If you work with Windows servers, you will eventually lock yourself out of the server by forgetting the administrator password. There are a few different ways to reset the password but I have found the NTPasswd utility to be the most reliable. I have used the NTPasswd utility many times to reset the administrator password on Windows 2000 / XP and Server 2000/2003 machines and it came in handy just a few days ago.
Download the iso image filed from the bootdisk section of the web site and burn it to a CD. They also have a floppy disk version if you still have one of those. There are even instructions how to use a USB key to boot from. Boot the system from CD / floppy and it will load a Linux kernel. Don’t get scared if you don’t know Linux. It is completely menu driven and for most machines all you’ll have to do is press enter a few times.
It works by mounting the hard drive and accessing the password hash file directly. This utility does not work on Windows dynamic drives such as those drive with software mirroring. Also any file with EFS protection will not be recoverable since it is encrypted using the original password. The CD has many drivers for hard drive controller cards and you can even load a third party driver from USB key / floppy if they ones on the CD don’t work. Once the drive has been mounted the menu will prompt you to choose the windows hash file location. The default is already select and most cases you will accept the default. The menu will prompt you to choose the local account you want to change the password for. You will most likely choose the administrator account. At this point you can set the password to something or set it to blank. It is recommended to set it to blank. After you do this you must remember to save the changes to the hard drive.
Reboot the system and let it boot into Windows and log in as administrator.