Te diría que me voy a coger la capa, el turbante y la bola de cristal para adivinar tu windows, pero...
Hoy es hoy.
Changing lost Admin Passphrase on Windows 7 Bitlocker encrypted drives
I don’t know what happened, but a customer of mine forgot the Admin account passphrase. Maybe forgot was not the right way to put it, as the one it should have been did not work anymore. My best guess was my customer changed it himself and couldn’t remember. But saying that out loud would be treason so I just kept my mouth shut and was looking for a way to reset the passphrase. Something that turned out to be a nightmare as my customer did not make a recovery cd.
First try – WinPE
My first try was looking at Serverfault . I will spare you the details. It did not work. manage-bde.wsf seems to have been replaced by manage-bde.exe and it’s documentation on Microsoft’s side is just wrong. After figuring out how to use this tool correctly it did not work. Output: invalid key. So there I have the one bitlocker key for the computer on one usb stick. Booting the computer with it works so it has to be the right key. “Try using the recovery key” you’d say? Wrong! Invalid key!
Solution – Windows registry
So here is the solution. You need:
Another Windows 7 computer (I am using Win7 Professional) with the HD of the windows machine we need to reset the passphrase of (called affected hd in the future)
Open cmd as Administrator and start regedit with System Account Security Context: Psexec.exe –s –i regedit.exe
Browse to HKLM
Click on File -> Open Hive
Select SAM: <affected hd>\%windir%\system32\config\SAM
Select: Name of Hive -> SAM -> Domains -> Account -> User -> Names -> Administrator
Look at the value of the single entry and navigate to the appropriate registry Key with the same value in the parent directory
Edit the F Key
On position 0038 change “11” to “10”
Double check for errors before clicking OK
Shutdown, remove HD and insert it into the computer it belongs to
Change your account’s passwords
You see a new user called “Administrator”. Click it
Logging in takes place
Open Userpreferences and change your user’s passphrase
Login with your normal admin user to test if everything worked fine
If it did, disable Administrator again
Disable Administrator account
Double click on Users -> Administrator
Check “Disable Account”
Check if Administrator Account is still visible
It isn’t? Great, you are done
It is? You did a mistake. Check all steps for possible errors.
These steps take only 30 minutes to accomplish. It’s easy to do. What’s difficult is finding the right path. Documentation tends to be very bad on closed source products. Especially Microsoft’s documentation available online is really really bad. If there is something Microsoft should learn from companies like Red Hat it’s how to write helpful documentation and bring it online. I really don’t care about two hundred ways to get pricey licenses for being an official Microsoft representative. I need good online documentation to avoid using bad documented tools not suitable for the job.
¿Qué no te sirve?