Last time I had to rejoin a machine to the domain and apparently some nutjob administrator didn’t use the documented password for the local administrator account. So with no option to log on to the machine locally, I had to follow the steps below. Basically, you replace the executable used for Accessibility options showed in the logon screen. You can, of course, use this method for other local accounts.
1. Insert the original Windows 7 / Server 2008 installation DVD
2. Reset the computer, boot from DVD
3. Choose option "Repair your computer"
4. Start command prompt
Type in the following commands:
C:\
CD C:\Windows\System32
MOVE Utilman.exe Utilman.exe.bak
COPY Cmd.exe Utilman.exe
5. It may be necessary to enable the administrator account by using the following command:
NET USER administrator /active:yes
6. Restart windows. At the login screen, type Windows-U, this will now open cmd.exe.
Type in the following command:
NET USER administrator <NEWPASSWORD>
Login as administrator
Delete Utilman.exe and rename Utilman.exe.bak back to Utilman.exe in C:\Windows\System32.