Are the losses of resetting a Windows password reversible?

14,354

Solution 1

Can these losses be reverted by setting the login password back to the old one?

Depends on if were talking about encrypted information or not.

if I enter in "New password:" and "Confirm password:" textboxes the old password? i.e. set the password to the old one )applying this procedure)?

If you did this then the password would not actually be changed. Information stored like the encryption key likely still would be wiped. Why would anyone do this?

Solution 2

The warning message will always be displayed when you change your password. No matter whatever you'll change it to:

The user account will immediately lose access to all of its encrypted files, stored passwords, and personal security certificates

I think you won't lose access to your EFS encrypted files after changing your password back to the old password. Because the EFS files are encrypted based on the RID and password hash of your user account. The RID and encryption algorithms won't change from time to time. There is no random number involved in the encryption procedure.

Share:
14,354

Related videos on Youtube

Gennady Vanin Геннадий Ванин
Author by

Gennady Vanin Геннадий Ванин

Business Analyst, ex- programmer, biz analyst, Q&A developer in Test, chemical cybernetics engineer, scientist, US patent attorney, translator, tourist guide, traveller, parachuter, tennis player, futebolista, military officer etc.

Updated on September 18, 2022

Comments

  • Gennady Vanin Геннадий Ванин
    Gennady Vanin Геннадий Ванин over 1 year

    In Windowses (XP SP3, Windows 7, et al), setting Windows' login/account/user password by:

    • Run --> Compmgmt.msc --> Local Users and Groups --> Users --> Right Click on a user in right panel --> Set password...

    shows:

    Resetting this password might cause irreversible loss of information for this user account. For security reasons, Windows protects certain information by making it impossible to access if the user's password is reset.

    • Update (added the end of this warning)

      "The data loss will occur the next time the user log off.

      You should use this command only if a user has forgotten his or her password and does not have a password reset disk. If this user has created a password reset disk should use the disk to set the password.

      If the user knows the password and wants to change it, he or she should log in, then use User Accounts in Control Panel to change the password.

      For additional information, click Help.

      Buttons: Proceed, Cancel, Help"

    and in next dialog box:

    If you click OK, the following will occur:

    • The user account will immediately lose access to all of its encrypted files, stored passwords, and personal security certificates

    enter image description here

    Can these losses be reverted by setting the login password back to the old one?
    Or, more specifically, do these losses still occur, if I

    • change the password first to another (new) one and, after that, by the same procedure,to a previous (old) one?
    • if I enter in "New password:" and "Confirm password:" textboxes the old password?
      i.e. set the password to the old one )applying this procedure)?

    Update:
    As developer, I know that deleting and then recreating an object doesn't restore the old object, just creates identical copy (with usually tedious manual work of restoring references, links, dependencies which are rarely even known since frequently created dynamically, in run-time).

    And the question has huge implications for practical system administration especially in workgroups, sometimes big ones.

    • Moab
      Moab about 12 years
      I wonder why we don't get this warning when changing passwords using Control Panel > User Accounts
    • Gennady Vanin Геннадий Ванин
      Gennady Vanin Геннадий Ванин about 12 years
      Yes, I also wanted to write about it but then decided to keep the question less bloated. Note than in case using Control Panel > User Accounts one should enter the old password
    • Harry Johnston
      Harry Johnston about 12 years
      @Moab: if you are changing your own password, you enter the old password and Windows decrypts and then re-encrypts your encryption key, so that there is no data loss.
    • Harry Johnston
      Harry Johnston about 12 years
      Note that you can disable file encryption with group policy, although stored passwords and personal security certificates might still be an issue.
  • Gennady Vanin Геннадий Ванин
    Gennady Vanin Геннадий Ванин about 12 years
    Why would anyone do it? - A: First, it is methodological question, the answer to which permits me to understand more clearly this area. Second, there are various practical situations - sometimes, in workgroup I change a lot of passwords, and forgot that I already changed one (or more), etc.
  • Brian Minton
    Brian Minton over 4 years
    Aren't the password hashes salted? If so, the salt would change, even if you set your password to the same string.