Windows password reset

Revision as of 18:05, 8 September 2008 by Root (Talk | contribs) (Run `chntpw` from an Ubuntu Live CD)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

You need this tool: The Offline NT Password & Registry Editor. You have a choice of either downloading the CD ISO; burning it to disk; and then booting from that or you can also run `chntpw` from an Ubuntu Live CD (you will need to have network access).

Run `chntpw` from an Ubuntu Live CD

Boot into Ubuntu and start a shell. This assumes that your Windows NTFS volume shows up as /dev/sda1. Note also that the exact path for "WINDOWS/system32/config" may very. In particular, you may see differences in capitalization from what you see under Windows or what what you see in other documentation. You are looking for the Windows registry hive files.

sudo su -
echo "deb hardy multiverse" >> /etc/apt/sources.list
echo "deb-src hardy multiverse" >> /etc/apt/sources.list
apt-get update
apt-get -y install chntpw
mkdir /media/my_ntfs_drive
mount -t ntfs-3g /dev/sda1 /media/my_ntfs_drive -o force
cd /media/my_ntfs_drive/WINDOWS/system32/config
chntpw SAM system SECURITY

You will then have to answer a bunch of questions. Here is what I used:

Do you really wish to disable SYSKEY? (y/n) [n]n
Account is probably locked out!
Do you wish me to reset the failed count, unset disabled and lockout,
and set the "password never expires" option? (y/n) [n]y
* = blank the password (This may work better than setting a new password!)
Enter nothing to leave it unchanged
Please enter new password: *
Do you really wish to change it? (y/n) [n] y
Write hive files? (y/n) [n] : y

You may have better luck if you select YES to disable SYSKEY, but you should understand what this does before you disable it. I tried first without disabling SYSKEY, but this did not work. The system said the password was reset, but after reboot the blank password did not work. I tried again and first disabled SYSKEY. After this, I was able to login with a blank password.