Using Windows default backup to restore the original Syskey configuration
  • Using third party Syskey removal tools to clear the Syskey startup password
  • Using registry key to disable Syskey startup password

For first method boot system with external boot disk and copy all files from Windows\system32\config\Regback folder to Windows\system32\config folder.

For second method use Offline Windows password and Registry editor tool.

For third method, change following registry key values

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa [SecureBoot]

set it to 0

HKEY_LOCAL_MACHINE \SAM\SAM\Domains\Account [F]

set it to 0000

For step by step instruction with screen shot of these methods see this tutorial

پاسخگویی رایگان به سوالات کاربران

انتشار در واتساپ

*****

انتشار در تلگرام


/h2>

  • افسر سایبری

password

reset

syskey

نظرات  (۰)

هیچ نظری هنوز ثبت نشده است

ارسال نظر

کاربران بیان میتوانند بدون نیاز به تأیید، نظرات خود را ارسال کنند.
اگر قبلا در بیان ثبت نام کرده اید لطفا ابتدا وارد شوید، در غیر این صورت می توانید ثبت نام کنید.
شما میتوانید از این تگهای html استفاده کنید:
<b> یا <strong>، <em> یا <i>، <u>، <strike> یا <s>، <sup>، <sub>، <blockquote>، <code>، <pre>، <hr>، <br>، <p>، <a href="" title="">، <span style="">، <div align="">
تجدید کد امنیتی