December 14, 2012, 1:18 PM — If you've forgotten your Windows password, there are several utilities to reset it. One of them is Windows' own System Recovery Disk. As a side note, this password reset trick, which takes just ten minutes to do, is a security hole in Windows 8 and earlier systems, which you can prevent an attacker from hacking into your computer with encryption.
All you need to reset the Windows password with this method is another Windows PC so you can make the System Recovery Disk and burn it to a CD or USB thumb drive. You can create the system recovery CD from the Control Panel > Windows 7 File Recovery.
Jamal H. Naji has the full tutorial on Reboot. Basically, you boot into the locked PC with the recovery disk and open up the command prompt, then replace the Ease of Access Center application (utilman.exe) with another copy of the command prompt (cmd.exe) with administrative privileges. Then you use the "net user" command to type in a new password for the user whose password you want to reset. The instructions are very easy to follow.
There's one thing you can do to prevent an attacker from gaining access to your personal files with this or another password reset hack: encrypt the whole disk. BitLocker, which comes with some Windows editions and TrueCrypt are two programs that can protect your files. With the encryption, the files under the system32 folder (including utilman.exe) can't be replaced.