So passwords and me have a love / hate relationship. Today I had to help reset a virtual machine's default administrator password since every attempt at what should have been a working password ... was a wrong password. Attempting to use domain credentials failed also. The person that made this password does them with non-readable characters, upper, lower, punctuation, numbers, and a random mouse movement (ok, last one I made up), but without this password, the VM was doodoo and I'd have to spend the next 4 to 8 hours rebuilding it.

My attempt at using a boot disk and use that to reset the password actually failed for some reason, this was semi disappointing actually, maybe I just screwed it up.

What didn't fail however was using SQL to inject a command line argument. How does one do this evil voodoo trick? First, you need to know the SA (aka God) password. This was easy since we for internal dev boxes they are all the same and this SQL instance was set up like a dev box. From a remote computer, you log in through Query Analyzer and type:

exec master..xp_cmdshell 'net user user_name new_password'

MSDN has a quick info on how to do a reset the password through the command prompt. Database Journal tells how to use xp_cmdshell to do non-evil stuff (unlike me).