The following approach can be used only in cases where we have forgotten the password or it has been changed by a third party for reasons beyond us.
Note: Do NOT use this approach to backdoor any server in your work environment!
Tools used for this demonstration:
PING (Partimage Is Not Ghost)
Download: http://ping.windowsdream.com/ping/Releases/3.00.01/PING-3.00.iso (~22MB)
The workaround:
1) Boot with PING Linux distribution
2) fdisk -l | grep NTFS
3) mkdir -p /mnt/windows
4) mount -t ntfs-3g /dev/sda1 /mnt/windows
5) cd /mnt/windows/Windows/System32
6) mv Magnify.exe Magnify.bck
7) cp cmd.exe Magnify.exe and reboot
Booting into Windows Server 2008:
1) Click on Ease Of Access
2) Select “Make items on the screen larger (Magnifier)
3) Click OK
4) On Command Prompt type explorer
Interacting with Windows Explorer
From here you can change the password
The following approach can be used with Windows Vista and also by any other Ease Of Access tools or even by Ease Of Access itself by renaming “utilman.exe” to “cmd.exe”.
Further you can refer from this link: