Passwares program, Windows Key, is an unusual offering. Like most of their software, it is used not for strengthening security, but for bypassing it. Surely this means that such a program is malicious and likely filled with malware in order to get the job done, right? Not at all. It may be a niche market but such programs do have valid and very helpful uses. I obviously can’t think of every situation but the one that comes to my mind first is something I have experienced myself.
You see, I’m that geek which my family and friends turn to in order to fix their computers for free. Occasionally they will drop off their PC but forget to tell me their Windows login password. Normally when I start working on a computer I start by removing the hard drive then attaching it to mine to do a few Virus scans followed by a full backup.
This can take a couple of hours to finish and by the time I reattach it and try booting up their PC it is sometimes too late to call them and ask for the password. Rather than delaying my work and increasing the amount of time they are left without the computer, I was able to use software like this to bypass the issue all together.
Not only was it helpful in allowing me to continue my work but it can also be pretty funny when you tell them you didn’t know their windows login password and so you had to reset it to get on and do your work. There are of course many other situations where it is not used maliciously. That being said the program is a duel edged blade and could easily be used by those more malicious in nature who have physical access to a PC.
How does the program work though? To start off you’ll need a computer you DO have the password for, eg your own. You can grab the installer from the website. It’s about 54 MB in size.
The install process is standard with no real options to watch out for but there is an ‘Opt-In’ email newsletter service you can sign up for. I think that was a great choice by the developers! In a world that is mostly ‘Opt-Out’ it was refreshing to find.
As you may have noticed from the screenshots, the name of the package is a little different from how it is labeled on their website HERE. The package they give you in the download is actually the demo version of the Password Recovery Kit. The ‘Windows Key‘ disc creation software is integrated within this program but it can be purchased for a much lower price of $39 if that is the only functionality you need. We’ll take a closer look at what else the Password Recovery Kit has to offer in a separate review. For the purposes of this review we’ll focus on the Windows Key aspect of its functionality.
I think the primary screen is rather simple, particularly for our purpose. The only option we currently need to worry about is ‘Reset Windows Administrator Password’.
When you select this option a wizard will open to help guide you through the process. On the left is a small area which reminds me of the “Windows XP” interface. Starting with the ‘Actions’ section you’ll see two options that can be useful. The first ‘Step-by-step-guide’ will open the Help file to the relevant section. The second, ‘Request ISO image’ will open a link in your browser which will allow you to ask for a pre-made image you can download and burn.
Below the ‘Actions’ section there is a ‘Details’ area with instructions on how to begin the manual image creation process. In order to continue with this you’ll need a copy of a Windows install disc. As many computers purchased from OEM companies don’t come with one these days I was surprised to see there was no mention of the Windows PE available through WAIK and ADK. While this would certainly make the instructions more complex (and likely confusing for most home users) it could still be a viable alternative and one I might suggest the developers consider adding support for if they haven’t already thought about it.
As I did have a disc on hand I loaded it and selected the appropriate boot.wim. I also added a small ‘Test’ password.
If the computer you intend to run the disc on requires any particular drivers not normally included in Windows you may add them just below by selecting the appropriate files.
If you have previously created or have downloaded the ISO image you may select the final option to locate and begin recording the Password Reset Image. When you are done selecting everything you need you can hit ‘next’ to continue.
The Step 2 page allows you to select the location. As this was my first time creating an image I chose to save it as an iso that I could easily boot from inside of a Virtual Machine. You may also burn it to a disc or create a bootable flash drive.
Steps 3 and 4 don’t require input and will show the progress and results of the process.
Once you have a disc or drive prepared it’s time to put it to use. For my tests I used the same Operating System that I had created the image on. One important thing to note with the demo version is that it will only reset the password of ‘Demo12345’ so I had changed it to this prior to rebooting the system. After loading the disc you’ll be greeted by a small program window to help guide you through the process once again. As I had set a ‘Test’ password during creation I was required to input it before I was able to continue.
Once you have entered the password for the bootable media or if you have not set one you will see the program search for all supported Windows installations. If the PC has more than one installation they will be listed here and you may select the appropriate one.
Next we’ll see the Accounts page where we can select the needed account. After selecting the account you wish to reset you will be shown a small review section. There’s an important note here that you should consider before continuing. If the user has any files encrypted with Windows EFS they will not be accessible.
If you are willing to risk losing encrypted documents are sure there are none, then you may continue and the program will quickly execute the process and remove the existing password for the account.
After that is completed the only thing left to do was to remove the disc and reboot to find out if it had actually worked. My test was flawless and the system booted right into the user account without requiring a password or experiencing any issues.
The version I tested was ‘Windows Key‘ which is only able to reset the local Administrator passwords though there are two other types available. These are ‘Windows Key Professional‘ and ‘Windows Key Enterprise‘. The pro version adds support for Windows Server editions 2003 through 2013 along with the ability to reset other local accounts including Live ID. The Enterprise edition adds upon the Pro version by including the ability to reset Domain Administrator passwords as well.
The system requirements are:
1) Microsoft Windows Vista, Server 2003/2008/2012, or Windows 7/8
2) 1 GHz processor
3) 512 MB of RAM
4) 150 MB of free hard disk space
Conclusion and final thoughts:
For resetting the password of a Windows account it doesn’t get much simpler than this. While it certainly seems geared for use by home and small business owners it could still be useful in a corporate environment so it’s good to see that they have different versions available for each group.
The EFS files issue could be a problem for some people but as Windows normally prompts you to backup the certificate when activated I don’t think it’s a show stopper even if EFS was used and you have access to this backup. It should still be kept in mind before using this type of reset though.
Considering how the rest of the Password Recovery Kit works I’m surprised they haven’t created a disc option to allow brute forcing the Windows Account password in a fashion similar to ophcrack rather than just resetting it. While a reset is much faster and would likely be used more often, it would still be a nice ability to have for those users who might have EFS encrypted documents but are unsure about having a cert backup.
Easy to use step-by-step wizard
Quick and effective
No support for WinPE from WAIK or ADK on the version I tested.