I recently found that using "NTPWEdit"
or any other password resetting tool to reset user account password on "Windows 8.0/8.1"
doesn't seems to always work. The symptoms include ;1.
You reset a local user account from PE, reboot to Windows and then found that the account still asking for password.2.
You enabled a disabled account from PE ( ie, built in "Administrator" account), reboot to Windows and found that the disabled account is not enabled/not present on the log on screen. cause :
It's the new "Fast Startup"
feature which is behind this weird behaviors. "Fast Startup" will actually put Windows to a semi "hibernation" state to gain speed at next powering on.
Source : http://www.techrepublic.com/blog/windows-and-office/how-windows-8-hybrid-shutdown-fast-boot-feature-works/
The goal of Fast Boot is pretty obvious from its name - Windows 8 boots up faster than previous versions of the operating system ever did. To accomplish this feat, Windows 8 doesn't totally shut down when you click the Shut down command. Instead it only partially shuts down and partially hibernates. This is the Hybrid Shutdown part of the equation. Then, when you turn on your computer, Windows 8 starts very quickly because it only has to partially boot up and partially wake up. This is the Fast Boot part of the equation.
If you shutdown Windows 8, boot in to PE and edit Registry or reset password and reboot, Windows will actually resume it's core components from the hibernation file instead of loading from disk. As a result, any changes you made from PE will be lost !. Also in some cases, editing NTFS while system is on hibernation state may result in system file corruption ( i learned this by hard way ). The good Linux
guys found this first and as a precaution, they decided to not mount NTFS if hibernation (either full or semi like "fast startup" ) is detected.
Source : https://kamalkaur188.wordpress.com/category/unable-to-mount-windows-ntfs-filesystem-due-to-hibernation/
Making changes to your Windows (ntfs) partition while it is hibernated could be dangerous--it could cause Windows to not resume from hibernation or to crash after resuming. Because of this, the tool (ntfs-3g) that mounts (opens) the partition will not mount it in read-write mode if it sees a hibernation flag.
Source : http://www.h-online.com/open/features/Linux-and-Windows-8-Fast-Startup-puts-data-at-risk-1780640.html
In tests, the problem was easily reproduced by shutting down a freshly installed Windows 8 system from the menu and then creating a few files on the Windows partitions from within a Linux distribution. After a subsequent system start, the new files did not appear in Windows. After unmounting and remounting the test partitions, and after rebooting Windows using the Windows restart feature, the files became visible but were often unreadable or corrupted. Edited files were also often damaged. Although Windows managed to repair the test system's filesystems, it took over an hour to fix an NTFS partition of 1.5TB, and some of the files that were created or modified under Linux were lost in the process.Solution :
If "Windows 8" log in password need to be changed or Registry need to be edited, first boot to Windows and restart normally from the log in screen ( don't shutdown - restart and immediately boot to PE ).
This will clear the "fast startup" and then you can boot to your PE and edit password/registry or remove/add files from the "system drive". I would also recommend to delete "hiberfil.sys"
from the root of system drive as a safety precaution ( don't do this with "Win7". The hibernation file may contain user mode data unlike "Win8" ). "hiberfile.sys" will be recreated again the next time you shutdown the system from within "Windows 8" and "fast startup" will be returned.
Btw, "fast startup" won't work with virtual machines. You need a real system for tests.