You are on page 1of 21

Please purchase PDFcamp Printer on to remove this watermark.

Forgot the Administrator password - Alternate

Method - The LOGON.SCR trick
This is another trick that will easily work in Windows NT 4.0 and some versions
of Windows 2000. The principal is that you need to install a second instance of
your OS to your HD, then manipulate the default screen saver (the one that's
used if you don't move your mouse while the CTRL-ALT-DEL box appears) for
the original OS.

For free 3rd party tools read Forgot the Administrator's Password?.

Update: You can also discuss these topics on the dedicated Forgot Admin
Password Forum.

Windows Server 2003 Domain Admin password

This tip will NOT work for Windows Server 2003. This is because of changes in the service
account with which the process runs. In Windows 2000 it was run in the Local SYSTEM
account (LSA) privileges, while in Windows Server 2003 it is run with the LOCAL SERVICE
account, thus resulting in far less privileges than it used to have in W2K and NT 4.0. The
reason 2 new account have been introduced in 2003 is that SYSTEM Account has way too
many power over the system and the system could be compromised by exploiting almost
any system service. The Microsoft's solution was to introduce 2 less powerful accounts
(LOCAL SERVICE and NETWORK SERVICE) and make some services run in the context
of those accounts instead of LSA.

To successfully reset the Domain Admin password on Windows Server 2003 Active
Directory please read the Forgot the Administrator's Password? - Reset Domain Admin
Password in Windows Server 2003 AD page.

Windows 2000 Domain Admin password

To successfully reset the Domain Admin password on Windows 2000 Active Directory
please read the Forgot the Administrator's Password? - Reset Domain Admin Password in
Windows 2000 AD page.

The LOGON.SCR trick

Please purchase PDFcamp Printer on to remove this watermark.

To successfully reset the local administrator's password on Windows NT and

some versions of Windows 2000 follow these steps:

1. Install an alternate copy of Windows NT or Windows 2000.

You must install this instance of NT/2000 on a different folder

than WINNT, otherwise you'll end up with the same bad situation.
Use ALTWINNT for example.

It is best that you install the alternate instance of the OS into a

different partition than the one you have your original
installation. You'll delete this folder anyway, and it's best that you
just format that partition after you're done. Formatting the
partition will be much easier than deleting individual files and

Also, if you lost your password on NT - install a new instance of

NT, not Windows 2000, as doing so will ruin your old NT
installation (because of the difference between the NTFS
versions). Same goes for W2K, XP and Windows Server 2003.
Always install the same OS.

Note: On Windows NT 4.0 machines that were installed out-of-the-box you do

not have to install a fresh copy if you still have access as a regular user to the
system. E.g. if you can log-on as a regular, non-administrator user, you can still
manipulate the file's permissions. This is simply because NT's default
permissions are set for Everyone - Full Control. This is not true on
W2K/XP/2003 machines.
Another note: Reader Mike wrote:

In the article you mention installing the OS on top of the existing OS to do

the logon screensaver manipulation.

I wanted to mention that this can also be accomplished by removing the

hard drive, placing it as a slave on another computer (XP and W2K play
nicely) and then accessing the file system. Of course you need a second
computer, but for some folks it may be an easier solution.



That's correct, and it will work for you unless you converted the disk to a dynamic disk, on
the original OS. In that case you will no longer be able to boot the old OS, even if you do
manage to access the files from the other computer.
Please purchase PDFcamp Printer on to remove this watermark.

2. Boot the alternate install.

3. Use Control Panel/System/Startup (for NT) or Control
Panel/System/Advanced/Startup and Recovery for W2K to change the
default boot instance back to your original install.

Lamer note: If you don't do that you'll end up booting into the
alternate installation next time you turn on your computer. You
don't want that, do you?

4. Open Explorer. Browse to your original Windows NT/2000 folder, navigate

to the %systemroot%\System32 sub-folder.

Lamer note: %systemroot% is a system variable used to point to

the folder where NT/2000 is installed, usually \WINNT in NT/2000,
or \WINDOWS in XP/2003.

5. Save a copy of LOGON.SCR, the default logon screen saver, anywhere

you like. Just remember where you've placed it. You can also just rename
the file to something you'll remember later, I user LOGON.SC1.

Lamer note: To rename a file use the REN command in the

Command Prompt window, or just select the file in Windows
Explorer and press F2.

6. Delete the original LOGON.SCR from the %systemroot%\System32 sub-

folder. It is not necessary to delete the file if you renamed it, you can
leave it there.

Note: You might not be able to delete the LOGON.SCR file

because of permission settings. Regular users can only read and
execute the file, not delete it. If that is the case (and it is in W2K,
XP and Windows Server 2003) then you need to take ownership of
the file and give the EVERYONE group FULL CONTROL

Lamer note: In order to take ownership of a file right-click it,

select Properties, select the Security tab, click Advanced, and then
click on the Owner tab. Select one of the users found in the list,
click ok all the way out.

In order to change the LOGON.SCR permissions follow the

previous instructions, in the Security tab click Add and browse to
the Everyone group. Add it and make sure you give it Full Control.
Click Ok all the way out.

7. Make a copy CMD.EXE in the %systemroot%\System32 sub-folder.

CMD.EXE is located in %systemroot%\system32.
Please purchase PDFcamp Printer on to remove this watermark.

Lamer note: In order to copy a file via GUI, select the file, right-
click and chose Copy, then go to the destination folder, right click
the folder name and select Paste. You can also use the keyboard
by typing CTRL-C to Copy, CTRL-V to Paste.

8. Rename the copy of CMD.EXE to LOGON.SCR.

Lamer note: See step #5.

9. Shutdown and restart your computer. Boot into the original install.
10. Wait for the logon screen saver to initiate - around 15 minutes. Oh, and
no, do NOT move your mouse while you wait, duh...

After the screensaver is initiated, instead of running the normal

LOGON.SRC actual screensaver, it will run the renamed CMD.EXE
file (which is now called LOGON.SCR), and will actually open a
CMD prompt in the context of the local system account.

In step #7 you could have used EXPLORER.EXE instead of

CMD.EXE, and in that case a My Computer window will pop up.

Note: As noted earlier on this page, there is a way to make the

wait time shorter, but you'll need to dig into the Registry for that.

11. Open the CMD.EXE prompt (it should already be opened if you've used
CMD.EXE in step #7) and type:

net user administrator 123456

This will reset the local administrator (or domain admin if you are
doing this trick on a DC) password to 123456.

Lamer note: You can, of course, use ANY password you want...

12. Delete the LOGON.SCR from %systemroot%\System32.

13. Rename the saved default screen saver from step 5 back to LOGON.SCR.
14. If you wish to remove the alternate install:

• Delete its' folder.

• Edit c:\BOOT.INI and remove the alternate install's entries.

If you've used a different partition to install the alternate install

then now you can simply delete or format that partition if you
don't need it anymore, plus edit c:\BOOT.INI and remove the
alternate installation entries.
Please purchase PDFcamp Printer on to remove this watermark.

This trick has been tested a zillion times. Don't bother to tell me it doesn't work,
it does (for Windows NT and some versions of Windows 2000), and that's a fact.

Related articles

You may find these related articles of interest to you:

• Change Recovery Console Password

• Change User Password from a Remote Computer
• Change User Password from the Command Prompt
• Forgot the Administrator's Password?
• Forgot the Administrator's Password? - Reset Domain Admin Password in Windows
2000 AD
• Forgot the Administrator's Password? - Reset Domain Admin Password in Windows
Server 2003 AD
• Recover Protected Office Documents
• What's the Password Reset Disk in Windows XP?

How can I gain access to a Windows

NT/2000/XP/2003 computer if I forgot the
administrator's password? How can I reset the
administrator's password if I forgot it?
Ok, so you say you forgot your Windows administrator's password, huh? Oh
well, it doesn't really matter if you did or you just say you did. The fact is that
you need to gain access to a computer and you cannot "remember" the
administrator's password.

How can you get out of this situation without formatting and re-installing the
operating system?

One method of gaining access to the system is by trying hard to remember the forgotten
password, or a password of another user which has the same level of administrative rights.
However I don't think this approach will help you, otherwise you wouldn't be sitting here
reading article, would you?)

Another method is by trying to restore a backed up System State (in Windows

2000/XP/2003) or a ERD (in NT 4.0) in which you do remember the password.
The problem with doing so is that you'll probably lose all of the recently add
users and groups, and all the changed passwords for all of your users since the
Please purchase PDFcamp Printer on to remove this watermark.

last backup was made.

A third method might be to install a parallel operating system on a different partition on the
same computer, then use a simple trick to gain access to the old system. Read more about it
on my Forgot the Administrator's Password? - Alternate Logon Trick article.

Note: If you are looking for password cracking tools that can be used for
miscellaneous objectives such as password-protected PDF documents, zipped
archives, Office documents, BIOS protection and so on then this pages is NOT
for you. See some links at the bottom of this page for hints on where to find
such tools, but I can tell you right away that Google might be a better choice for

The fourth option is by using 3rd party tools that will enable you to reset the lost password
and logon with a blank password.

Update: You can also discuss these topics on the dedicated Forgot Admin
Password Forum.

Translations of this article

There are some translations made of this article. Here are the ones I am aware of (do tell me
if you know of another, or if you want to create one in your language):

• Portuguese - HERE is an excellent translation of this article into Portuguese (by

Bruno Koga - Thanks!)
• Serbian - HERE (by Aleksandar Stojilkovic - thanks!)
• Spanish - HERE (by Victor Pereyra - thanks!)

Free Tools

Here are some of these tools:

Free Windows password-cracking tools are usually Linux boot disks that have NT
file system (NTFS) drivers and software that will read the registry and rewrite
the password hashes for any account including the Administrators. This process
requires physical access to the console and an available floppy drive but it works
like a charm! I've done it myself several times with no glitch or problem
Beware!!! Resetting a user's or administrator's password on some systems (like Windows
XP) might cause data loss, especially EFS-encrypted files and saved passwords from within
Internet Explorer. To protect yourself against EFS-encrypted files loss you should always
export your Private and Public key, along with the keys for the Recovery Agent user. Please
Please purchase PDFcamp Printer on to remove this watermark.

read more about EFS on my What's EFS? page. Out of the following list, the only tool that
will no cause any harm to EFS-encrypted files on your hard disk is the Windows Password
recovery system.
Here are 5 of these free tools:

1. Windows Password recovery - Can retrieve forgotten admin and users' passwords in
minutes. Safest possible option, does not write anything to hard drive.
2. Petter Nordahl-Hagen's Offline NT Password & Registry Editor - A great
boot CD/Floppy that can reset the local administrator's password.
3. Openwall's John the Ripper - Good boot floppy with cracking capabilities.
4. EBCD – Emergency Boot CD - Bootable CD, intended for system recovery
in the case of software or hardware faults.
5. Austrumi - Bootable CD for recovering passwords and other cool tools.

If you happen to know about other free tools please let me know .
Note: These password resetting tools are usually good for local users on a stand alone
computer. For Domain Admin password resetting procedures please see the Related
Articles section at the bottom of this page.
Note: I'd like to put together all the info you have about these issues. If you
have any tips, recommended links or any ideas about how to figure out a lost
password - please e-mail me and I'll get back to you .

Windows Password recovery
This site provides a tool to recover lost Windows XP passwords. It works for
administrator and user accounts, it doesn't change the password just tells you
the old one. It works with encrypted files (EFS) and password hashes. It even
works if no passwords at all are known for the machine (as long as you have
another computer with internet access to view this website with).
Author claims it also works with Windows NT and Windows Server 2003 and
Windows Longhorn, but the BEST thing about it is the fact that it won't reset
your passwords, but simply reveal them for you to remember and then use.
Give it a try. The author would like to receive feedback. There is a free service
as well as a priority service that will retrieve your passwords within minutes. The
fee for the priority service is very cheap, and is really just to cover server costs.
Note: You'll need a blank floppy to run the process.
Update: Author now offers the same tool as a CD image for those of you who do
not have a floppy in their computer.

Usage, instructions and additional information can be found at

Offline NT Password & Registry Editor (v050303)

Please purchase PDFcamp Printer on to remove this watermark.

Petter Nordahl-Hagen has written a Windows NT/2000/XP offline password


• This is a utility to (re)set the password of any user that has a valid (local)
account on your Windows NT/2000/XP/2003 system, by modifying the
encrypted password in the registry's SAM file.
• You do not need to know the old password to set a new one.
• It works offline, that is, you have to shutdown your computer and boot
off a floppy disk or CD. The boot-disk includes stuff to access NTFS
partitions and scripts to glue the whole thing together.
• Works with syskey (no need to turn it off, but you can if you have lost
the key)
• Will detect and offer to unlock locked or disabled out user accounts!

Caution: If used on users that have EFS encrypted files, and the system is XP or
later service packs on W2K, all encrypted files for that user will be
UNREADABLE! and cannot be recovered unless you remember the old password
Download links:

• (~1.1MB) - Bootdisk image, date 050303.

• (~3MB) - Bootable CD image with same version and drivers
as floppies above
• - SCSI-drivers (050303) (only use newest drivers
with newest bootdisk, this one works with bd050303)

To write these images to a floppy disk you'll need RawWrite2 which is included in
the Bootdisk image download. To create the CD you just need to use your
favorite CD burning program and burn the .ISO file to CD.
Support and Problems? Don't call me! Talk to the creator of this great tool. He
also has a good FAQ set up covering most of the day-to-day questions. Read it
right HERE
Author claims that this tool was successfully tested on NT 3.51, NT 4, Windows 2000
(except datacenter), Windows XP (all versions) and Window Server 2003. Notice that it is
NOT compatible with Active Directory.
Need to change Windows NT/2000 Domain Admin password? This tool,
however useful, will only reset the local administrator's password (e.g. the one
found in the local computer's SAM). To reset a password of a domain
administrator (or any other user for that matter) you must perform the routine
that is described in the following page: Forgot the Administrator's Password? -
Reset Domain Admin Password in Windows 2000 AD.
Note: The above trick will probably not work under Windows Server 2003 due to service
account security changes. To work around these limitations please read the Forgot the
Administrator's Password? - Reset Domain Admin Password in Windows Server 2003 AD
Please purchase PDFcamp Printer on to remove this watermark.

John the Ripper (v1.6)

John the Ripper is a fast password cracker, currently available for many flavors
of Unix (11 are officially supported, not counting different architectures), DOS,
Win32, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix
passwords. Besides several crypt(3) password hash types most commonly found
on various Unix flavors, supported out of the box are Kerberos AFS and Windows
NT/2000/XP LM hashes, plus several more with contributed patches.
Download links:
John the Ripper 1.6 (768kb)

EBCD – Emergency Boot CD (v0.60)

EBCD is a bootable CD, intended for system recovery in the case of software or
hardware faults. It is able to create backup copies of normally working system
and restore system to saved state. It contains the best system software ever
created, properly compiled and configured for the maximum efficient use.
EBCD will be very useful when you need to:

• Copy/move files (with long names, not necessary in CP437 encoding)

from/to the disk but OS which can handle them (windows, Linux...)
cannot boot. In particular, you may create a backup copy of normally
installed and configured Windows and later restore Windows from such
backup copy. So, in the case of fault OS itself and all software and its
settings can be restored in 5-10 minutes.
• Perform emergency boot of Windows NT / 2000 / XP. When the loader of
this OS on the hard disk is damaged or misconfigured, you are able to
load OS using another, standalone loader from this CD.
• Recover master boot record of HDD. This allows to boot OS after
incorrect uninstallation of custom loader (LILO, for example), which made
all OS on your PC not bootable.
• Delete, move, copy to file (image) and re-create partition from file.
Image transfer over network is also supported: so you may configure one
PC and then make contents of hard disks of other PCs same as contents
of the hard disk of the first one.
• Change password of any user, including administrator of Windows
NT/2000/XP OS. You do not need to know the old password.
• Recover deleted file, even file re-deleted from Windows Recycle Bin, and,
in contrast, wipe single file or a whole disk so that it will be impossible to
recover it in any way.
• Recover data from accidentally formatted disk. Sometimes it helps to
recover data from the disk, damaged by a virus.
• Recover data from a floppy disk, which is not readable by OS. Format
3.5" disk for 1.7 Mb size.

Also the disk includes full set of external DOS commands, console versions of
the most popular archivers/compressors.
Moreover, emergency boot CD includes minimal Linux distribution (Rescue Linux
distribution) which may be very useful to a professional user.
Please purchase PDFcamp Printer on to remove this watermark.


Download links:
EBCD Pro distribution (18mb)
More download links: HERE, HERE, HERE, HERE and HERE. One of them has got to work,
and if not, please send me a note.

Austrumi (v0.9.2 - December 2004)

Austrumi is a Linux bootable ISO image for recovering NT passwords and other cool tools
and methods, sized for Business Card size CD media (50Mb). It allows you to change any
password, including that of the Administrator, on a partition occupied by Windows NT,
Windows 2000 or Windows XP. Simply boot the CD and when you get to the initial boot
prompt, type:

boot: nt_pass

This will launch a console utility that will detect Windows partitions on the hard disk and
provide you with a menu to modify any user or Administrator passwords on the Windows
system. It will even give access to the Windows registry for recovery purposes. Quite a
handy utility to keep in your wallet (AUSTRUMI is small enough to fit on a business card-size
CD) if you are unfortunate enough to having to deal with Windows machines in your line of
Download links:
Austrumi v0.9.2 (ISO file, 50.9mb)

Related articles

You may find these related articles of interest to you:

• Change Recovery Console Password

• Change User Password from a Remote Computer
• Change User Password from the Command Prompt
• Forgot the Administrator's Password? - Alternate Logon Trick
• Forgot the Administrator's Password? - Reset Domain Admin Password in Windows
2000 AD
• Forgot the Administrator's Password? - Reset Domain Admin Password in Windows
Server 2003 AD
• Recover Protected Office Documents
Please purchase PDFcamp Printer on to remove this watermark.

• What's the Password Reset Disk in Windows XP?


• You can also discuss these topics on the dedicated Forgot Admin
Password Forum.

Changing the Administrator password if you have forgotten it (Windows NT 4.0
Lost your Administrator password and need the ultimate hack? (Windows NT 4.0
Recover Lost Windows NT Administrator Password
Password Recovery Resources

Available Tools
Active Directory Replication Monitor: This utility graphically displays the
replication topology of connections between servers on the same site.
Active Directory Schema Manager: The Schema Manager is a Microsoft
Management Console (MMC) snap-in that allows you to view, modify, and
extend the Active Directory schema.
Adsizer: Active Directory Sizer - Estimates the hardware required for deploying
Active Directory in an organization.
ADSI Edit: ADSI Edit is a Microsoft Management Console (MMC) snap-in that
acts as a low-level editor for the Active Directory.
Add Users: This 32-bit administrative tool for Windows 2000 uses a comma-
delimited file to create, write, and delete user accounts.
Add Users to a Group: The UsrToGrp tool adds users to a local or global group
according to information in a user-specified input text file.
AuditPol: AuditPol is a command-line tool that enables the user to modify the
audit policy of the local computer or of any remote computer.
AutoExNT Service: AutoExNT Service allows you to start a batch file,
Autoexnt.bat, at boot time without having to log onto the computer on which it
will run.
Apimon: API Monitor - Monitors the API calls made by a process.
Appsec: Application Security Hotfix - Sets user permissions on a file-by-file basis
to lock down accessible applications.
Associate: This command-line tool enables you to register or unregister a file
name extension with the registry.
Batch File Wait: Sleep causes the computer to wait for a specified amount of
Browser Monitor: Browser Monitor is a GUI tool that monitors the status of
browsers on selected domains. Browsers are shown on a per-domain and per-
Please purchase PDFcamp Printer on to remove this watermark.

transport basis.
Browser Status: BrowStat is a general purpose, character-based browser
diagnostic tool. Use BrowStat to find out whether a browser is running and to
find active Microsoft Windows for Workgroups (WFW) browsers in Windows 2000
and Windows NT domains.
ChgPrint: Change Printer Utility - This tool assists network-administrators in
managing printer shares. mains.
Clipstor: This GUI tool manages multiple Clipboard text buffers. It allows you to
retrieve text from the Clipboard and store it in one of its buffers, and paste any
of its buffers to the Clipboard, with your mouse.
Clusrest: Cluster Quorum Restore Utility - Restores the quorum disk of a cluster,
which is not done by a restore process using NtBackup.
CompReg: A Win32 character-based/command-line "Registry DIFF" that enables
you to compare any two local or remote registry keys in Windows 2000,
Windows NT, and Windows 95/98.
Ctrlist: Counter List - Lists all objects and counters installed in the system for
the given language ID.
Cluster Verification Utility - Verifies that two-node cluster systems are set up
CustCon: Console Key Customizer - Custcon.exe is a Windows 2000 GUI tool
that is used to customize the extended line editing keys when using Cmd.exe
(Ntconsole). To enable new key settings, click the "Use Extended Edit Keys"
Defptr: Default Printer - Using this tool you can easily change your default
printer, switching between available network or local printers.
Delprof: User Profile Deletion Utility - This tool deletes user profiles on
computers running Windows 2000.
Delrp: Delete File and Reparse Points - Deletes a file or directory and any
associated NTFS reparse points.
Delsrv - Unregisters a service with the service control manager.
Dependency Walker: Dependency Walker is a graphical Win32 development tool
that scans any Win32 module (.exe, .dll, .ocx, .cpl, .scr, and .sys, among
others) and builds a hierarchical tree diagram of all dependent modules.
Dflayout: Compound File Layout User Tool - This layout tool for document files
enables you to optimize compound files for improved performance over low-
bandwidth networks, such as the Internet.
DH: Display Heap - Displays information about heap usage in a user-mode
process or pool usage in kernel-mode memory.
DHCPCMD: DHCP Administrator's Tool - This command-line tool provides an
auxiliary method of administering Dynamic Host Configuration Protocol (DHCP)
Dhcpexim: DHCP Database Export Import Tool - Exports a DHCP database and
server configuration from a server running Windows NT 4.0 Server or Windows
2000 Server for import into a destination DHCP server running Windows 2000.
DHCPLOC: DHCP Server Locator Utility - DHCP Server Locator Utility displays the
DHCP servers active on the subnet. If it detects any unauthorized DHCP servers,
it beeps and sends out alert messages.
DHCPOBJS: DHCP Objects - DHCP Objects allows you to automate DHCP Server
configuration. It also provides enhanced capabilites over the Dhcpcmd tool, such
as the ability to remove a DHCP lease.
Diruse: Directory Disk Usage - Displays information about a disk and the
contents of its partition table.
Please purchase PDFcamp Printer on to remove this watermark.

DSACLS: This tool facilitates management of access-control lists for directory

DSASTAT: This diagnostic tool compares and detects differences between
naming contexts on domain controllers.
Diskmap: Displays information about a disk and the contents of its partition
Diskpart: Diskpart Command Line Utility - Enables storage configuration from a
script, remote session, or other command prompt.
DiskProbe: DiskProbe is a sector editor for Windows 2000. It allows a user with
local Administrator rights to directly edit, save and copy data on the physical
hard drive that is not accessible in any other way.
DiskUse: DiskUse is a command-line tool that scans directories on a hard disk
and reports on space used by each user.
Dmdiag: Disk Manager Diagnostics - Saves disk volume configuration to a text
file and writes a signature to a disk partition.
DNSCMD: DNS Server Troubleshooting Tool - Dnscmd.exe is a command line
tool designed to assist administrators in DNS management.
DomMon: Domain Monitor - Domain Monitor monitors the status of servers in a
domain and the secure channel status to the domain controller and to domain
controllers in trusted domains.
Drivers: List Loaded Drivers - Displays information on installed device drivers,
their files, and their code.
Drmapsrv: Drive Share Hotfix - Automatically configures NET SHARE and NET
USE client drives for Terminal Services server access. Note: This download
includes only the hotfix for the utility, not the tool itself.
Dumpel: Dump Event Log - Dumps an event log to a tab-separated text file.
Dumpfsmos.cmd: Dump FSMO Roles - Dumps the Flexible Single Master
Operations roles.
Dureg: Registry Size Estimator - Shows how much data is stored in the registry,
or in any registry subtree, key, or subkey.
DxDiag: DirectX Diagnostic Tool - This tool presents information about the
components and drivers of the Microsoft DirectX application programming
interface installed on your system.
Efsinfo: Encrypting File System Information - Displays information about
encrypted files on NTFS partitions.
Exctrlst: Extensible Performance Counter List - Displays information on
extensible performance counter DLLs installed on a computer.
Extract.exe: Extract Cabinet - Extracts files from cabinet (.cab) files.
ExeType: Finding the Executable Type - ExeType is a command-line application
that identifies the operating system environment and processor required to run a
particular executable file.
Expand: File Expansion Utility - This command-line tool enables you to expand
files that have been compressed by Compress.exe .
FAZAM 2000: Reduced-Functionality Version - Extends Group Policy
management functionality of Windows 2000.
File Compress: This command-line tool can compress one or more files.
FileVer: This command-line tool examines the version resource structure of a file
or a directory of files on either a local or remote computer and displays
information on the versions of executable files such as .exe files and dynamic-
link libraries DLLs.
FindGrp: Find Group - This tool finds all direct and indirect group memberships
for a specified user in a domain.
Please purchase PDFcamp Printer on to remove this watermark.

FlopLock: Lock Floppy Disk Drives - FloppyLock is a service that controls access
to the floppy drives of a computer.
ForFiles: This command-line tool can be used in a batch file to select files in a
folder or tree for batch processing.
FreeDisk: This command-line tool checks a disk drive for free space, returning a
0 if the specified amount of free space is available and a 1 if it is not.
FtEdit: FT Registry Information Editor - FTEdit is a GUI tool that allows you to
create, edit, and delete fault tolerance sets for disk drives and partitions of local
and remote computers.
GetFlags: Global Flags Editor - GFlags is a GUI tool that enables a developer or
system administrator to edit the NtGlobalFlag settings for Windows 2000.
Getmac: GetMAC - Gets a computer's MAC (Ethernet) layer address and binding
Getsid: Get Security ID - Compares the security IDs of two user accounts.
GetType: GetType.exe is a command-line tool that allows you to detect what
type of Windows software (workstation, server or domain controller) is installed
on a computer.
Global: This command-line tool displays members of global groups on remote
servers or domains.
GrpCpy: Group Copy - This GUI tool enables users to copy the usernames in an
existing group to another group in the same or another domain or on a
computer running Windows 2000.
Gpotool: Group Policy Verification Tool - Allows administrators to check Group
Policy object integrity and monitor policy replication.
Gpresult: Group Policy Results - Displays information about the result Group
Policy has had on the current computer and logged-on user.
Guid2obj: GUID to Object - Maps a GUID to a distinguished name.
Heapmon: Enables user to view system heap information.
Hlscan: Hard link display tool - Displays hard links on an NTFS volume or in
specified files or directories of the volume.
Ifmember: Checks whether the current user is a member of a specified group.
IIS Migration Wizard: Migrates Web server configuration settings.
Installation Monitor: Tracks changes made by setup programs in the registry,
.INI files, and other child processes.
IntBind: Interrupt Affinity Tool - The Interrupt Affinity Tool is used on
multiprocessor systems to affinitize interrupts of disk or network adapters to one
or more processors.
Inuse: File-In-Use Replace Utility - Performs on-the-fly replacement of files
currently in use by the operating system.
Ipsecpol: Internet Protocol Security Policies Tool - Configures Internet Protocol
Security (IPSec) policies in the Directory Service, or in a local or remote registry.
Kerbtray: Kerberos Tray - Displays ticket information for a given computer
running the Kerberos protocol.
KernProf: Kernel Profiler - This command-line tool provides counters for and
profiles of various functions of the Windows 2000 kernel.
Kill: Task Killing Utility - Use this command-line tool to end one or more tasks or
processes. Use TLIST to find out the PID.
Klist: Kerberos List - Views and deletes the Kerberos tickets granted to the
current logon session.
KSetup: Kerberos Setup - KSetup is a command-line tool for configuring
Windows 2000 Professional to use an MIT-based Kerberos realm instead of a
Windows 2000 domain.
Please purchase PDFcamp Printer on to remove this watermark.

KTPass: Kerberos Keytab Setup - KtPass is a configuration tool for MIT Kerberos
interoperability that allows an Administrator to configure a non-Windows 2000
Kerberos service as a security principal in the Windows 2000 Active Directory.
Leakyapp: This GUI testing tool appropriates system memory to see how other
applications or the system as a whole runs in low-memory situations.
LDP: Active Directory Administration Tool - Ldp is a graphical tool that allows
users to perform Lightweight Directory Access Protocol (LDAP) operations, such
as connect, bind, search, modify, add, and delete, against any LDAP-compatible
directory, such as the Active Directory.
Link Check Wizard: Link Check Wizard scans all of the link (shortcut) files on
your system, and checks to see if the shortcut points to an existing application
or document.
LINKD: This command-line tool links an NTFS directory to a target object.
LIST: Text Display and Search Tool - This simple text display and search tool
lists the contents of a file. Unlike other text display tools, List is a good tool for
looking at large text or log files because it does not read the whole file into
memory when you open it.
LOCAL: This command-line tool displays members of local groups on remote
servers or domains.
LogEvent: Event Logging Utility - This tool enables you to make entries to the
Event Log on either a local or remote computer from the command prompt or a
batch file.
LogOff: The LogOff tool is used to log a user off from the command prompt.
LogTime: This command-line tool logs the start or finish of command-line
programs from a batch file. This can be useful for timing and tracking batch jobs
such as mail-address imports.
MemSnap: Memory Profiling Tool - This memory profiling tool takes a snapshot
of the memory resources being consumed by all running processes and writes
this information to a log file.
MoveTree: Active Directory Object Manager - Movetree.exe is a command line
tool that allows administrators to move Active Directory objects such as
organizational units, users or computers between domains in a single forest.
MUNGE: This command-line tool provides a convenient way to search for and
replace strings in a file or files.
NETAFX: Network Configuration Tool - This tool can be used to configure a
variety of network parameters from the command prompt.
NetCons: Net Connections - This GUI tool monitors and displays current net
connections, taking the place of the Windows command-line command net use.
NetCmd: NetCmd.exe is a command-line tool that opens a command prompt. It
automatically maps a UNC path to a drive letter. You can point to any folder in
Windows Explorer (or any common file dialog) and open up a command prompt
at that location.
Netdiag: Network Connectivity Tester - Helps isolate networking and
connectivity problems.
NetDom: Windows 2000 Domain Manager - This tool enables administrators to
manage Windows 2000 domains and trust relationships from the command line.
Netsvc: Command-line Service Controller - You can use NetSvc to remotely
start, stop, and query the status of services from the command line.
NetWatch - Net Watch shows which users are connected to shared folders. It
also enables you to disconnect users and un-share folders. It can now
simultaneously monitor multiple computers.
NLMon: This command-line tool can be used to list and test many aspects of
Please purchase PDFcamp Printer on to remove this watermark.

trust relationships.
NLTest: This command-line tool helps perform network administrative tasks.
Now: Echoes the current date and time plus any arguments passed to it.
NSS2DOC: This utility helps the Remote Storage product in Windows 2000
Server migrate documents stored in the native structured storage (NSS) format
to tertiary storage (tape). (Installd.cmd) - Installs a debug version of Startup Hardware
Detector used for troubleshooting hardware detection issues.
NTDSUTIL: Directory Services Management Tool - NtdsUtil performs database
maintenance of the Active Directory store, management and control of the
Floating Single Master Operations (FSMO), and cleaning up of metadata left
behind by abandoned domain controllers, those which are removed from the
network without being uninstalled.
NTRights: With this command-line tool, you can grant or revoke any Windows
2000 right to or from a user or group of users.
NTUUCODE: 32-Bit UUDecode and UUEncode Utility - You can use this 32-bit
GUI program to encode or decode files according to the UUEncoding standard.
Oh: Open Handles - Shows the handles of open windows, processes, or objects.
Oleview: OLE/COM Object Viewer - Browses, configures, and tests Microsoft
Component Object Model classes installed on a computer.
PassProp: This command-line tool can be used to set two domain policy flags:
whether passwords have to be complex and whether the administrator account
can be locked out.
Pathman: Path Manager - Adds or removes components of the system or user
PerfMetr: Performance Meter - This command-line tool displays text-based
information on the performance of a computer running Windows 2000.
PermCopy: This command-line tool copies share-level permissions (ACLs) from
one share to another.
Perms: File Access Permissions per User - Displays a user's access permissions
for a file or directory.
Pfmon: Page Fault Monitor - Lists the source and number of page faults
generated by an application's function calls.
PMON: Process Resource Monitor - PMon is a command-line tool that monitors
process resource usage, tracking CPU and memory usage.
Pstat: Process and Thread Status - Shows the status of all running processes
and threads.
PrintMig: Printer Migrator - This printer configuration tool allows you to back up
or migrate any print server on which you have administrative rights.
PTree: Process Tree - Process Tree allows you to query the process inheritance
tree and kill processes on local or remote computers.
PPTP Ping - Point-to-Point Tunneling Protocol Ping Tools - Pptpclnt.exe and
Pptpsrv.exe are tools that work in unison to verify that the required protocol and
port for Point-to-Point Tunneling Protocol (PPTP) is being routed from a PPTP
client to a PPTP server or vice-versa.
Pulist: Lists processes running on local or remote computers.
PViewer: Process Viewer - Process Viewer is a Windows-based tool that displays
information about a running process and allows you to stop (kill) processes and
change process priority.
Qslice: CPU Usage by Processes - Shows the percentage of total CPU usage per
RASList: This command-line tool displays Remote Access Service (RAS) server
Please purchase PDFcamp Printer on to remove this watermark.

announces from a network.

RASMon: You can use this tool to monitor your Remote Access Service.
RASUsers: Enumerating Remote Access Users - RasUsers lets you list for a
domain or a server all user accounts that have been granted permission to dial
in to the network via Remote Access Service (RAS).
Rdpclip: File Copy Hotfix - Copies files between Terminal Services server and
REG: This tool enables you to add, change, delete, search, backup, restore, and
perform other operations on registry entries from the command prompt or a
batch file. It can be used on both local and remote computers. Note: This
version of REG is in fact version 1.10 from the NT4 Resource Kit. It works with
Windows 2000 but is not the version 2 that comes with the 2000 Reskit and is
very much updated and with differing syntax to version 1.10, nor is it the
version 3 that comes bundled with Windows XP (Thanks Pete!)
REGBack: Registry Backup - Registry Backup (RegBack) is a tool for backing up
the Windows Registry to files without use of a tape drive. RegBack allows you to
back up Registry hives while the system is running and has the hive files open.
REGFind: RegFind is a command-line tool with which you can search the
Windows 2000 registry for arbitrary data, key names, or value names and
optionally replace any of these with new values.
REGINI: Registry Change by Script - This tool uses character-based batch files
to add keys to the Windows 2000 registry by specifying a registry script.
REGRest: Registry Restoration - Registry Restoration (RegRest) restores
Registry hive files from backups created by RegBack.
Relog: Extracts performance counters from logs created by the Performance
Logs and Alerts service.
ReMapKey: Remap Windows Keyboard Layout - This tool changes keyboard
layout by remapping the scancode of keys.
Remote Command Service: (Rcmd.exe & Rcmdsvc.exe) - The Remote Command
Service (Rcmd.exe) provides a secure, robust way to remotely administer and
run command-line programs. (RCMDSRV also included.)
Remote Administration Scripts: The Remote Administration Scripts are a
collection of Visual Basic scripting tools designed to perform specific
administrative tasks using Microsoft Active Directory Services Interfaces (ADSI)
and Windows Management Instrumentation (WMI) for Windows 2000.
Rscripts.chm is an HTML Help file that documents the Remote Administration
RKill: Remote Kill - This service (RKILLSRV.EXE) with both GUI (WRKILL.EXE)
and command-line (RKILL.EXE) clients allows a user to enumerate and kill
processes on a remote computer. To kill a process remotely with this tool, you
must be member of the Administrators group.
RMTShare: Remote Share - Remote Share is a command-line tool that allows
you to set up or delete shares remotely.
RPCCfg: RPC Configuration Tool - Configures Microsoft Remote Procedure Call
(RPC) to listen on specified ports.
Rpcdump: RPC Dump - Dumps all endpoints in the endpointmapper database,
pings each endpoint, gathers other stats, sorts and displays the data.
RPC Ping: RPC Connectivity Verification Tool - Verifies that Windows 2000 Server
services are responding to remote procedure call requests from network clients.
RSDiag: Remote Storage Diagnostic Utility - This command-line tool examines
Remote Storage (HSM) databases and displays diagnostic information about
jobs, managed NTFS 5 volumes, removable media, and other Remote Storage
Please purchase PDFcamp Printer on to remove this watermark.

information useful for system analysis.

RSDir: Remote Storage File Information Utility - This command-line tool
examines Remote Storage reparse points, displaying Remote Storage
information for files in the current directory and its subdirectories.
ScanReg: This Win32 command-line "registry GREP" enables you to search for
any string in keynames, valuenames, and/or valuedata in local or remote
registry keys in Windows 2000 Windows NT, and Windows 95/98.
SC: Service Controller Query Tool - This tool provides a way to communicate
with Service Controller (Services.exe) from the command prompt to retrieve
information about services.
ScList: This command-line tool can show currently running services, stopped
services, or all services on a local or remote computer.
SecAdd: This command-line tool enables you to add user permissions to a
registry key or removed "Everyone" group.
Setspn: Manage Service Principal Names for an Active Directory directory service
SetupMgr: Setup Manager - This wizard is a deployment tool that assists system
administrators in automating the installation or upgrading of Windows 2000 on
multiple computers, eliminating the need to monitor these operations.
Setx: Sets environmental variables in the the user or computer environment.
ShowACLs: This command-line tool enumerates access rights for files, folders,
and trees. It allows masking to enumerate only specific ACLs.
ShowDisk: This command-line tool reads and displays the registry subkey
ShowGroups: This command-line tool shows the groups to which a given user
belongs, optionally within a given network domain.
ShowMembers: This command-line tool shows the usernames of members of a
given group, optionally within a given network domain.
Showperf: Performance Data Block Dump Utility - Dumps the contents of the
Performance Data block so you can view and debug the raw data structure.
ShutDown: Remote Shutdown - Remote Shutdown is a command-line tool that
allows you to remotely shut down or reboot a computer running Windows 2000.
ShutGUI: Remote Shutdown GUI - Shutgui.exe allows you to remotely shut
down or reboot a computer running Windows 2000. It can be run either with
command-line parameters or without.
SIDwalker: This set of programs helps system administrators manage access-
control policies on Windows 2000 and Windows NT systems. Access control is
implemented by access-control lists (ACLs).
SNMP Monitor - SNMP Monitor is a tool that can monitor any SNMP MIB variables
across any number of SNMP nodes.
SNMPutil & SNMPutilG - SNMP Browser is a tool that lets you get SNMP
information from an SNMP host on your network. SnmpUtilG is a graphical tool
that complements the older command prompt SNMP browser tool
Soon: Near-Future Command Scheduler - Schedules commands to run within
the next 24 hours.
Applications as Services Utility: With Srvany, you can configure any Windows
application so that it runs as a service.
SrvCheck: This command-line tool lists the non-hidden shares on an computer
running Windows 2000 and enumerates the users on the ACLs for that share.
SrvInfo: This command-line tool displays information, such as available disk
space and partition types, about a remote server.
Please purchase PDFcamp Printer on to remove this watermark.

SU: SU lets you start a process running as an arbitrary user. It is named after
the SU (Switch Users) utility of the UNIX family of operating systems.
SubInAcl: With this command-line tool, administrators can obtain security
information on files, registry keys, and services, and transfer this information
from user to user, from local or global group to group, and from domain to
SvcMon: Service Monitoring Tool - This tool monitors services on local and
remote computers for changes in state (starting or stopping).
Sysprep: Use this tool to prepare your system before changing SID using
TakeOwn: TakeOwn is a command-line tool that cleans up multiple boot drives
without formatting the drive. Using this tool, you can delete an installation of
Window 2000 from a local computer.
TextViewer: TextViewer provides a graphical interface for quickly viewing text
files on local or shared drives.
Timethis: Times how long it takes to execute a given command.
Tracedmp: Processes a trace log file or real time trace buffers and converts
them to a .csv file.
Traceenable: Enables tracing and displays current tracing options.
Tracelog: Starts, stops or enables trace logging.
Terminal Server Capacity Planning Tools Hotfix - Suite of tools that assist
organizations with Windows 2000 Terminal Services capacity planning.
TimeOut: Timeout is a command-line tool that causes the command processor to
pause execution for the number of seconds specified by the time (#) parameter,
after which it continues without requiring a user keystroke.
TimeThis: TimeThis times how long it takes the system to execute a given
Timezone: Daylight Savings Time Update Utility - This command-line tool
updates the daylight savings information for a time zone in the registry.
TrustDom: Trust Domain Setup - This command-line tool can help manage trust
relationships. Using TrustDom, administrators can view, create, and delete trust
relationships between Windows 2000 and Windows NT domains.
TypePerf: Performnce Data in the Command Window - This command-line tool
displays real-time data from Performance Monitor counters in a command
TZedit: Time Zone Editor - You can use Time Zone Editor to create and edit time
zone entries for the Date/Time option in Control Panel.
UserDump: User Mode Process Dumper - UserDump.exe is a command-line tool
that creates a dump file for user mode debugging. UserDump does not use Dr.
Watson and does not invade the target process as a debugger.
User Input for Batch Files: Choice prompts the user to make a choice in a batch
program by displaying a prompt and pausing for the user to choose from among
a set of keys.
User State Migration Tool - Helps migrate a user's documents and settings
(state) before an operating system migration to Windows 2000.
UsrStat: This command-line tool displays the username, full name, and last
logon date and time for each user in a given domain.
Vadump: Virtual Address Dump - Shows the state and size of each segment of
virtual address space.
Vfi: Visual File Information - Visual File Information retrieves and generates file
W3who.dll: Browser Client Context Tool - ISAPI application DLL that displays the
Please purchase PDFcamp Printer on to remove this watermark.

browser client context. Lists security identifiers, privileges, env variables.

WaitFor: This command-line tool waits until a signal is given across the network.
Multiple machines can wait for the same signal.
Whoami: Returns the domain or computer name and the user name of the user
currently logged onto the computer on which the tool runs.
WinDiff: File and Directory Comparison - WinDiff shows the differences between
specified ASCII text files or folders of ASCII text files.
WinAt: Command Scheduler - Command Scheduler can be used to schedule
commands on a local or remote computer to occur once or regularly in the
Winexit: Windows Exit Screen Saver - WinExit is a screen saver that logs the
current user off after the specified time has elapsed.
Windows ATM ARP Server Information Tool - AtmArp is a command-line tool
designed to assist network administrators and support personnel in
troubleshooting the status of the Asynchronous Transfer Mode (ATM) ARP/MARS
Service that ships with Windows 2000.
Windows ATM LAN Emulation Client Information - AtmLanE is a command-line
tool designed to assist administrators in troubleshooting the status of the
Asynchronous Transfer Mode (ATM) LAN Emulation (LANE) client that ships with
Windows 2000.
WinMsDp: WinMsdp is a command-line version of the Windows 2000 Diagnostics
tool (Winmsd.exe). It provides information about your system configuration and
WinSCHK: This command-line tool checks name and version-number
inconsistencies that may appear in Windows Internet Name Service (WINS)
databases, monitors replication activity, and verifies the replication topology in
an enterprise network. It is particularly useful for WINS administrators.
WINS Administrator Tools: WinsCl can monitor WINS activities and examine
WINS databases. It can also send commands to WINS to initiate an activity such
as replication, scavenging, registering/querying a record, or doing
backup/restore operations.
Winsta: WinStation Monitor - Monitors the status of all users logged on to a
Windows 2000 Terminal Server.
Wntipcfg: Windows NT IPConfig Utility - Gives you information about your IP
Xcacls: Sets all file-system security options accessible in Windows Explorer.

Related articles

You may find these related articles of interest to you:

• Download GPMC
• Download IIS 6.0 Resource Kit
• Download IIS 6.0 Reskit Tools
• Download Office 2000 Reskit Tools
• Download Office System 2003 Reskit Tools
• Download Office XP Reskit Tools
• Download RDP 5.2
Please purchase PDFcamp Printer on to remove this watermark.

• Download Windows 2000 Adminpak

• Download Windows 2000 SP4 Deploy Tools
• Download Windows 2000 SP4 Support Tools
• Download Windows 2003 Adminpak
• Download Windows 2003 Reskit Tools
• Download Windows 2003 SP1 Support Tools

• Download Windows 2003 Deployment Kit

• Download Windows XP Reskit Tools
• Download Windows XP SP1 Deploy Tools

Windows Deployment and Resource Kits
Free Windows 2000 Resource Kit software tools
Microsoft Resource Kit tools at Dynawell
Download Windows 2000 SP3 Support Tools (10.24mb)
List of available support tools - You can download any one of them as an individual
download if you want.
A Microsoft FTP Site with many of the older Reskit tools -