I occasionally have to reset Windows passwords for my colleagues and friends… it’s a chore but it has to be done The easiest way to reset a Windows password is to use the Ultimate Boot CD. However, when you can’t get your hands on an UBCD, you can fire up an Ubuntu LiveUSB, install chntpw, mount the windows %systemroot% partition (the one with the Windows folder) and reset the password.
According to its manual page,
“chntpw is a utility to view some information and change user passwords in a Windows NT/2000 SAM userdatabase file, usually located at \WINDOWS\system32\config\SAM on the Windows file system. In addition it also contains a simple registry editor (same size data writes) and an hex-editor which enables you to fiddle around with bits and bytes in the file as you wish.”
Before we proceed, let’s make a few assumptions:
1. You are using Windows 7/Vista
2. Your windows partition is located at /dev/sda1
3. We’ll mount it at /media/mnt/
4. We’ll reset the Administrator account.
Now fire up a LiveUSB/CD/DVD and install chntpw via the terminal like so:
sudo apt-get install chntpw
You can also download the deb here
Mount the windows partition like so:
sudo ntfs-3g /dev/sda1 /media/mnt ; cd /media/mnt/Windows/System32/config
Adjust the device names and folder paths to suit your setup. If you don’t know your username, chntpw can list all users like so:
chntpw -l SAM
Reset the Administrator
password like so:
chntpw -u Administrator SAM
You should get a prompt similar to this:
- - - - User Edit Menu:
1 - Clear (blank) user password
2 - Edit (set new) user password (careful with this on XP or Vista)
3 - Promote user (make user an administrator)
4 - Unlock and enable user account [probably locked now]
q - Quit editing user, back to user select
Select: [q] >
Type 1
to clear the password. This option has the best chance of success and comes with the least complications. You should get another prompt similar to this if you choose option 1:
Hives that have changed:
# Name
0
Write hive files? (y/n) [n] :
Type y
and you should get this:
0 - OK
Reboot the into Microsoft Windows like so:
sudo reboot
and create a new password for the Administrator account.
Recent Comments