I recently encountered a situation in which a user with Administrator rights (i.e., whose domain account was in the Local Administrators group) had changed and forgotten the default Local Administrator account's password on his PC. I needed to recover some offline files, but the user had also changed the PC from a domain member to a workgroup computerâ€”so I could no longer use the user's and domain administrator's cached domain logon credentials to gain administrative control over the installation.
I had read Reader to Reader: "How to Reset the Administrator Password" (June 2002, http://www.winnetmag.com, InstantDoc ID 24862), so I decided to try Fotakelis Apostolos's approach of resetting the Administrator password. I installed another instance of Windows 2000 on the machine, with a different \%systemroot% directory. I left the Local Administrator account password blank. After the installation finished, I logged on and used regedt32's Load Hive utility to load the SAM file from the \oldsystemroot%\system32\config directory.
Initially, I couldn't access the SAM subkeys (on either the new installation's local SAM or the original installation's imported SAM) because of registry security restrictions. I used regedt32 to grant myself permissions on the new and original SAM entry and subkeys.
Per Fotakelis, I copied the SAM\SAM\Domains\Account\Users\000001F4\F registry value from the new to the original SAM. After unloading the hive, I rebooted into the old installation. I discovered that the Local Administrator password hadn't been reset. Finally, I rebooted into the new installation and copied the \%oldsystemroot\csc directory to the \%newsystemroot%\csc directory. I enabled Offline Files on the new installation, and bingoâ€”the files appeared in the Offline Files folder.