The other day I was setting up a new computer for a residential user. I asked him to create a password for his windows Profile, and he dutifully typed and retyped the password. (I prefer to let the client type in their own password so they can keep this information confidential if they prefer.) After several configuration changes I restarted the computer. I asked him to log in with his new password, but it would not work. After we had both tried several times, I suggested perhaps the Caps lock had been turned on on the keyboard at the time he first set the password, and we tried it that way. That didn’t work either. Unfortunately, I had not yet enabled the hidden administrator account on the machine, so there was no other account available to allow us access to the machine. So we agreed the only option left was to restore the computer to factory defaults and start over. (It’s possible I could have booted to a CD or flash drive with a password editing program and changed the password that way, but I didn’t have that type of utility with me that day.) Fortunately we had not made too many changes, so it did not take too long to get back to where we had been before this mishap occurred. (Literally seconds after I started the irreversible restoration, the client offered the information that he had used the keypad to enter the number part of his password. It was then that I understood that the num lock button had not been engaged when he had originally entered the password, but that he had engaged it when he tried to login after the restart.)
The point of all this is that if I had enabled the hidden administrator account before doing anything else, we would have had a way to reset his password and get back into his profile. Lesson learned. From now on I will always enable the hidden administrator account before doing anything else on a new system.
Here is how to do that from any Windows profile.
Open a command prompt as a system administrator. Type the command:
Net user administrator /active:yes
You should receive a message that the action was successful. At this point the admin account does not have a password. As the tech configuring the machine, in the future I will always set the admin password myself, using a password approved by the client. That way there is a backup account, even if the client makes a mistake while setting her password, or simply forgets her password.