Password reset disks

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Password reset disks

It is not unusual for users to forget their passwords to local user accounts from time to time, especially when they use strong passwords. Before the advent of password reset disks, the only way for administrators to restore a forgotten local user account password was to manually reset the user's password. In the process, the following information was lost:

  • E-mail that was encrypted with the user's public key

  • Internet passwords that were saved on the computer

  • Files that the user had encrypted

Password reset disks offer another solution to the problem of a forgotten password for a local user account. If users create password reset disks for their local accounts before they forget their passwords, they can reset the passwords without losing valuable data that was lost previously with administrative password resets.

When you create a password reset disk, a public key and private key pair are created. The private key is stored on a disk: the password reset disk. The public key encrypts the local user account password. If users forget their passwords, they can insert the password reset disk, which contains the private key, and decrypt the current password. The Forgotten Password Wizard prompts the user for a new password, which is then encrypted with the public key. Data is not lost because, basically, the user is simply changing a password. It is essential that password reset disks be stored in secured locations. For more information on how to create a password reset disk, see Create a password reset disk.

For more information about encryption, see Encryption. For more information about passwords, see Passwords.