If the drive is not encrypted, you can try the “sethc.exe” trick:
- Mount the drive RW and rename the file C:\Windows\System32\sethc.exe to sethc.exe.bak (or something)
- Rename C:\Windows\System32\cmd.exe to sethc.exe
sethc.exe is the exe for sticky keys. When you boot up and atthe login page, press SHIFT five times fast. Instead of getting the stucky keys prompt, you should get an elevated command prompt. You can then reset the users password with
net user username newpassword