What can I do if I forgot my Windows password?
I got a brand new Windows 7 machine, installed the operating system, created one account and forgot its password. What can I do?
There is no external CD, the operating system is loaded from somewhere inside the machine.
I already tried to remember passwords and tried all candidates with all possible combinations of caps lock, num lock etc.
windows-7 windows passwords community-faq
add a comment |
I got a brand new Windows 7 machine, installed the operating system, created one account and forgot its password. What can I do?
There is no external CD, the operating system is loaded from somewhere inside the machine.
I already tried to remember passwords and tried all candidates with all possible combinations of caps lock, num lock etc.
windows-7 windows passwords community-faq
4
To address the specific issue of machines without CD/DVD drives: it is possible to create a bootable USB stick instead. It is likely that some of the packaged solutions mentioned below provide explicit support for this. Failing that, however, you could borrow or buy a USB DVD drive and boot from that.
– Harry Johnston
Sep 7 '11 at 21:25
Did you change the external CD details or something? Because that would have been helpful to know before everyone answered.
– cutrightjm
Apr 7 '12 at 0:15
1
Try putting caps lock on. Then retry all of your combinations. Might've been on when you set it and didn't realise.
– Brok3n
Jan 18 '15 at 22:48
1
If you have neither a CD nor a USB drive, you can refer to this trick but it involves too many steps. If you have a USB drive, things could be much easier and you can install Offline NT Password & Registry or Hiren's BootCD onto your USB with Rufus, next boot your machine off USB, and you can reset the password.
– Durfee
Mar 30 '17 at 0:41
add a comment |
I got a brand new Windows 7 machine, installed the operating system, created one account and forgot its password. What can I do?
There is no external CD, the operating system is loaded from somewhere inside the machine.
I already tried to remember passwords and tried all candidates with all possible combinations of caps lock, num lock etc.
windows-7 windows passwords community-faq
I got a brand new Windows 7 machine, installed the operating system, created one account and forgot its password. What can I do?
There is no external CD, the operating system is loaded from somewhere inside the machine.
I already tried to remember passwords and tried all candidates with all possible combinations of caps lock, num lock etc.
windows-7 windows passwords community-faq
windows-7 windows passwords community-faq
edited Jun 5 '15 at 16:54
Ƭᴇcʜιᴇ007
98.8k14156212
98.8k14156212
asked Nov 18 '09 at 17:43
flybywire
1,95293553
1,95293553
4
To address the specific issue of machines without CD/DVD drives: it is possible to create a bootable USB stick instead. It is likely that some of the packaged solutions mentioned below provide explicit support for this. Failing that, however, you could borrow or buy a USB DVD drive and boot from that.
– Harry Johnston
Sep 7 '11 at 21:25
Did you change the external CD details or something? Because that would have been helpful to know before everyone answered.
– cutrightjm
Apr 7 '12 at 0:15
1
Try putting caps lock on. Then retry all of your combinations. Might've been on when you set it and didn't realise.
– Brok3n
Jan 18 '15 at 22:48
1
If you have neither a CD nor a USB drive, you can refer to this trick but it involves too many steps. If you have a USB drive, things could be much easier and you can install Offline NT Password & Registry or Hiren's BootCD onto your USB with Rufus, next boot your machine off USB, and you can reset the password.
– Durfee
Mar 30 '17 at 0:41
add a comment |
4
To address the specific issue of machines without CD/DVD drives: it is possible to create a bootable USB stick instead. It is likely that some of the packaged solutions mentioned below provide explicit support for this. Failing that, however, you could borrow or buy a USB DVD drive and boot from that.
– Harry Johnston
Sep 7 '11 at 21:25
Did you change the external CD details or something? Because that would have been helpful to know before everyone answered.
– cutrightjm
Apr 7 '12 at 0:15
1
Try putting caps lock on. Then retry all of your combinations. Might've been on when you set it and didn't realise.
– Brok3n
Jan 18 '15 at 22:48
1
If you have neither a CD nor a USB drive, you can refer to this trick but it involves too many steps. If you have a USB drive, things could be much easier and you can install Offline NT Password & Registry or Hiren's BootCD onto your USB with Rufus, next boot your machine off USB, and you can reset the password.
– Durfee
Mar 30 '17 at 0:41
4
4
To address the specific issue of machines without CD/DVD drives: it is possible to create a bootable USB stick instead. It is likely that some of the packaged solutions mentioned below provide explicit support for this. Failing that, however, you could borrow or buy a USB DVD drive and boot from that.
– Harry Johnston
Sep 7 '11 at 21:25
To address the specific issue of machines without CD/DVD drives: it is possible to create a bootable USB stick instead. It is likely that some of the packaged solutions mentioned below provide explicit support for this. Failing that, however, you could borrow or buy a USB DVD drive and boot from that.
– Harry Johnston
Sep 7 '11 at 21:25
Did you change the external CD details or something? Because that would have been helpful to know before everyone answered.
– cutrightjm
Apr 7 '12 at 0:15
Did you change the external CD details or something? Because that would have been helpful to know before everyone answered.
– cutrightjm
Apr 7 '12 at 0:15
1
1
Try putting caps lock on. Then retry all of your combinations. Might've been on when you set it and didn't realise.
– Brok3n
Jan 18 '15 at 22:48
Try putting caps lock on. Then retry all of your combinations. Might've been on when you set it and didn't realise.
– Brok3n
Jan 18 '15 at 22:48
1
1
If you have neither a CD nor a USB drive, you can refer to this trick but it involves too many steps. If you have a USB drive, things could be much easier and you can install Offline NT Password & Registry or Hiren's BootCD onto your USB with Rufus, next boot your machine off USB, and you can reset the password.
– Durfee
Mar 30 '17 at 0:41
If you have neither a CD nor a USB drive, you can refer to this trick but it involves too many steps. If you have a USB drive, things could be much easier and you can install Offline NT Password & Registry or Hiren's BootCD onto your USB with Rufus, next boot your machine off USB, and you can reset the password.
– Durfee
Mar 30 '17 at 0:41
add a comment |
15 Answers
15
active
oldest
votes
- If you have an Ubuntu live CD you can reset it using
chntpw
application - You can use Bart's PE + Password Renew to reset the password
- You can use Offline NT Password Editor to reset the password.
Detailed instructions on using any of the 3 are available over here.
this answer should have gotten a check. if it didn't it means you were looking for recovery, not reset. that takes WAY longer and involves rainbow tables or lophtcrack with syskey and registry dumps...way beyond the scope of a superuser question but I have you a starting point for some google queries
– RobotHumans
Oct 20 '10 at 3:04
18
To expand on aking1012's comment, users should keep in mind that resetting a Windows password results in the permanent loss of all encrypted files and data. Most of the time this isn't a big deal, but it can be.
– Harry Johnston
Sep 7 '11 at 21:22
@HarryJohnston The password can be reset without losing access to encrypted data (files, certificates, etc.) by using a pass-the-hash technique. See description here. I couldn't find a ready made tool to do it right now, so I'm just writing a comment.
– David Balažic
Apr 4 '15 at 15:56
@DavidBalažic: that appears to be AD only, so not applicable to most home users.
– Harry Johnston
Apr 5 '15 at 2:27
add a comment |
If you can find a Microsoft ERD 6.5 or 7.0 boot disk, it can reset the Windows 7 password. It has to match the bit version to work, 32 or 64-bit Windows 7.
ERD (Emergency Repair Disc) boot disk is part of the DaRT (Diagnostic and Recovery Toolset), which is part of MDOP (Microsoft Desktop Optimization Pack). These are not available to the public, but they can be found.
ERD comes in five versions currently:
- 5.0 for XP
- 6.0 for Vista
- 6.5 or 7.0 for Windows 7
- 8.0 for Windows 8, 8.1
- 10.0 for Windows 10
There is an alternative method for Windows 7; all you need is either a Windows 7 install disk, System Repair Disk or WinRE partition on the hard drive.
Use F8 or boot from the disc. Once RE loads, choose "Repair your Computer", then load Command Prompt and run these two commands. The second command you will get a prompt to overwrite; say "yes".
copy c:windowssystem32sethc.exe c:
copy c:windowssystem32cmd.exe c:windowssystem32sethc.exe
Restart the PC. When you reach the Login screen, hit the Shift key five times. A command window will open. Type the following:
net user (type the name of the account) (type any password)
and hit the Enter key, and when prompted to overwrite, type "Yes", and hit the Enter key again, and close the command window, and log on with the new password you just created.
After that you might want to put the original sticky key file back in its place, so go ahead and boot your PC with the repair CD or USB that you used earlier, and in the command prompt window type the following:
copy c:sethc.exe c:windowssystem32sethc.exe
press Enter, then when prompted to Overwrite, type "Yes" and hit the Enter key again, then close the window, and restart the PC.
Or if you prefer a 3rd party password cracker, here is a good one
"tested from NT3.5 up to Windows 8.1, including the server versions like 2003, 2008 and 2012. Also 64 bit windows supported."
1
Between this and the linux program that removes the password... I am surprised Microsoft wouldn't find a way to prevent these exploits if they claim to have Enterprise level security... though I guess one could argue that physical access controls are always required.
– BigOmega
Mar 19 '13 at 17:56
7
@ioSamurai Resetting the password makes you loose anything stored in secured storage (certificates, ect...), and as you said the 3rd law of computer security "If a bad guy has unrestricted physical access to your computer, it's not your computer anymore"
– Scott Chamberlain
Apr 29 '13 at 19:15
8
I just realized... you got that screenshot from Wikipedia, and I uploaded it to Wikipedia like 4 years ago. The circle of (internet) life!
– nhinkle♦
May 23 '13 at 16:57
2
Worked like a charm, However I was unable to change the password with the net user command. I was able to activate the admin account though and then login through that with this commandnet user administrator /active:yes
– Cosco Tech
Jul 20 '15 at 14:04
1
For me the system repair disk didn't allow admin password to be changed as it asked for repair disk on USB or floppy not DVD. Using system repair disk or running command-line after system recovery did not allow the replacing of sethc.exe with cmd.exe trick/hack. Using linux system rescue cd (4.8.2) I could not mount the drive - GPT partition - tools ntfs-3g gparted sfdisk should work with GPT but didn't. What eventually DID work was follow system recover sequence (no cd needed) at end view logfile (opens in Notepad). Then do file open - browse to cmd.exe - copy - paste - overwrite sethc.exe.
– gaoithe
Sep 26 '16 at 12:43
|
show 3 more comments
Run an Ophcrack LiveCD to try and crack the password, provided that you have a sufficiently easy alphanumerical password.
1
I don't think I can upvote or downvote this answer because it seems like a waste of time compared to just blanking the password and setting it when you boot into Windows.
– Nathan Adams
Oct 16 '10 at 15:21
17
@Nathan, keep in mind that resetting the password results in permanently losing access to all encrypted files and data.
– Harry Johnston
Sep 7 '11 at 21:21
I've had very limited success with Ophcrack. It worked for me once when helping a friend, who had a very simple password (it was just her name followed by a number). With a sufficiently strong password, it doesn't work very well.
– Charles Burge
Aug 15 '16 at 21:43
add a comment |
Offline NT Password Editor
Offine NT Password & Registry Editor works basically the same as PC Login Now in that it erases your Windows password instead of recovering it. You can then simply log in to your account without entering a password.
source
add a comment |
Grab a copy of unetbootin from here. Install NTpasswd onto a flash drive. By running NTpasswd off the flash drive you'll be able to reset the password on the computer to blank. It's pretty easy to use as well.
add a comment |
Use this bootdisk to boot PCs with Windows OSes to blank out the LOCAL
user account passwords, ENABLE
or DISABLE
LOCAL user accounts, etc.
You can use this if you've forgotten your LOCAL
Windows user account password, you've done a factory reimage/reset on your Windows OS and the account has a password you don't know what it is, and things of this sort of nature so you can log into Windows as some account WITHOUT a password just to get in, and then set the password from the Windows Control Panel, etc. to something you do know afterwards.
THE STEPS IN BRIEF
Download the bootdisk image file
Burn bootdisk image file onto media (e.g.
USB
orCD
) to boot PC from it rather than the hard drive or Windows.Put the newly burned bootdisk media into the PC, and then instruct the PC to boot from it rather than the internal hard drive with Windows installed.
Follow the instruction from the below section labeled
INSTRUCTIONS ONCE BOOTED TO
for what options to pick, etc. to enable existing local Windows accounts and/or blank out the password of the accounts and so on.
General Information
Resource: http://pogostick.net/~pnh/ntpasswd/bootdisk.html
Offline Windows Password & Registry Editor, Bootdisk / CD
I've put together a CD or USB Drive image which contains things needed
to reset the passwords on most systems.
The bootdisk should support most of the more usual disk controllers,
and it should auto-load most of them. Both PS/2 and USB keyboard
supported.
More or less tested from NT3.5 up to Windows 8.1, including the server
versions like 2003, 2008 and 2012. Also 64 bit windows supported.
DANGER WILL ROBINSON!
If password is reset on users that have EFS encrypted files, and the system is XP or newer, all encrypted files for that user will be
UNREADABLE! and cannot be recovered unless you remember the old
password again If you don't know if you have encrypted files or not,
you most likely don't have them. (except maybe on corporate systems)
Please see the Frequently Asked
Questions and the
version history below before emailing questions to me. Thanks!
Download Bootdisk
Resource: http://pogostick.net/~pnh/ntpasswd/bootdisk.html
Download
Note: Some links may be offsite.
CD release, see below on how to use
cd140201.zip (~18MB) - Bootable CD image.
usb140201.zip (~18MB) - Files for USB install
Previous release:
cd110511.zip (~4MB) - Bootable CD image.
usb110511.zip (~4MB) - Files for USB install
The files inside the USB zip are exactly the same as on the CD. See
below for instructions on how to make USB disk bootable.
Floppy release (not updated anymore), see below on how to use them
bd080526.zip (~1.4M) - Bootdisk image
drivers1-080526.zip
(~310K) - Disk drivers (mostly PATA/SATA)
drivers2-080526.zip
(~1.2M) - Disk drivers (mostly SCSI)
Previous versions may sometimes be found here (also my site)
NOTE: Versions before 0704xx will corrupt the disk on VISTA/win7/8!
NOTE THAT THE BOOTDISK CONTAINS CRYPTHOGRAPHIC CODE, and that it may be ILLEGAL to RE-EXPORT it from your country.
HOW TO USE
Resource: http://pogostick.net/~pnh/ntpasswd/bootdisk.html
How to use?
Please read the walthrough (now a bit outdated, sorry) and the
FAQ before mailing me questions
If you have the CD or USB, all drivers are included.
Overview
- Get the machine to boot from the CD or USB drive.
- Load drivers (usually automatic, but possible to run manual select)
- Disk select, tell which disk contains the Windows system. Optionally
you will have to load drivers.
- PATH select, where on the disk is the system? (now usually
automatic)
- File select, which parts of registry to load, based on what you want
to do.
- Password reset or other registry edit.
- Write back to disk (you will be asked)
DON'T PANIC!! - Most questions can usually be answered with the default answer which is given in [brackets]. Just press enter/return
to accept the default answer.
The walkthrough and instructions is now on its own page! but is quite old.. hope to make a new one..
What can go wrong?
Well. Lots of things, actually. But most of the problems is of the
type "cannot find" something. And then nothing happens.
Also, see the FAQ for
help with common problems.
INSTRUCTIONS ONCE BOOTED TO
It may be best to print these instruction and then follow from that printed copy—and print from the version on the web site resource URL perhaps too in case they update something with it since after my post here.
This is the detail that explains what options to pick once the bootdisk starts booting to find and point to the internal hard drive and pick the current Windows OS objects to blank out the LOCAL user accounts on that Windows OS on the hard drive.
This part may seem complex or involved at first, but just let the bootdisk boot up and go through the screen until it prompts or waits for you to tell it what to do. Look over these instructions and just pick the appropriate options as instructed—it should make sense so just read it over until you get it.
Typically though you'll. . .
a. pick the Windows disk partition on the hard drive the bootdisk
inspects
b. from the list of usernames it finds, type the name of the account
you'll change (e.g. administrator, jsmith, etc.)
c. from the next list, it'll tell you if the account is disabled, expired, etc. so you know what you'll need change to reset it for specifically to ensure you can sign on with it afterwards when booted back to Windows
d. on the next screen you'll want to unlock the account, blank the password on the account or set account as local administrator (option 1, 3, and 4).
i. you may need to do step "d." one time per action and then pick the username of the account again for the next action if it needs
more than one action completed (e.g. blank password, unlock account,
etc.)ii. I'd just steer clear of setting passwords here and just do that through Windows Control Panel once you get signed onto Windows with a blank password as administrator, etc.
e. be sure you select "Y" to save your changes to and then when the PC reboots, let it reboot to Windows and then sign on with the blank password to the account you changed with the bootdisk.
If it doesn't work, boot to the bootdisk and do it again, maybe you didn't pick some option so it didn't do what you expected it to. Since you're factory wiping this hard drive anyway, there should not be much danger in loosing anything or corrupting anything as then you'd just reimage/factory reset it again.
Resource: http://pogostick.net/~pnh/ntpasswd/walkthrough.html
Offline NT Password & Registry Editor, Walkthrough
2014, NOTE: This is now a bit old, some are the same, some look a bit different..
The following is a walkthrough of using the CD to reset one user (admin) on a test Vista computer.
Insert the CD and convince your BIOS that it should boot from it. How to boot from a CD varies from computer make to computer make, so I cannot help you much. Some BIOS shows a boot device select menu if you press ESC, F8, F11 or F12 or something like that during the self test. (some even tell you on the screen what to press)
If it boots, you should see this:
ISOLINUX 3.51 2007-06-10 Copyright (C) 1994-2007 H. Peter Anvin
*************************************************************************** * * * Windows NT/2k/XP/Vista Change Password / Registry Editor / Boot CD * *
* * (c) 1998-2007 Petter Nordahl-Hagen. Distributed under GNU GPL v2 * *
* * DISCLAIMER: THIS SOFTWARE COMES WITH ABSOLUTELY NO WARRANTIES! * * THE AUTHOR CAN NOT BE HELD RESPONSIBLE FOR ANY DAMAGE * * CAUSED BY THE (MIS)USE OF THIS SOFTWARE
* * * * More info at: http://pogostick.net/~pnh/ntpasswd/ * * Email : pnh@pogostick.net * * * * CD build date: Sun Sep 23 14:15:35 CEST 2007 * ***************************************************************************
Press enter to boot, or give linux kernel boot options first if needed. Some that I have to use once in a while: boot nousb
- to turn off USB if not used and it causes problems boot irqpoll - if some drivers hang with irq problem messages boot nodrivers - skip automatic disk driver loading
boot: Usually just press enter here. If you have linux knowledge, you can tweak kernel options if you need/like.
Then it boots and outputs a lot of kernel messages about your hardware and such.. most if not all are nothing to worry about.
Loading vmlinuz.................. Loading scsi.cgz.........................
Loading initrd.cgz.......... Ready. Linux version 2.6.22.6 (root@athene) (gcc version 4.1.1 20060724 (prerelease) (4.1.1-3mdk))
#2 Sun Sep 9 16:59:48 CEST 2007 BIOS-provided physical RAM map: BIOS-e820: 0000000000000000 - 000000000009f800 (usable) BIOS-e820: 000000000009f800 - 00000000000a0000 (reserved) BIOS-e820: 00000000000ca000 - 00000000000cc000 (reserved) BIOS-e820: 00000000000dc000 - 0000000000100000 (reserved) BIOS-e820: 0000000000100000 - 00000000316f0000 (usable) BIOS-e820: 00000000316f0000 - 00000000316ff000 (ACPI data) BIOS-e820: 00000000316ff000 - 0000000031700000 (ACPI NVS) BIOS-e820: 0000000031700000 - 0000000031800000 (usable) BIOS-e820: 00000000fec00000 - 00000000fec10000 (reserved) BIOS-e820: 00000000fee00000 - 00000000fee01000 (reserved) BIOS-e820: 00000000fffe0000 - 0000000100000000 (reserved) 792MB LOWMEM available. Zone PFN ranges:
DMA 0 -> 4096
Normal 4096 -> 202752 early_node_map[1] active PFN ranges
...
Serial: 8250/16550 driver $Revision: 1.90 $ 4 ports, IRQ sharing enabled serial8250: ttyS0 at I/O 0x3f8 (irq = 4) is a 16550A Floppy drive(s): fd0 is 1.44M FDC 0 is a post-1991 82077 RAMDISK driver initialized: 16 RAM disks of 32000K size 1024 blocksize USB Universal Host Controller Interface driver v3.0 Initializing USB Mass Storage driver... usbcore: registered new interface driver usb-storage USB Mass Storage support registered. serio: i8042 KBD port at 0x60,0x64 irq 1 serio: i8042 AUX port at 0x60,0x64 irq 12 usbcore: registered new interface driver usbhid drivers/hid/usbhid/hid-core.c: v2.6:USB HID core driver Using IPI Shortcut mode BIOS EDD facility v0.16 2004-Jun-25, 1 devices found Freeing unused kernel memory: 144k freed Booting ntpasswd Mounting: proc sys Ramdisk setup complete, stage separation.. In stage 2 Spawning shells on console 2 - 6 Initialization complete!
** Preparing driver modules to dir /lib/modules/2.6.22.6 input: AT Translated Set 2 keyboard as /class/input/input0
Most of the generic linux boot now done, and we try to load the disk drivers. If you use the floppy version you will be asked to swap floppies at this point. Drivers are then tried based on PCI hardware indentification.
** Will now try to auto-load relevant drivers based on PCI information
---- AUTO DISK DRIVER select ---- --- PROBE FOUND THE FOLLOWING DRIVERS: ata_piix ata_generic mptspi --- TRYING TO LOAD THE DRIVERS ### Loading ata_piix scsi0 : ata_piix scsi1 : ata_piix ata1: PATA max UDMA/33 cmd 0x000101f0 ctl 0x000103f6 bmdma 0x00011050 irq 14 ata2: PATA max UDMA/33 cmd 0x00010170 ctl 0x00010376 bmdma 0x00011058 irq 15 ata2.00: ATAPI: VMware Virtual IDE CDROM Drive, 00000001, max UDMA/33 ata2.00: configured for UDMA/33 scsi 1:0:0:0: CD-ROM NECVMWar VMware IDE CDR10 1.00 PQ: 0 ANSI: 5 sr0: scsi3-mmc drive: 1x/1x xa/form2 cdda tray Uniform CD-ROM driver Revision: 3.20
### Loading ata_generic
### Loading mptspi Fusion MPT base driver 3.04.04 Copyright (c) 1999-2007 LSI Logic Corporation Fusion MPT SPI Host driver 3.04.04 PCI: Found IRQ 9 for device 0000:00:10.0 mptbase: Initiating ioc0 bringup ioc0: 53C1030: Capabilities={Initiator} scsi2 : ioc0: LSI53C1030, FwRev=01032920h, Ports=1, MaxQ=128, IRQ=9 scsi 2:0:0:0: Direct-Access VMware, VMware Virtual S 1.0 PQ: 0 ANSI: 2 target2:0:0: Beginning Domain Validation target2:0:0: Domain Validation skipping write tests target2:0:0: Ending Domain Validation target2:0:0: FAST-40 WIDE SCSI 80.0 MB/s ST (25 ns, offset 127) sd 2:0:0:0: [sda] 83886080 512-byte hardware sectors (42950 MB) sd 2:0:0:0: [sda] Write Protect is off sd 2:0:0:0: [sda] Cache data unavailable sd 2:0:0:0: [sda] Assuming drive cache: write through sd 2:0:0:0: [sda] 83886080 512-byte hardware sectors (42950 MB) sd 2:0:0:0: [sda] Write Protect is off sd 2:0:0:0: [sda] Cache data unavailable sd 2:0:0:0: [sda] Assuming drive cache: write through sda: sda1 sd 2:0:0:0: [sda] Attached SCSI disk
Most of these messages are from the drivers themselves. Some talk a lot, some doesn't. But all give info on the brand and model and size of the disks found, if any.
------------------------------------------------------------- Driver load done, if none loaded, you may try manual instead.
-------------------------------------------------------------
** If no disk show up, you may have to try again (d option) or manual (m).
You can later load more drivers..
************************************************************************* * Windows Registry Edit Utility Floppy / chntpw * * (c) 1997 - 2007 Petter N Hagen - pnh@pogostick.net * * GNU GPL v2 license, see files on CD * * * * This utility will enable you to change or blank the password of * * any user (incl. administrator) on an Windows NT/2k/XP/Vista * * WITHOUT knowing the old password. * * Unlocking locked/disabled accounts also supported. * * * * It also has a registry editor, and there is now support for * * adding and deleting keys and values. * * * * Tested on: NT3.51 & NT4: Workstation, Server, PDC. * * Win2k Prof & Server to SP4. Cannot change AD. * * XP Home & Prof: up to SP2 * * Win 2003 Server (cannot change AD passwords) * * Vista 32 and 64 bit * * * * HINT: If things scroll by too fast, press SHIFT-PGUP/PGDOWN ... * *************************************************************************
========================================================= There are several steps to go through:
- Disk select with optional loading of disk drivers
- PATH select, where are the Windows systems files stored
- File-select, what parts of registry we need
- Then finally the password change or registry edit itself
- If changes were made, write them back to disk
DON'T PANIC! Usually the defaults are OK, just press enter
all the way through the questions
========================================================= ¤ Step ONE: Select disk where the Windows installation is
=========================================================
Disks: Disk /dev/sda: 42.9 GB, 42949672960 bytes
Candidate Windows partitions found: 1 : /dev/sda1 40958MB BOOT
Here it has found one disk with one partition
Please select partition by number or q = quit d = automatically start disk drivers m = manually select disk drivers to load f = fetch additional drivers from floppy / usb a = show all partitions found l = show propbable Windows (NTFS) partitions only Select: [1]
Here you select one of the partitions listed above (in this case there is only one) or one of the letters from the menu.
Floppy users may need to do 'f' to load in more drivers from another floppy.
The 'd' option will re-run the PCI scan and start relevant drivers (they must already be loaded from floppy with 'f' option)
The 'm' for manual load will present a list of all the drivers with short description if available, and allow you to specify which to load. (Dependecies are handled automatically)
Here we only have one partition, so we just press enter to select it.
Selected 1
Mounting from /dev/sda1, with filesystem type NTFS
NTFS volume version 3.1.
It was an NTFS filesystem, and it mounted successfully.
========================================================= ¤ Step TWO: Select PATH and registry files
========================================================= What is the path to the registry directory? (relative to windows disk) [WINDOWS/system32/config] :
The registry is usually system32/config under WINDOWS or WINNT directory, depending on the windows version (and it may be changed during installation). If the correct partition has been selected, the default prompt will be adjusted to match if it can find one of the usual variants.
We accept the defaults.. and get a (bit filtered) directory listing showing most of the interesting registry files
-rw------- 2 0 0 262144 Feb 28 2007 BCD-Template
-rw------- 2 0 0 6815744 Sep 23 12:33 COMPONENTS -rw------- 1 0 0 262144 Sep 23 12:33 DEFAULT drwx------ 1 0 0 0 Nov 2 2006 Journal drwx------ 1 0 0 8192 Sep 23 12:33 RegBack
-rw------- 1 0 0 524288 Sep 23 12:33 SAM -rw------- 1 0 0 262144 Sep 23 12:33 SECURITY -rw------- 1 0 0 15728640 Sep 23 12:33 SOFTWARE -rw------- 1 0 0 9175040 Sep 23 12:33 SYSTEM drwx------ 1 0 0 4096 Nov 2 2006 TxR drwx------ 1 0 0 4096 Feb 27 2007 systemprofile
Select which part of registry to load, use predefined choices or list the files with space as delimiter 1 - Password reset [sam system security] 2 - RecoveryConsole parameters [software] q - quit - return to previous [1] :
Choice 1 is for password edit, most used. But if you wish, you can load any of the files (just enter it's name) and do manual registry edit on them.
But here, we select 1 for password edit, some files are copied around into memory and the edit application is invoked.
Selected files: sam system security Copying sam system security to /tmp
========================================================= ¤ Step THREE: Password or registry edit
========================================================= chntpw version 0.99.5 070923 (decade), (c) Petter N Hagen Hive name (from header): <SystemRootSystem32ConfigSAM> ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf> Page at 0x44000 is not 'hbin', assuming file contains garbage at end File size 524288 [80000] bytes, containing 11 pages (+ 1 headerpage) Used for data: 288/250904 blocks/bytes, unused: 15/23176 blocks/bytes.
Hive name (from header): <SYSTEM> ROOT KEY at offset: 0x001020 * Subkey indexing type is: 686c <lh> Page at 0x8b4000 is not 'hbin', assuming file contains garbage at end File size 9175040 [8c0000] bytes, containing 2117 pages (+ 1 headerpage) Used for data: 96982/6224016 blocks/bytes, unused: 4381/2830032 blocks/bytes.
Hive name (from header): <emRootSystem32ConfigSECURITY> ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf> Page at 0x6000 is not 'hbin', assuming file contains garbage at end File size 262144 [40000] bytes, containing 5 pages (+ 1 headerpage) Used for data: 334/17312 blocks/bytes, unused: 7/3008 blocks/bytes.
* SAM policy limits: Failed logins before lockout is: 0 Minimum password length : 0 Password history count : 0
======== chntpw Main Interactive Menu ========
Loaded hives:
1 - Edit user data and passwords
2 - Syskey status & change
3 - RecoveryConsole settings
- - -
9 - Registry editor, now with full write support!
q - Quit (you will be asked if there is something to save)
What to do? [1] ->
This demo shows selection 1 for password edit, but you can also do other things. Note that 2, Syskey may be dangerous! AND NOT NEEDED TO RESET PASSWORDS! and does not work at all on Vista, but you get some info before you do any changes.
Selection 3, RecoveryConsole is only relevant for Win2k, XP and 2003 and you must have selected to load the SOFTWARE part of the registry (selection 2) earlier.
The manual registry editor is always available, it is not the most user-friendly thing, but anyway..
We continue our quest to change our "admin" users password..
===== chntpw Edit User Info & Passwords ====
| RID -|---------- Username ------------| Admin? |- Lock? --| | 03e8 | admin | ADMIN | | | 01f4 | Administrator | ADMIN | dis/lock | | 03ec | grumf1 | | | | 03ed | grumf2 | | | | 03ee | grumf3 | | | | 01f5 | Guest | | dis/lock | | 03ea | jalla1 | ADMIN | *BLANK* | | 03eb | jalla2 | | *BLANK* | | 03e9 | petro | ADMIN | *BLANK* |
This is a list of all local users on the machine. You may see more users here than in the overly user-friendly control panel, for example XP has some help and support built in users. The users marked "ADMIN" are members of the administrators group, which means they have admin rights, if you can login to one of them you can get control of the machine.
The buildt in (at install time in all windows versions) administrator is always RID 01f4. This example is from Vista, and Vista by default has this locked down (the installer instead asks and makes another user the regular use administrator, in this case RID 03e8)
The "lock?" collumn show if the user account is disabled or locked out (due to many logon attempts for example) or BLANK if the password seems to be blank.
We select to edit the "admin" user (this was the user made administrator by the Vista installer)
Select: ! - quit, . - list users, 0x - User with RID (hex) or simply enter the username to change: [Administrator] admin
RID : 1000 [03e8] Username: admin fullname: comment : homedir :
User is member of 1 groups: 00000220 = Administrators (which has 4 members)
Group 220 is THE BOSS GROUP! :)
Account bits: 0x0214 = [ ] Disabled | [ ] Homedir req. | [X] Passwd not req. | [ ] Temp. duplicate | [X] Normal account | [ ] NMS account | [ ] Domain trust ac | [ ] Wks trust act. | [ ] Srv trust act | [X] Pwd don't expir | [ ] Auto lockout | [ ] (unknown 0x08) | [ ] (unknown 0x10) | [ ] (unknown 0x20) | [ ] (unknown 0x40) |
Failed login count: 0, while max tries is: 0 Total login count: 3
Some status info, user is locked out if "Disabled" is set or "Failed login count" is larger than "max tries" policy setting. This user is not locked in any way. The lockout can be reset with option 4 below.
- - - - User Edit Menu: 1 - Clear (blank) user password 2 - Edit (set new) user password (careful with this on XP or Vista) 3 - Promote user (make user an administrator) (4 - Unlock and enable user account) [seems unlocked already] q - Quit editing user, back to user select Select: [q] > 1 Password cleared!
Here we just reset/clear/blank the password. But you can also try to set a new password with option 2, but it will only work if the password is not blank already. Also, it often fails to work on XP and newer systems.
Number 3 is to put a non-admin user into the administrators (220) group, thus making the user an administrator. IT IS STILL EXPERIMENTAL AND IT MAY sometimes RESULT IN STRANGE ERRORS WHEN LATER EDITING THE GROUP FROM WINDOWS! Also, usually pointless in promoting the Guest user, as it is most likely forbidden to log in by the security policy settings.
Select: ! - quit, . - list users, 0x - User with RID (hex) or simply enter the username to change: [Administrator] !
Exclamation point ! quits out (it's SHIFT 1 on the US keyboard layout used on the boot CD) Then we get back to the main menu, and select to quit..
======== chntpw Main Interactive Menu ========
Loaded hives: <sam> <system> <security>
1 - Edit user data and passwords
2 - Syskey status & change
3 - RecoveryConsole settings
- - -
9 - Registry editor, now with full write support!
q - Quit (you will be asked if there is something to save)
What to do? [1] -> q
Hives that have changed: # Name 0 - OK
========================================================= ¤ Step FOUR: Writing back changes
========================================================= About to write file(s) back! Do it? [n] : y
You must answer y, or the changes will not be saved. This is the last chance to change your mind!
Writing sam
Only changed files of the registry are actually written back.
If you forgot something, you may run again, else press CTRL-ALT-DEL to reboot.
***** EDIT COMPLETE *****
You can try again if it somehow failed, or you selected wrong New run? [n] : n
=========================================================
* end of scripts.. returning to the shell.. * Press CTRL-ALT-DEL to reboot now (remove floppy first) * or do whatever you want from the shell.. * However, if you mount something, remember to umount before reboot * You may also restart the script procedure with 'sh /scripts/main.sh'
(Please ignore the message about job control, it is not relevant)
BusyBox v1.1.0-pre1 (2005.12.30-19:45+0000) Built-in shell (ash) Enter 'help' for a list of built-in commands.
sh: can't access tty; job control turned off And I got about a gazillion questions on this error message, even if it is mentioned in the FAQ It is from the shell telling it cannot do "job control" which means it cannot handle CTRL-C etc. It HAS NOTHING TO DO WITH YOUR PASSWORD RESET DID NOT WORK! That is caused by a lot of other things.
add a comment |
You can gain command line access (in SYSTEM context) to a Windows computer by changing a couple of registry values. You can then reset passwords, create new accounts, run cracking tools, and so on.
This is the short version, for advanced users and sysadmins:
1) Boot to Windows 7 from the installation or repair DVD, or from Windows PE 3 boot media, or from a Windows 7 installation on another HDD. (If the target OS is Vista, use the Vista installation DVD, or Windows PE 2, or another Vista installation. If the target OS is Windows XP, use Windows PE or another Windows XP installation.)
2) Load the SYSTEM registry hive from the target OS. Back it up first.
3) In the Setup key, change SetupType to 2 and CmdLine to cmd.exe.
4) Boot the target OS. You’ll get a command-line window in system context.
There are more details here including instructions for non-experts on using this technique to reset a password. (Remember that resetting a password will result in the loss of all encrypted files and data.)
add a comment |
You can reset your password using another tool called Hiren's BootCD.
Download Hiren's Boot from here, unzip it and use BurnCDCC.exe to burn the ISO to a DVD.
Boot using Hiren's Boot on your locked PC and in the menu shown select Offline NT/2000/XP/Vista/7 Password Changer and click Enter twice (for confirmation and to continue for the list of Linux Kernel Boot).
In the following prompt select the correct drive where the Windows is installed. Press Enter to confirm that your registry directory is Windows/system32/config
.
On the chntpw Main Interactive Menu select [1] for Edit user data and passwords
Select the user you want to reset the password by typing the username and hitting Enter
There you have a list of options for this user. [1] should be for Clear the password.
After successfully resetting your forgotten Windows password, type “!” to close the User Editor Tool.
Now type “q” and hit Enter to close the Offline Password Editor and Registry tool.
Now type “y” and hit Enter to confirm the password change.
Now it will ask you whether you want to use it again or not. Just type “n” and hit Enter.
Remove your CD and restart the PC and your user shouldn't have a password anymore.
Hope this helps you.
Hiren's is considered pirated software as of the date you posted.
– Moab
Aug 16 '16 at 21:54
add a comment |
Windows Boot Genius - Recovers your lost Windows local administrator/user passwords in Windows 8.1, 8, 7, Vista, XP.
Password Recovery Bundle - Instantly bypass, unlock or reset lost administrator and other account passwords on any Windows 8, 7, 2008, Vista, XP, 2003, 2000 system, if you forgot Windows password and couldn't log into the computer. It can also reset Windows domain administrator/user password for Windows 2012 / 2008 / 2003 / 2000 Active Directory servers.
Renee Passnow - Use PassNow which is independent of Windows system: reset login password, clone hard disk, create disk partition or format disk, erase data and fix system startup problems.
None of these are free as of 2016
– Moab
Aug 16 '16 at 21:57
add a comment |
Adding an answer to cover the method that worked for me (which is not yet fully covered in other answers here). This works for Windows 7, later versions of windows have this exploit closed.
I attempted some other procedures listed in other answers without success. What worked for me was the replace sethc.exe (sticky keys) with cmd.exe hack/trick. But I had to do this through using Notepad.exe which is run to view logfiles after system recovery. Other techniques to get in on command-line as admin with drive mounted didn't work so I had to use this Notepad trick.
Procedure:
Shutdown and reboot. When Windows starting is seen hold down the power button and power off.
Power on. Windows boot should report that last Windows start up failed so it will give the option of "Launch startup repair". Choose this option.
Cancel the Startup Repair. Cancel the System Restore.
A report dialog will show reporting repair could not be done. In there expand "View problem details". Under problem details a link to x:/windows/... log file is shown. Click on this.
Notepad.exe opens showing the logfile. This Notepad is running as Administrator and the mounted filesystem x: is your hard disk.
5.1 Notepad: File - Open - browse to X:/Windows/system32 - scroll to sethc.exe
5.2 Right-click on sethc.exe and rename to sethc-BACKUP.exe
5.3 Scroll to cmd.exe. Right-click on cmd.exe. Copy. Right click. Paste.
5.4. When I pasted cmd.exe the command-line ran (as Administrator) so I did 'cd x:/Windows/system32' and then 'copy cmd.exe sethc.exe' on command-line.
5.4-1 If you prefer not command-line then just use Notepad File Open browser and make a copy of cmd.exe and rename it to sethc.exe
Reboot without any funny stuff.
At login page hit shift key 5 times or more triggering sticky keys. Instead of sticky keys prompt a command-line dialog appears. Running as Administrator. 'net user Administrator *' to set the password.
Good description with screenshots of the procedure here:
http://null-byte.wonderhowto.com/how-to/hack-windows-7-become-admin-0160151/
Background: The Administrator password with laptop was not known by owner. They had a user account with admin privs so didn't find the need of it. UNTIL the windows login page stopped showing their user! We are guessing the User profile became corrupt or had something bad in it.
I attempted a series of procedures before getting the Notepad+sticky keys replace hack to work. For the record here they are (and the problem I encountered with them):
When trying to log in as Administrator after an incorrect password you are prompted to insert rescue disk (in order to reset password). We had a Windows 7 rescue disk on cd. But the prompt asked for floppy or USB. I had no handy USB stick and was too lazy to go shopping and messing with creating USB boot disk.
Using system repair disk to get in on command-line did not allow the replacing of sethc.exe with cmd.exe trick/hack. Or allow resetting admin password 'net use Administrator *'. The command-line was running as admin but not as the real admin on machine more as the system repair admin and the disk did not seem to be mounted with full access . . . ~ not sure ~
Using linux system rescue cd (https://www.system-rescue-cd.org (version 4.8.2)) I could not mount the drive. I would kindof see it was a GPT partitioned drive - tools ntfs-3g gparted sfdisk should work with GPT but didn't. This computer has a prompt for username + domain + password before windows starts so not sure but maybe there is some extra security (which is needed to mount drive?)
What eventually DID work was follow system recover sequence (no external/additional cd needed) at end view logfile (opens in Notepad). Then do file open - browse to cmd.exe - copy - paste - overwrite sethc.exe. Then reboot - trigger sticky keys - set password using command-line 'net user Administrator *'.
In conclusion, this solution doesn't require you to have any extra boot or repair CD. It is very portable :-) It is pretty simple. So it is probably worth trying as one of the first password recovery methods.
The PC I'm using has the sticky keys shortcut disabled. I tried this, and when I got to login, clicked the ease of access centre to launch sticky keys, but just got an error message. Went to system repair to undo my dirty work, and this time was prompted for a password before I could even launch system repair. Seems like I pissed windows off...
– Some_Guy
Jun 18 '18 at 2:17
add a comment |
Use Kon-Boot to boot into the system bypassing the login. After you login change to your required password.
5
please be more precise in your Answer! Explain how to use konboot and how to change the password afterwards!
– Simon
Apr 26 '13 at 6:30
1
Konboot is a simple CD, just boot the disk. It will bypass the Windows password when you normally would be asked for one.
– Jeff Clayton
Dec 31 '14 at 22:10
To change the password is simple too, just go to the control panel and look for Users and Groups to edit.
– Jeff Clayton
Dec 31 '14 at 22:11
You can change the password for any user there.
– Jeff Clayton
Dec 31 '14 at 22:12
Kon Boot is no longer Free........
– Moab
Aug 16 '16 at 21:56
add a comment |
Some of the answers here are quite complicated for some. The easiest way I know is to use windows password rescuer..
how to use explanation are all here:
http://www.daossoft.com/documents/how-to-use-windows-password-rescuer-personal.html
EDIT: As suggested in the comment here is what you need.
Another computer
Windows Password Rescuer Software
A USB disk or a CD/DVD
Steps:
- Download the tool from the Daosoft website http://www.daossoft.com/products/windows-password-rescuer.html .
- Install it on an available computer then run it.
- Create a password recovery disk (USB flash drive or a CD/DVD) using the tool..
- choose between the media types depending on what u have (USB flash drive or a CD/DVD).. choose which drive it is on then on the step 2 click on begin burning..
- when it is done remove the USB flash drive or the CD/DVD used
- Now on the computer to be repaired boot it to CD/DVD or USB disk depending on the recovery disk made.
- Restart your computer.. recovery disk should already be inserted.
- It should boot through your recovery disk
- on the ui choose the windows which is affected.
- next choose the account you want to reset
- then click on reset password, a prompt will appear asking you for confirmation on resetting that account's password - click on yes
- on the table the account chosen should have the word blank on password
- Click on reboot. There will be a confirmation window telling you can eject the recovery disk.. eject it then click yes.
You should have no problems logging in your account now.
2
Your answer looks simple because you don't tell the details on how to rescue the password using the tool. Should the link you provided break in the future your answer would be worthless.
– zagrimsan
Sep 13 '16 at 7:01
add a comment |
One more tip. For Windows 8 and Windows 10, the preferred the login method is with Microsoft account. So you can reset the password and use the new for login.
Microsoft account password reset page: https://account.live.com/password/reset
For local windows account, you can reset the password by following this tutorial.
add a comment |
Reset Admin-Password Windows 8.1, November 2016
I'd prefer to answer to this question, because it is about Windows 8.1 and not 7, but it has been closed unwisely.
To avoid any misunderstanding: I needed to recover a Win 8.1 admin-pw.
If you try this answer: https://superuser.com/a/952224/82741 , and its Option 1, you'll find, that the trick no longer works.
The last step, when @td512 suggests to use net user ...
, it did not work in my case. Instead, I found that I can have a GUI from Windows to change the PW: type control userpasswords2
, which made it appear, instead of net user ...
.
add a comment |
i had this problem in past but i found a way to break the password.you just download this and read README.txt file you will get all easy steps using which you can break your password. still i am writing a steps for you :
STEPS:
step 1 : download the file from here
step 2 :copy all downloaded files in you removable disk (pen drive)
step 3 :open a command prompt write this line: h:syslinux.exe -ma h: (replace "h" with your removable drive like i,j,G)
step 4:insert a pen drive in your targeted PC and boot this pen drive(legacy must be ON).
step 5: click enter though out all the steps until you get instruction like clear password.
step 6:after getting this step clear password.complete this step and restart your system now it will not ask a password to enter and computer will start.
add a comment |
protected by Jeff Atwood Jun 7 '10 at 6:51
Thank you for your interest in this question.
Because it has attracted low-quality or spam answers that had to be removed, posting an answer now requires 10 reputation on this site (the association bonus does not count).
Would you like to answer one of these unanswered questions instead?
15 Answers
15
active
oldest
votes
15 Answers
15
active
oldest
votes
active
oldest
votes
active
oldest
votes
- If you have an Ubuntu live CD you can reset it using
chntpw
application - You can use Bart's PE + Password Renew to reset the password
- You can use Offline NT Password Editor to reset the password.
Detailed instructions on using any of the 3 are available over here.
this answer should have gotten a check. if it didn't it means you were looking for recovery, not reset. that takes WAY longer and involves rainbow tables or lophtcrack with syskey and registry dumps...way beyond the scope of a superuser question but I have you a starting point for some google queries
– RobotHumans
Oct 20 '10 at 3:04
18
To expand on aking1012's comment, users should keep in mind that resetting a Windows password results in the permanent loss of all encrypted files and data. Most of the time this isn't a big deal, but it can be.
– Harry Johnston
Sep 7 '11 at 21:22
@HarryJohnston The password can be reset without losing access to encrypted data (files, certificates, etc.) by using a pass-the-hash technique. See description here. I couldn't find a ready made tool to do it right now, so I'm just writing a comment.
– David Balažic
Apr 4 '15 at 15:56
@DavidBalažic: that appears to be AD only, so not applicable to most home users.
– Harry Johnston
Apr 5 '15 at 2:27
add a comment |
- If you have an Ubuntu live CD you can reset it using
chntpw
application - You can use Bart's PE + Password Renew to reset the password
- You can use Offline NT Password Editor to reset the password.
Detailed instructions on using any of the 3 are available over here.
this answer should have gotten a check. if it didn't it means you were looking for recovery, not reset. that takes WAY longer and involves rainbow tables or lophtcrack with syskey and registry dumps...way beyond the scope of a superuser question but I have you a starting point for some google queries
– RobotHumans
Oct 20 '10 at 3:04
18
To expand on aking1012's comment, users should keep in mind that resetting a Windows password results in the permanent loss of all encrypted files and data. Most of the time this isn't a big deal, but it can be.
– Harry Johnston
Sep 7 '11 at 21:22
@HarryJohnston The password can be reset without losing access to encrypted data (files, certificates, etc.) by using a pass-the-hash technique. See description here. I couldn't find a ready made tool to do it right now, so I'm just writing a comment.
– David Balažic
Apr 4 '15 at 15:56
@DavidBalažic: that appears to be AD only, so not applicable to most home users.
– Harry Johnston
Apr 5 '15 at 2:27
add a comment |
- If you have an Ubuntu live CD you can reset it using
chntpw
application - You can use Bart's PE + Password Renew to reset the password
- You can use Offline NT Password Editor to reset the password.
Detailed instructions on using any of the 3 are available over here.
- If you have an Ubuntu live CD you can reset it using
chntpw
application - You can use Bart's PE + Password Renew to reset the password
- You can use Offline NT Password Editor to reset the password.
Detailed instructions on using any of the 3 are available over here.
edited Nov 1 '11 at 11:13
answered Nov 18 '09 at 18:46
Sathyajith Bhat♦
52.6k29154252
52.6k29154252
this answer should have gotten a check. if it didn't it means you were looking for recovery, not reset. that takes WAY longer and involves rainbow tables or lophtcrack with syskey and registry dumps...way beyond the scope of a superuser question but I have you a starting point for some google queries
– RobotHumans
Oct 20 '10 at 3:04
18
To expand on aking1012's comment, users should keep in mind that resetting a Windows password results in the permanent loss of all encrypted files and data. Most of the time this isn't a big deal, but it can be.
– Harry Johnston
Sep 7 '11 at 21:22
@HarryJohnston The password can be reset without losing access to encrypted data (files, certificates, etc.) by using a pass-the-hash technique. See description here. I couldn't find a ready made tool to do it right now, so I'm just writing a comment.
– David Balažic
Apr 4 '15 at 15:56
@DavidBalažic: that appears to be AD only, so not applicable to most home users.
– Harry Johnston
Apr 5 '15 at 2:27
add a comment |
this answer should have gotten a check. if it didn't it means you were looking for recovery, not reset. that takes WAY longer and involves rainbow tables or lophtcrack with syskey and registry dumps...way beyond the scope of a superuser question but I have you a starting point for some google queries
– RobotHumans
Oct 20 '10 at 3:04
18
To expand on aking1012's comment, users should keep in mind that resetting a Windows password results in the permanent loss of all encrypted files and data. Most of the time this isn't a big deal, but it can be.
– Harry Johnston
Sep 7 '11 at 21:22
@HarryJohnston The password can be reset without losing access to encrypted data (files, certificates, etc.) by using a pass-the-hash technique. See description here. I couldn't find a ready made tool to do it right now, so I'm just writing a comment.
– David Balažic
Apr 4 '15 at 15:56
@DavidBalažic: that appears to be AD only, so not applicable to most home users.
– Harry Johnston
Apr 5 '15 at 2:27
this answer should have gotten a check. if it didn't it means you were looking for recovery, not reset. that takes WAY longer and involves rainbow tables or lophtcrack with syskey and registry dumps...way beyond the scope of a superuser question but I have you a starting point for some google queries
– RobotHumans
Oct 20 '10 at 3:04
this answer should have gotten a check. if it didn't it means you were looking for recovery, not reset. that takes WAY longer and involves rainbow tables or lophtcrack with syskey and registry dumps...way beyond the scope of a superuser question but I have you a starting point for some google queries
– RobotHumans
Oct 20 '10 at 3:04
18
18
To expand on aking1012's comment, users should keep in mind that resetting a Windows password results in the permanent loss of all encrypted files and data. Most of the time this isn't a big deal, but it can be.
– Harry Johnston
Sep 7 '11 at 21:22
To expand on aking1012's comment, users should keep in mind that resetting a Windows password results in the permanent loss of all encrypted files and data. Most of the time this isn't a big deal, but it can be.
– Harry Johnston
Sep 7 '11 at 21:22
@HarryJohnston The password can be reset without losing access to encrypted data (files, certificates, etc.) by using a pass-the-hash technique. See description here. I couldn't find a ready made tool to do it right now, so I'm just writing a comment.
– David Balažic
Apr 4 '15 at 15:56
@HarryJohnston The password can be reset without losing access to encrypted data (files, certificates, etc.) by using a pass-the-hash technique. See description here. I couldn't find a ready made tool to do it right now, so I'm just writing a comment.
– David Balažic
Apr 4 '15 at 15:56
@DavidBalažic: that appears to be AD only, so not applicable to most home users.
– Harry Johnston
Apr 5 '15 at 2:27
@DavidBalažic: that appears to be AD only, so not applicable to most home users.
– Harry Johnston
Apr 5 '15 at 2:27
add a comment |
If you can find a Microsoft ERD 6.5 or 7.0 boot disk, it can reset the Windows 7 password. It has to match the bit version to work, 32 or 64-bit Windows 7.
ERD (Emergency Repair Disc) boot disk is part of the DaRT (Diagnostic and Recovery Toolset), which is part of MDOP (Microsoft Desktop Optimization Pack). These are not available to the public, but they can be found.
ERD comes in five versions currently:
- 5.0 for XP
- 6.0 for Vista
- 6.5 or 7.0 for Windows 7
- 8.0 for Windows 8, 8.1
- 10.0 for Windows 10
There is an alternative method for Windows 7; all you need is either a Windows 7 install disk, System Repair Disk or WinRE partition on the hard drive.
Use F8 or boot from the disc. Once RE loads, choose "Repair your Computer", then load Command Prompt and run these two commands. The second command you will get a prompt to overwrite; say "yes".
copy c:windowssystem32sethc.exe c:
copy c:windowssystem32cmd.exe c:windowssystem32sethc.exe
Restart the PC. When you reach the Login screen, hit the Shift key five times. A command window will open. Type the following:
net user (type the name of the account) (type any password)
and hit the Enter key, and when prompted to overwrite, type "Yes", and hit the Enter key again, and close the command window, and log on with the new password you just created.
After that you might want to put the original sticky key file back in its place, so go ahead and boot your PC with the repair CD or USB that you used earlier, and in the command prompt window type the following:
copy c:sethc.exe c:windowssystem32sethc.exe
press Enter, then when prompted to Overwrite, type "Yes" and hit the Enter key again, then close the window, and restart the PC.
Or if you prefer a 3rd party password cracker, here is a good one
"tested from NT3.5 up to Windows 8.1, including the server versions like 2003, 2008 and 2012. Also 64 bit windows supported."
1
Between this and the linux program that removes the password... I am surprised Microsoft wouldn't find a way to prevent these exploits if they claim to have Enterprise level security... though I guess one could argue that physical access controls are always required.
– BigOmega
Mar 19 '13 at 17:56
7
@ioSamurai Resetting the password makes you loose anything stored in secured storage (certificates, ect...), and as you said the 3rd law of computer security "If a bad guy has unrestricted physical access to your computer, it's not your computer anymore"
– Scott Chamberlain
Apr 29 '13 at 19:15
8
I just realized... you got that screenshot from Wikipedia, and I uploaded it to Wikipedia like 4 years ago. The circle of (internet) life!
– nhinkle♦
May 23 '13 at 16:57
2
Worked like a charm, However I was unable to change the password with the net user command. I was able to activate the admin account though and then login through that with this commandnet user administrator /active:yes
– Cosco Tech
Jul 20 '15 at 14:04
1
For me the system repair disk didn't allow admin password to be changed as it asked for repair disk on USB or floppy not DVD. Using system repair disk or running command-line after system recovery did not allow the replacing of sethc.exe with cmd.exe trick/hack. Using linux system rescue cd (4.8.2) I could not mount the drive - GPT partition - tools ntfs-3g gparted sfdisk should work with GPT but didn't. What eventually DID work was follow system recover sequence (no cd needed) at end view logfile (opens in Notepad). Then do file open - browse to cmd.exe - copy - paste - overwrite sethc.exe.
– gaoithe
Sep 26 '16 at 12:43
|
show 3 more comments
If you can find a Microsoft ERD 6.5 or 7.0 boot disk, it can reset the Windows 7 password. It has to match the bit version to work, 32 or 64-bit Windows 7.
ERD (Emergency Repair Disc) boot disk is part of the DaRT (Diagnostic and Recovery Toolset), which is part of MDOP (Microsoft Desktop Optimization Pack). These are not available to the public, but they can be found.
ERD comes in five versions currently:
- 5.0 for XP
- 6.0 for Vista
- 6.5 or 7.0 for Windows 7
- 8.0 for Windows 8, 8.1
- 10.0 for Windows 10
There is an alternative method for Windows 7; all you need is either a Windows 7 install disk, System Repair Disk or WinRE partition on the hard drive.
Use F8 or boot from the disc. Once RE loads, choose "Repair your Computer", then load Command Prompt and run these two commands. The second command you will get a prompt to overwrite; say "yes".
copy c:windowssystem32sethc.exe c:
copy c:windowssystem32cmd.exe c:windowssystem32sethc.exe
Restart the PC. When you reach the Login screen, hit the Shift key five times. A command window will open. Type the following:
net user (type the name of the account) (type any password)
and hit the Enter key, and when prompted to overwrite, type "Yes", and hit the Enter key again, and close the command window, and log on with the new password you just created.
After that you might want to put the original sticky key file back in its place, so go ahead and boot your PC with the repair CD or USB that you used earlier, and in the command prompt window type the following:
copy c:sethc.exe c:windowssystem32sethc.exe
press Enter, then when prompted to Overwrite, type "Yes" and hit the Enter key again, then close the window, and restart the PC.
Or if you prefer a 3rd party password cracker, here is a good one
"tested from NT3.5 up to Windows 8.1, including the server versions like 2003, 2008 and 2012. Also 64 bit windows supported."
1
Between this and the linux program that removes the password... I am surprised Microsoft wouldn't find a way to prevent these exploits if they claim to have Enterprise level security... though I guess one could argue that physical access controls are always required.
– BigOmega
Mar 19 '13 at 17:56
7
@ioSamurai Resetting the password makes you loose anything stored in secured storage (certificates, ect...), and as you said the 3rd law of computer security "If a bad guy has unrestricted physical access to your computer, it's not your computer anymore"
– Scott Chamberlain
Apr 29 '13 at 19:15
8
I just realized... you got that screenshot from Wikipedia, and I uploaded it to Wikipedia like 4 years ago. The circle of (internet) life!
– nhinkle♦
May 23 '13 at 16:57
2
Worked like a charm, However I was unable to change the password with the net user command. I was able to activate the admin account though and then login through that with this commandnet user administrator /active:yes
– Cosco Tech
Jul 20 '15 at 14:04
1
For me the system repair disk didn't allow admin password to be changed as it asked for repair disk on USB or floppy not DVD. Using system repair disk or running command-line after system recovery did not allow the replacing of sethc.exe with cmd.exe trick/hack. Using linux system rescue cd (4.8.2) I could not mount the drive - GPT partition - tools ntfs-3g gparted sfdisk should work with GPT but didn't. What eventually DID work was follow system recover sequence (no cd needed) at end view logfile (opens in Notepad). Then do file open - browse to cmd.exe - copy - paste - overwrite sethc.exe.
– gaoithe
Sep 26 '16 at 12:43
|
show 3 more comments
If you can find a Microsoft ERD 6.5 or 7.0 boot disk, it can reset the Windows 7 password. It has to match the bit version to work, 32 or 64-bit Windows 7.
ERD (Emergency Repair Disc) boot disk is part of the DaRT (Diagnostic and Recovery Toolset), which is part of MDOP (Microsoft Desktop Optimization Pack). These are not available to the public, but they can be found.
ERD comes in five versions currently:
- 5.0 for XP
- 6.0 for Vista
- 6.5 or 7.0 for Windows 7
- 8.0 for Windows 8, 8.1
- 10.0 for Windows 10
There is an alternative method for Windows 7; all you need is either a Windows 7 install disk, System Repair Disk or WinRE partition on the hard drive.
Use F8 or boot from the disc. Once RE loads, choose "Repair your Computer", then load Command Prompt and run these two commands. The second command you will get a prompt to overwrite; say "yes".
copy c:windowssystem32sethc.exe c:
copy c:windowssystem32cmd.exe c:windowssystem32sethc.exe
Restart the PC. When you reach the Login screen, hit the Shift key five times. A command window will open. Type the following:
net user (type the name of the account) (type any password)
and hit the Enter key, and when prompted to overwrite, type "Yes", and hit the Enter key again, and close the command window, and log on with the new password you just created.
After that you might want to put the original sticky key file back in its place, so go ahead and boot your PC with the repair CD or USB that you used earlier, and in the command prompt window type the following:
copy c:sethc.exe c:windowssystem32sethc.exe
press Enter, then when prompted to Overwrite, type "Yes" and hit the Enter key again, then close the window, and restart the PC.
Or if you prefer a 3rd party password cracker, here is a good one
"tested from NT3.5 up to Windows 8.1, including the server versions like 2003, 2008 and 2012. Also 64 bit windows supported."
If you can find a Microsoft ERD 6.5 or 7.0 boot disk, it can reset the Windows 7 password. It has to match the bit version to work, 32 or 64-bit Windows 7.
ERD (Emergency Repair Disc) boot disk is part of the DaRT (Diagnostic and Recovery Toolset), which is part of MDOP (Microsoft Desktop Optimization Pack). These are not available to the public, but they can be found.
ERD comes in five versions currently:
- 5.0 for XP
- 6.0 for Vista
- 6.5 or 7.0 for Windows 7
- 8.0 for Windows 8, 8.1
- 10.0 for Windows 10
There is an alternative method for Windows 7; all you need is either a Windows 7 install disk, System Repair Disk or WinRE partition on the hard drive.
Use F8 or boot from the disc. Once RE loads, choose "Repair your Computer", then load Command Prompt and run these two commands. The second command you will get a prompt to overwrite; say "yes".
copy c:windowssystem32sethc.exe c:
copy c:windowssystem32cmd.exe c:windowssystem32sethc.exe
Restart the PC. When you reach the Login screen, hit the Shift key five times. A command window will open. Type the following:
net user (type the name of the account) (type any password)
and hit the Enter key, and when prompted to overwrite, type "Yes", and hit the Enter key again, and close the command window, and log on with the new password you just created.
After that you might want to put the original sticky key file back in its place, so go ahead and boot your PC with the repair CD or USB that you used earlier, and in the command prompt window type the following:
copy c:sethc.exe c:windowssystem32sethc.exe
press Enter, then when prompted to Overwrite, type "Yes" and hit the Enter key again, then close the window, and restart the PC.
Or if you prefer a 3rd party password cracker, here is a good one
"tested from NT3.5 up to Windows 8.1, including the server versions like 2003, 2008 and 2012. Also 64 bit windows supported."
edited Dec 22 '16 at 8:41
Scott
15.6k113889
15.6k113889
answered Feb 19 '11 at 21:56
Moab
51k1494160
51k1494160
1
Between this and the linux program that removes the password... I am surprised Microsoft wouldn't find a way to prevent these exploits if they claim to have Enterprise level security... though I guess one could argue that physical access controls are always required.
– BigOmega
Mar 19 '13 at 17:56
7
@ioSamurai Resetting the password makes you loose anything stored in secured storage (certificates, ect...), and as you said the 3rd law of computer security "If a bad guy has unrestricted physical access to your computer, it's not your computer anymore"
– Scott Chamberlain
Apr 29 '13 at 19:15
8
I just realized... you got that screenshot from Wikipedia, and I uploaded it to Wikipedia like 4 years ago. The circle of (internet) life!
– nhinkle♦
May 23 '13 at 16:57
2
Worked like a charm, However I was unable to change the password with the net user command. I was able to activate the admin account though and then login through that with this commandnet user administrator /active:yes
– Cosco Tech
Jul 20 '15 at 14:04
1
For me the system repair disk didn't allow admin password to be changed as it asked for repair disk on USB or floppy not DVD. Using system repair disk or running command-line after system recovery did not allow the replacing of sethc.exe with cmd.exe trick/hack. Using linux system rescue cd (4.8.2) I could not mount the drive - GPT partition - tools ntfs-3g gparted sfdisk should work with GPT but didn't. What eventually DID work was follow system recover sequence (no cd needed) at end view logfile (opens in Notepad). Then do file open - browse to cmd.exe - copy - paste - overwrite sethc.exe.
– gaoithe
Sep 26 '16 at 12:43
|
show 3 more comments
1
Between this and the linux program that removes the password... I am surprised Microsoft wouldn't find a way to prevent these exploits if they claim to have Enterprise level security... though I guess one could argue that physical access controls are always required.
– BigOmega
Mar 19 '13 at 17:56
7
@ioSamurai Resetting the password makes you loose anything stored in secured storage (certificates, ect...), and as you said the 3rd law of computer security "If a bad guy has unrestricted physical access to your computer, it's not your computer anymore"
– Scott Chamberlain
Apr 29 '13 at 19:15
8
I just realized... you got that screenshot from Wikipedia, and I uploaded it to Wikipedia like 4 years ago. The circle of (internet) life!
– nhinkle♦
May 23 '13 at 16:57
2
Worked like a charm, However I was unable to change the password with the net user command. I was able to activate the admin account though and then login through that with this commandnet user administrator /active:yes
– Cosco Tech
Jul 20 '15 at 14:04
1
For me the system repair disk didn't allow admin password to be changed as it asked for repair disk on USB or floppy not DVD. Using system repair disk or running command-line after system recovery did not allow the replacing of sethc.exe with cmd.exe trick/hack. Using linux system rescue cd (4.8.2) I could not mount the drive - GPT partition - tools ntfs-3g gparted sfdisk should work with GPT but didn't. What eventually DID work was follow system recover sequence (no cd needed) at end view logfile (opens in Notepad). Then do file open - browse to cmd.exe - copy - paste - overwrite sethc.exe.
– gaoithe
Sep 26 '16 at 12:43
1
1
Between this and the linux program that removes the password... I am surprised Microsoft wouldn't find a way to prevent these exploits if they claim to have Enterprise level security... though I guess one could argue that physical access controls are always required.
– BigOmega
Mar 19 '13 at 17:56
Between this and the linux program that removes the password... I am surprised Microsoft wouldn't find a way to prevent these exploits if they claim to have Enterprise level security... though I guess one could argue that physical access controls are always required.
– BigOmega
Mar 19 '13 at 17:56
7
7
@ioSamurai Resetting the password makes you loose anything stored in secured storage (certificates, ect...), and as you said the 3rd law of computer security "If a bad guy has unrestricted physical access to your computer, it's not your computer anymore"
– Scott Chamberlain
Apr 29 '13 at 19:15
@ioSamurai Resetting the password makes you loose anything stored in secured storage (certificates, ect...), and as you said the 3rd law of computer security "If a bad guy has unrestricted physical access to your computer, it's not your computer anymore"
– Scott Chamberlain
Apr 29 '13 at 19:15
8
8
I just realized... you got that screenshot from Wikipedia, and I uploaded it to Wikipedia like 4 years ago. The circle of (internet) life!
– nhinkle♦
May 23 '13 at 16:57
I just realized... you got that screenshot from Wikipedia, and I uploaded it to Wikipedia like 4 years ago. The circle of (internet) life!
– nhinkle♦
May 23 '13 at 16:57
2
2
Worked like a charm, However I was unable to change the password with the net user command. I was able to activate the admin account though and then login through that with this command
net user administrator /active:yes
– Cosco Tech
Jul 20 '15 at 14:04
Worked like a charm, However I was unable to change the password with the net user command. I was able to activate the admin account though and then login through that with this command
net user administrator /active:yes
– Cosco Tech
Jul 20 '15 at 14:04
1
1
For me the system repair disk didn't allow admin password to be changed as it asked for repair disk on USB or floppy not DVD. Using system repair disk or running command-line after system recovery did not allow the replacing of sethc.exe with cmd.exe trick/hack. Using linux system rescue cd (4.8.2) I could not mount the drive - GPT partition - tools ntfs-3g gparted sfdisk should work with GPT but didn't. What eventually DID work was follow system recover sequence (no cd needed) at end view logfile (opens in Notepad). Then do file open - browse to cmd.exe - copy - paste - overwrite sethc.exe.
– gaoithe
Sep 26 '16 at 12:43
For me the system repair disk didn't allow admin password to be changed as it asked for repair disk on USB or floppy not DVD. Using system repair disk or running command-line after system recovery did not allow the replacing of sethc.exe with cmd.exe trick/hack. Using linux system rescue cd (4.8.2) I could not mount the drive - GPT partition - tools ntfs-3g gparted sfdisk should work with GPT but didn't. What eventually DID work was follow system recover sequence (no cd needed) at end view logfile (opens in Notepad). Then do file open - browse to cmd.exe - copy - paste - overwrite sethc.exe.
– gaoithe
Sep 26 '16 at 12:43
|
show 3 more comments
Run an Ophcrack LiveCD to try and crack the password, provided that you have a sufficiently easy alphanumerical password.
1
I don't think I can upvote or downvote this answer because it seems like a waste of time compared to just blanking the password and setting it when you boot into Windows.
– Nathan Adams
Oct 16 '10 at 15:21
17
@Nathan, keep in mind that resetting the password results in permanently losing access to all encrypted files and data.
– Harry Johnston
Sep 7 '11 at 21:21
I've had very limited success with Ophcrack. It worked for me once when helping a friend, who had a very simple password (it was just her name followed by a number). With a sufficiently strong password, it doesn't work very well.
– Charles Burge
Aug 15 '16 at 21:43
add a comment |
Run an Ophcrack LiveCD to try and crack the password, provided that you have a sufficiently easy alphanumerical password.
1
I don't think I can upvote or downvote this answer because it seems like a waste of time compared to just blanking the password and setting it when you boot into Windows.
– Nathan Adams
Oct 16 '10 at 15:21
17
@Nathan, keep in mind that resetting the password results in permanently losing access to all encrypted files and data.
– Harry Johnston
Sep 7 '11 at 21:21
I've had very limited success with Ophcrack. It worked for me once when helping a friend, who had a very simple password (it was just her name followed by a number). With a sufficiently strong password, it doesn't work very well.
– Charles Burge
Aug 15 '16 at 21:43
add a comment |
Run an Ophcrack LiveCD to try and crack the password, provided that you have a sufficiently easy alphanumerical password.
Run an Ophcrack LiveCD to try and crack the password, provided that you have a sufficiently easy alphanumerical password.
answered Oct 15 '10 at 18:16
brandon927
1,019710
1,019710
1
I don't think I can upvote or downvote this answer because it seems like a waste of time compared to just blanking the password and setting it when you boot into Windows.
– Nathan Adams
Oct 16 '10 at 15:21
17
@Nathan, keep in mind that resetting the password results in permanently losing access to all encrypted files and data.
– Harry Johnston
Sep 7 '11 at 21:21
I've had very limited success with Ophcrack. It worked for me once when helping a friend, who had a very simple password (it was just her name followed by a number). With a sufficiently strong password, it doesn't work very well.
– Charles Burge
Aug 15 '16 at 21:43
add a comment |
1
I don't think I can upvote or downvote this answer because it seems like a waste of time compared to just blanking the password and setting it when you boot into Windows.
– Nathan Adams
Oct 16 '10 at 15:21
17
@Nathan, keep in mind that resetting the password results in permanently losing access to all encrypted files and data.
– Harry Johnston
Sep 7 '11 at 21:21
I've had very limited success with Ophcrack. It worked for me once when helping a friend, who had a very simple password (it was just her name followed by a number). With a sufficiently strong password, it doesn't work very well.
– Charles Burge
Aug 15 '16 at 21:43
1
1
I don't think I can upvote or downvote this answer because it seems like a waste of time compared to just blanking the password and setting it when you boot into Windows.
– Nathan Adams
Oct 16 '10 at 15:21
I don't think I can upvote or downvote this answer because it seems like a waste of time compared to just blanking the password and setting it when you boot into Windows.
– Nathan Adams
Oct 16 '10 at 15:21
17
17
@Nathan, keep in mind that resetting the password results in permanently losing access to all encrypted files and data.
– Harry Johnston
Sep 7 '11 at 21:21
@Nathan, keep in mind that resetting the password results in permanently losing access to all encrypted files and data.
– Harry Johnston
Sep 7 '11 at 21:21
I've had very limited success with Ophcrack. It worked for me once when helping a friend, who had a very simple password (it was just her name followed by a number). With a sufficiently strong password, it doesn't work very well.
– Charles Burge
Aug 15 '16 at 21:43
I've had very limited success with Ophcrack. It worked for me once when helping a friend, who had a very simple password (it was just her name followed by a number). With a sufficiently strong password, it doesn't work very well.
– Charles Burge
Aug 15 '16 at 21:43
add a comment |
Offline NT Password Editor
Offine NT Password & Registry Editor works basically the same as PC Login Now in that it erases your Windows password instead of recovering it. You can then simply log in to your account without entering a password.
source
add a comment |
Offline NT Password Editor
Offine NT Password & Registry Editor works basically the same as PC Login Now in that it erases your Windows password instead of recovering it. You can then simply log in to your account without entering a password.
source
add a comment |
Offline NT Password Editor
Offine NT Password & Registry Editor works basically the same as PC Login Now in that it erases your Windows password instead of recovering it. You can then simply log in to your account without entering a password.
source
Offline NT Password Editor
Offine NT Password & Registry Editor works basically the same as PC Login Now in that it erases your Windows password instead of recovering it. You can then simply log in to your account without entering a password.
source
edited Oct 16 '10 at 13:40
Sathyajith Bhat♦
52.6k29154252
52.6k29154252
answered Nov 18 '09 at 17:47
joe
10.2k95699
10.2k95699
add a comment |
add a comment |
Grab a copy of unetbootin from here. Install NTpasswd onto a flash drive. By running NTpasswd off the flash drive you'll be able to reset the password on the computer to blank. It's pretty easy to use as well.
add a comment |
Grab a copy of unetbootin from here. Install NTpasswd onto a flash drive. By running NTpasswd off the flash drive you'll be able to reset the password on the computer to blank. It's pretty easy to use as well.
add a comment |
Grab a copy of unetbootin from here. Install NTpasswd onto a flash drive. By running NTpasswd off the flash drive you'll be able to reset the password on the computer to blank. It's pretty easy to use as well.
Grab a copy of unetbootin from here. Install NTpasswd onto a flash drive. By running NTpasswd off the flash drive you'll be able to reset the password on the computer to blank. It's pretty easy to use as well.
answered Oct 15 '10 at 17:49
Kravlin
854614
854614
add a comment |
add a comment |
Use this bootdisk to boot PCs with Windows OSes to blank out the LOCAL
user account passwords, ENABLE
or DISABLE
LOCAL user accounts, etc.
You can use this if you've forgotten your LOCAL
Windows user account password, you've done a factory reimage/reset on your Windows OS and the account has a password you don't know what it is, and things of this sort of nature so you can log into Windows as some account WITHOUT a password just to get in, and then set the password from the Windows Control Panel, etc. to something you do know afterwards.
THE STEPS IN BRIEF
Download the bootdisk image file
Burn bootdisk image file onto media (e.g.
USB
orCD
) to boot PC from it rather than the hard drive or Windows.Put the newly burned bootdisk media into the PC, and then instruct the PC to boot from it rather than the internal hard drive with Windows installed.
Follow the instruction from the below section labeled
INSTRUCTIONS ONCE BOOTED TO
for what options to pick, etc. to enable existing local Windows accounts and/or blank out the password of the accounts and so on.
General Information
Resource: http://pogostick.net/~pnh/ntpasswd/bootdisk.html
Offline Windows Password & Registry Editor, Bootdisk / CD
I've put together a CD or USB Drive image which contains things needed
to reset the passwords on most systems.
The bootdisk should support most of the more usual disk controllers,
and it should auto-load most of them. Both PS/2 and USB keyboard
supported.
More or less tested from NT3.5 up to Windows 8.1, including the server
versions like 2003, 2008 and 2012. Also 64 bit windows supported.
DANGER WILL ROBINSON!
If password is reset on users that have EFS encrypted files, and the system is XP or newer, all encrypted files for that user will be
UNREADABLE! and cannot be recovered unless you remember the old
password again If you don't know if you have encrypted files or not,
you most likely don't have them. (except maybe on corporate systems)
Please see the Frequently Asked
Questions and the
version history below before emailing questions to me. Thanks!
Download Bootdisk
Resource: http://pogostick.net/~pnh/ntpasswd/bootdisk.html
Download
Note: Some links may be offsite.
CD release, see below on how to use
cd140201.zip (~18MB) - Bootable CD image.
usb140201.zip (~18MB) - Files for USB install
Previous release:
cd110511.zip (~4MB) - Bootable CD image.
usb110511.zip (~4MB) - Files for USB install
The files inside the USB zip are exactly the same as on the CD. See
below for instructions on how to make USB disk bootable.
Floppy release (not updated anymore), see below on how to use them
bd080526.zip (~1.4M) - Bootdisk image
drivers1-080526.zip
(~310K) - Disk drivers (mostly PATA/SATA)
drivers2-080526.zip
(~1.2M) - Disk drivers (mostly SCSI)
Previous versions may sometimes be found here (also my site)
NOTE: Versions before 0704xx will corrupt the disk on VISTA/win7/8!
NOTE THAT THE BOOTDISK CONTAINS CRYPTHOGRAPHIC CODE, and that it may be ILLEGAL to RE-EXPORT it from your country.
HOW TO USE
Resource: http://pogostick.net/~pnh/ntpasswd/bootdisk.html
How to use?
Please read the walthrough (now a bit outdated, sorry) and the
FAQ before mailing me questions
If you have the CD or USB, all drivers are included.
Overview
- Get the machine to boot from the CD or USB drive.
- Load drivers (usually automatic, but possible to run manual select)
- Disk select, tell which disk contains the Windows system. Optionally
you will have to load drivers.
- PATH select, where on the disk is the system? (now usually
automatic)
- File select, which parts of registry to load, based on what you want
to do.
- Password reset or other registry edit.
- Write back to disk (you will be asked)
DON'T PANIC!! - Most questions can usually be answered with the default answer which is given in [brackets]. Just press enter/return
to accept the default answer.
The walkthrough and instructions is now on its own page! but is quite old.. hope to make a new one..
What can go wrong?
Well. Lots of things, actually. But most of the problems is of the
type "cannot find" something. And then nothing happens.
Also, see the FAQ for
help with common problems.
INSTRUCTIONS ONCE BOOTED TO
It may be best to print these instruction and then follow from that printed copy—and print from the version on the web site resource URL perhaps too in case they update something with it since after my post here.
This is the detail that explains what options to pick once the bootdisk starts booting to find and point to the internal hard drive and pick the current Windows OS objects to blank out the LOCAL user accounts on that Windows OS on the hard drive.
This part may seem complex or involved at first, but just let the bootdisk boot up and go through the screen until it prompts or waits for you to tell it what to do. Look over these instructions and just pick the appropriate options as instructed—it should make sense so just read it over until you get it.
Typically though you'll. . .
a. pick the Windows disk partition on the hard drive the bootdisk
inspects
b. from the list of usernames it finds, type the name of the account
you'll change (e.g. administrator, jsmith, etc.)
c. from the next list, it'll tell you if the account is disabled, expired, etc. so you know what you'll need change to reset it for specifically to ensure you can sign on with it afterwards when booted back to Windows
d. on the next screen you'll want to unlock the account, blank the password on the account or set account as local administrator (option 1, 3, and 4).
i. you may need to do step "d." one time per action and then pick the username of the account again for the next action if it needs
more than one action completed (e.g. blank password, unlock account,
etc.)ii. I'd just steer clear of setting passwords here and just do that through Windows Control Panel once you get signed onto Windows with a blank password as administrator, etc.
e. be sure you select "Y" to save your changes to and then when the PC reboots, let it reboot to Windows and then sign on with the blank password to the account you changed with the bootdisk.
If it doesn't work, boot to the bootdisk and do it again, maybe you didn't pick some option so it didn't do what you expected it to. Since you're factory wiping this hard drive anyway, there should not be much danger in loosing anything or corrupting anything as then you'd just reimage/factory reset it again.
Resource: http://pogostick.net/~pnh/ntpasswd/walkthrough.html
Offline NT Password & Registry Editor, Walkthrough
2014, NOTE: This is now a bit old, some are the same, some look a bit different..
The following is a walkthrough of using the CD to reset one user (admin) on a test Vista computer.
Insert the CD and convince your BIOS that it should boot from it. How to boot from a CD varies from computer make to computer make, so I cannot help you much. Some BIOS shows a boot device select menu if you press ESC, F8, F11 or F12 or something like that during the self test. (some even tell you on the screen what to press)
If it boots, you should see this:
ISOLINUX 3.51 2007-06-10 Copyright (C) 1994-2007 H. Peter Anvin
*************************************************************************** * * * Windows NT/2k/XP/Vista Change Password / Registry Editor / Boot CD * *
* * (c) 1998-2007 Petter Nordahl-Hagen. Distributed under GNU GPL v2 * *
* * DISCLAIMER: THIS SOFTWARE COMES WITH ABSOLUTELY NO WARRANTIES! * * THE AUTHOR CAN NOT BE HELD RESPONSIBLE FOR ANY DAMAGE * * CAUSED BY THE (MIS)USE OF THIS SOFTWARE
* * * * More info at: http://pogostick.net/~pnh/ntpasswd/ * * Email : pnh@pogostick.net * * * * CD build date: Sun Sep 23 14:15:35 CEST 2007 * ***************************************************************************
Press enter to boot, or give linux kernel boot options first if needed. Some that I have to use once in a while: boot nousb
- to turn off USB if not used and it causes problems boot irqpoll - if some drivers hang with irq problem messages boot nodrivers - skip automatic disk driver loading
boot: Usually just press enter here. If you have linux knowledge, you can tweak kernel options if you need/like.
Then it boots and outputs a lot of kernel messages about your hardware and such.. most if not all are nothing to worry about.
Loading vmlinuz.................. Loading scsi.cgz.........................
Loading initrd.cgz.......... Ready. Linux version 2.6.22.6 (root@athene) (gcc version 4.1.1 20060724 (prerelease) (4.1.1-3mdk))
#2 Sun Sep 9 16:59:48 CEST 2007 BIOS-provided physical RAM map: BIOS-e820: 0000000000000000 - 000000000009f800 (usable) BIOS-e820: 000000000009f800 - 00000000000a0000 (reserved) BIOS-e820: 00000000000ca000 - 00000000000cc000 (reserved) BIOS-e820: 00000000000dc000 - 0000000000100000 (reserved) BIOS-e820: 0000000000100000 - 00000000316f0000 (usable) BIOS-e820: 00000000316f0000 - 00000000316ff000 (ACPI data) BIOS-e820: 00000000316ff000 - 0000000031700000 (ACPI NVS) BIOS-e820: 0000000031700000 - 0000000031800000 (usable) BIOS-e820: 00000000fec00000 - 00000000fec10000 (reserved) BIOS-e820: 00000000fee00000 - 00000000fee01000 (reserved) BIOS-e820: 00000000fffe0000 - 0000000100000000 (reserved) 792MB LOWMEM available. Zone PFN ranges:
DMA 0 -> 4096
Normal 4096 -> 202752 early_node_map[1] active PFN ranges
...
Serial: 8250/16550 driver $Revision: 1.90 $ 4 ports, IRQ sharing enabled serial8250: ttyS0 at I/O 0x3f8 (irq = 4) is a 16550A Floppy drive(s): fd0 is 1.44M FDC 0 is a post-1991 82077 RAMDISK driver initialized: 16 RAM disks of 32000K size 1024 blocksize USB Universal Host Controller Interface driver v3.0 Initializing USB Mass Storage driver... usbcore: registered new interface driver usb-storage USB Mass Storage support registered. serio: i8042 KBD port at 0x60,0x64 irq 1 serio: i8042 AUX port at 0x60,0x64 irq 12 usbcore: registered new interface driver usbhid drivers/hid/usbhid/hid-core.c: v2.6:USB HID core driver Using IPI Shortcut mode BIOS EDD facility v0.16 2004-Jun-25, 1 devices found Freeing unused kernel memory: 144k freed Booting ntpasswd Mounting: proc sys Ramdisk setup complete, stage separation.. In stage 2 Spawning shells on console 2 - 6 Initialization complete!
** Preparing driver modules to dir /lib/modules/2.6.22.6 input: AT Translated Set 2 keyboard as /class/input/input0
Most of the generic linux boot now done, and we try to load the disk drivers. If you use the floppy version you will be asked to swap floppies at this point. Drivers are then tried based on PCI hardware indentification.
** Will now try to auto-load relevant drivers based on PCI information
---- AUTO DISK DRIVER select ---- --- PROBE FOUND THE FOLLOWING DRIVERS: ata_piix ata_generic mptspi --- TRYING TO LOAD THE DRIVERS ### Loading ata_piix scsi0 : ata_piix scsi1 : ata_piix ata1: PATA max UDMA/33 cmd 0x000101f0 ctl 0x000103f6 bmdma 0x00011050 irq 14 ata2: PATA max UDMA/33 cmd 0x00010170 ctl 0x00010376 bmdma 0x00011058 irq 15 ata2.00: ATAPI: VMware Virtual IDE CDROM Drive, 00000001, max UDMA/33 ata2.00: configured for UDMA/33 scsi 1:0:0:0: CD-ROM NECVMWar VMware IDE CDR10 1.00 PQ: 0 ANSI: 5 sr0: scsi3-mmc drive: 1x/1x xa/form2 cdda tray Uniform CD-ROM driver Revision: 3.20
### Loading ata_generic
### Loading mptspi Fusion MPT base driver 3.04.04 Copyright (c) 1999-2007 LSI Logic Corporation Fusion MPT SPI Host driver 3.04.04 PCI: Found IRQ 9 for device 0000:00:10.0 mptbase: Initiating ioc0 bringup ioc0: 53C1030: Capabilities={Initiator} scsi2 : ioc0: LSI53C1030, FwRev=01032920h, Ports=1, MaxQ=128, IRQ=9 scsi 2:0:0:0: Direct-Access VMware, VMware Virtual S 1.0 PQ: 0 ANSI: 2 target2:0:0: Beginning Domain Validation target2:0:0: Domain Validation skipping write tests target2:0:0: Ending Domain Validation target2:0:0: FAST-40 WIDE SCSI 80.0 MB/s ST (25 ns, offset 127) sd 2:0:0:0: [sda] 83886080 512-byte hardware sectors (42950 MB) sd 2:0:0:0: [sda] Write Protect is off sd 2:0:0:0: [sda] Cache data unavailable sd 2:0:0:0: [sda] Assuming drive cache: write through sd 2:0:0:0: [sda] 83886080 512-byte hardware sectors (42950 MB) sd 2:0:0:0: [sda] Write Protect is off sd 2:0:0:0: [sda] Cache data unavailable sd 2:0:0:0: [sda] Assuming drive cache: write through sda: sda1 sd 2:0:0:0: [sda] Attached SCSI disk
Most of these messages are from the drivers themselves. Some talk a lot, some doesn't. But all give info on the brand and model and size of the disks found, if any.
------------------------------------------------------------- Driver load done, if none loaded, you may try manual instead.
-------------------------------------------------------------
** If no disk show up, you may have to try again (d option) or manual (m).
You can later load more drivers..
************************************************************************* * Windows Registry Edit Utility Floppy / chntpw * * (c) 1997 - 2007 Petter N Hagen - pnh@pogostick.net * * GNU GPL v2 license, see files on CD * * * * This utility will enable you to change or blank the password of * * any user (incl. administrator) on an Windows NT/2k/XP/Vista * * WITHOUT knowing the old password. * * Unlocking locked/disabled accounts also supported. * * * * It also has a registry editor, and there is now support for * * adding and deleting keys and values. * * * * Tested on: NT3.51 & NT4: Workstation, Server, PDC. * * Win2k Prof & Server to SP4. Cannot change AD. * * XP Home & Prof: up to SP2 * * Win 2003 Server (cannot change AD passwords) * * Vista 32 and 64 bit * * * * HINT: If things scroll by too fast, press SHIFT-PGUP/PGDOWN ... * *************************************************************************
========================================================= There are several steps to go through:
- Disk select with optional loading of disk drivers
- PATH select, where are the Windows systems files stored
- File-select, what parts of registry we need
- Then finally the password change or registry edit itself
- If changes were made, write them back to disk
DON'T PANIC! Usually the defaults are OK, just press enter
all the way through the questions
========================================================= ¤ Step ONE: Select disk where the Windows installation is
=========================================================
Disks: Disk /dev/sda: 42.9 GB, 42949672960 bytes
Candidate Windows partitions found: 1 : /dev/sda1 40958MB BOOT
Here it has found one disk with one partition
Please select partition by number or q = quit d = automatically start disk drivers m = manually select disk drivers to load f = fetch additional drivers from floppy / usb a = show all partitions found l = show propbable Windows (NTFS) partitions only Select: [1]
Here you select one of the partitions listed above (in this case there is only one) or one of the letters from the menu.
Floppy users may need to do 'f' to load in more drivers from another floppy.
The 'd' option will re-run the PCI scan and start relevant drivers (they must already be loaded from floppy with 'f' option)
The 'm' for manual load will present a list of all the drivers with short description if available, and allow you to specify which to load. (Dependecies are handled automatically)
Here we only have one partition, so we just press enter to select it.
Selected 1
Mounting from /dev/sda1, with filesystem type NTFS
NTFS volume version 3.1.
It was an NTFS filesystem, and it mounted successfully.
========================================================= ¤ Step TWO: Select PATH and registry files
========================================================= What is the path to the registry directory? (relative to windows disk) [WINDOWS/system32/config] :
The registry is usually system32/config under WINDOWS or WINNT directory, depending on the windows version (and it may be changed during installation). If the correct partition has been selected, the default prompt will be adjusted to match if it can find one of the usual variants.
We accept the defaults.. and get a (bit filtered) directory listing showing most of the interesting registry files
-rw------- 2 0 0 262144 Feb 28 2007 BCD-Template
-rw------- 2 0 0 6815744 Sep 23 12:33 COMPONENTS -rw------- 1 0 0 262144 Sep 23 12:33 DEFAULT drwx------ 1 0 0 0 Nov 2 2006 Journal drwx------ 1 0 0 8192 Sep 23 12:33 RegBack
-rw------- 1 0 0 524288 Sep 23 12:33 SAM -rw------- 1 0 0 262144 Sep 23 12:33 SECURITY -rw------- 1 0 0 15728640 Sep 23 12:33 SOFTWARE -rw------- 1 0 0 9175040 Sep 23 12:33 SYSTEM drwx------ 1 0 0 4096 Nov 2 2006 TxR drwx------ 1 0 0 4096 Feb 27 2007 systemprofile
Select which part of registry to load, use predefined choices or list the files with space as delimiter 1 - Password reset [sam system security] 2 - RecoveryConsole parameters [software] q - quit - return to previous [1] :
Choice 1 is for password edit, most used. But if you wish, you can load any of the files (just enter it's name) and do manual registry edit on them.
But here, we select 1 for password edit, some files are copied around into memory and the edit application is invoked.
Selected files: sam system security Copying sam system security to /tmp
========================================================= ¤ Step THREE: Password or registry edit
========================================================= chntpw version 0.99.5 070923 (decade), (c) Petter N Hagen Hive name (from header): <SystemRootSystem32ConfigSAM> ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf> Page at 0x44000 is not 'hbin', assuming file contains garbage at end File size 524288 [80000] bytes, containing 11 pages (+ 1 headerpage) Used for data: 288/250904 blocks/bytes, unused: 15/23176 blocks/bytes.
Hive name (from header): <SYSTEM> ROOT KEY at offset: 0x001020 * Subkey indexing type is: 686c <lh> Page at 0x8b4000 is not 'hbin', assuming file contains garbage at end File size 9175040 [8c0000] bytes, containing 2117 pages (+ 1 headerpage) Used for data: 96982/6224016 blocks/bytes, unused: 4381/2830032 blocks/bytes.
Hive name (from header): <emRootSystem32ConfigSECURITY> ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf> Page at 0x6000 is not 'hbin', assuming file contains garbage at end File size 262144 [40000] bytes, containing 5 pages (+ 1 headerpage) Used for data: 334/17312 blocks/bytes, unused: 7/3008 blocks/bytes.
* SAM policy limits: Failed logins before lockout is: 0 Minimum password length : 0 Password history count : 0
======== chntpw Main Interactive Menu ========
Loaded hives:
1 - Edit user data and passwords
2 - Syskey status & change
3 - RecoveryConsole settings
- - -
9 - Registry editor, now with full write support!
q - Quit (you will be asked if there is something to save)
What to do? [1] ->
This demo shows selection 1 for password edit, but you can also do other things. Note that 2, Syskey may be dangerous! AND NOT NEEDED TO RESET PASSWORDS! and does not work at all on Vista, but you get some info before you do any changes.
Selection 3, RecoveryConsole is only relevant for Win2k, XP and 2003 and you must have selected to load the SOFTWARE part of the registry (selection 2) earlier.
The manual registry editor is always available, it is not the most user-friendly thing, but anyway..
We continue our quest to change our "admin" users password..
===== chntpw Edit User Info & Passwords ====
| RID -|---------- Username ------------| Admin? |- Lock? --| | 03e8 | admin | ADMIN | | | 01f4 | Administrator | ADMIN | dis/lock | | 03ec | grumf1 | | | | 03ed | grumf2 | | | | 03ee | grumf3 | | | | 01f5 | Guest | | dis/lock | | 03ea | jalla1 | ADMIN | *BLANK* | | 03eb | jalla2 | | *BLANK* | | 03e9 | petro | ADMIN | *BLANK* |
This is a list of all local users on the machine. You may see more users here than in the overly user-friendly control panel, for example XP has some help and support built in users. The users marked "ADMIN" are members of the administrators group, which means they have admin rights, if you can login to one of them you can get control of the machine.
The buildt in (at install time in all windows versions) administrator is always RID 01f4. This example is from Vista, and Vista by default has this locked down (the installer instead asks and makes another user the regular use administrator, in this case RID 03e8)
The "lock?" collumn show if the user account is disabled or locked out (due to many logon attempts for example) or BLANK if the password seems to be blank.
We select to edit the "admin" user (this was the user made administrator by the Vista installer)
Select: ! - quit, . - list users, 0x - User with RID (hex) or simply enter the username to change: [Administrator] admin
RID : 1000 [03e8] Username: admin fullname: comment : homedir :
User is member of 1 groups: 00000220 = Administrators (which has 4 members)
Group 220 is THE BOSS GROUP! :)
Account bits: 0x0214 = [ ] Disabled | [ ] Homedir req. | [X] Passwd not req. | [ ] Temp. duplicate | [X] Normal account | [ ] NMS account | [ ] Domain trust ac | [ ] Wks trust act. | [ ] Srv trust act | [X] Pwd don't expir | [ ] Auto lockout | [ ] (unknown 0x08) | [ ] (unknown 0x10) | [ ] (unknown 0x20) | [ ] (unknown 0x40) |
Failed login count: 0, while max tries is: 0 Total login count: 3
Some status info, user is locked out if "Disabled" is set or "Failed login count" is larger than "max tries" policy setting. This user is not locked in any way. The lockout can be reset with option 4 below.
- - - - User Edit Menu: 1 - Clear (blank) user password 2 - Edit (set new) user password (careful with this on XP or Vista) 3 - Promote user (make user an administrator) (4 - Unlock and enable user account) [seems unlocked already] q - Quit editing user, back to user select Select: [q] > 1 Password cleared!
Here we just reset/clear/blank the password. But you can also try to set a new password with option 2, but it will only work if the password is not blank already. Also, it often fails to work on XP and newer systems.
Number 3 is to put a non-admin user into the administrators (220) group, thus making the user an administrator. IT IS STILL EXPERIMENTAL AND IT MAY sometimes RESULT IN STRANGE ERRORS WHEN LATER EDITING THE GROUP FROM WINDOWS! Also, usually pointless in promoting the Guest user, as it is most likely forbidden to log in by the security policy settings.
Select: ! - quit, . - list users, 0x - User with RID (hex) or simply enter the username to change: [Administrator] !
Exclamation point ! quits out (it's SHIFT 1 on the US keyboard layout used on the boot CD) Then we get back to the main menu, and select to quit..
======== chntpw Main Interactive Menu ========
Loaded hives: <sam> <system> <security>
1 - Edit user data and passwords
2 - Syskey status & change
3 - RecoveryConsole settings
- - -
9 - Registry editor, now with full write support!
q - Quit (you will be asked if there is something to save)
What to do? [1] -> q
Hives that have changed: # Name 0 - OK
========================================================= ¤ Step FOUR: Writing back changes
========================================================= About to write file(s) back! Do it? [n] : y
You must answer y, or the changes will not be saved. This is the last chance to change your mind!
Writing sam
Only changed files of the registry are actually written back.
If you forgot something, you may run again, else press CTRL-ALT-DEL to reboot.
***** EDIT COMPLETE *****
You can try again if it somehow failed, or you selected wrong New run? [n] : n
=========================================================
* end of scripts.. returning to the shell.. * Press CTRL-ALT-DEL to reboot now (remove floppy first) * or do whatever you want from the shell.. * However, if you mount something, remember to umount before reboot * You may also restart the script procedure with 'sh /scripts/main.sh'
(Please ignore the message about job control, it is not relevant)
BusyBox v1.1.0-pre1 (2005.12.30-19:45+0000) Built-in shell (ash) Enter 'help' for a list of built-in commands.
sh: can't access tty; job control turned off And I got about a gazillion questions on this error message, even if it is mentioned in the FAQ It is from the shell telling it cannot do "job control" which means it cannot handle CTRL-C etc. It HAS NOTHING TO DO WITH YOUR PASSWORD RESET DID NOT WORK! That is caused by a lot of other things.
add a comment |
Use this bootdisk to boot PCs with Windows OSes to blank out the LOCAL
user account passwords, ENABLE
or DISABLE
LOCAL user accounts, etc.
You can use this if you've forgotten your LOCAL
Windows user account password, you've done a factory reimage/reset on your Windows OS and the account has a password you don't know what it is, and things of this sort of nature so you can log into Windows as some account WITHOUT a password just to get in, and then set the password from the Windows Control Panel, etc. to something you do know afterwards.
THE STEPS IN BRIEF
Download the bootdisk image file
Burn bootdisk image file onto media (e.g.
USB
orCD
) to boot PC from it rather than the hard drive or Windows.Put the newly burned bootdisk media into the PC, and then instruct the PC to boot from it rather than the internal hard drive with Windows installed.
Follow the instruction from the below section labeled
INSTRUCTIONS ONCE BOOTED TO
for what options to pick, etc. to enable existing local Windows accounts and/or blank out the password of the accounts and so on.
General Information
Resource: http://pogostick.net/~pnh/ntpasswd/bootdisk.html
Offline Windows Password & Registry Editor, Bootdisk / CD
I've put together a CD or USB Drive image which contains things needed
to reset the passwords on most systems.
The bootdisk should support most of the more usual disk controllers,
and it should auto-load most of them. Both PS/2 and USB keyboard
supported.
More or less tested from NT3.5 up to Windows 8.1, including the server
versions like 2003, 2008 and 2012. Also 64 bit windows supported.
DANGER WILL ROBINSON!
If password is reset on users that have EFS encrypted files, and the system is XP or newer, all encrypted files for that user will be
UNREADABLE! and cannot be recovered unless you remember the old
password again If you don't know if you have encrypted files or not,
you most likely don't have them. (except maybe on corporate systems)
Please see the Frequently Asked
Questions and the
version history below before emailing questions to me. Thanks!
Download Bootdisk
Resource: http://pogostick.net/~pnh/ntpasswd/bootdisk.html
Download
Note: Some links may be offsite.
CD release, see below on how to use
cd140201.zip (~18MB) - Bootable CD image.
usb140201.zip (~18MB) - Files for USB install
Previous release:
cd110511.zip (~4MB) - Bootable CD image.
usb110511.zip (~4MB) - Files for USB install
The files inside the USB zip are exactly the same as on the CD. See
below for instructions on how to make USB disk bootable.
Floppy release (not updated anymore), see below on how to use them
bd080526.zip (~1.4M) - Bootdisk image
drivers1-080526.zip
(~310K) - Disk drivers (mostly PATA/SATA)
drivers2-080526.zip
(~1.2M) - Disk drivers (mostly SCSI)
Previous versions may sometimes be found here (also my site)
NOTE: Versions before 0704xx will corrupt the disk on VISTA/win7/8!
NOTE THAT THE BOOTDISK CONTAINS CRYPTHOGRAPHIC CODE, and that it may be ILLEGAL to RE-EXPORT it from your country.
HOW TO USE
Resource: http://pogostick.net/~pnh/ntpasswd/bootdisk.html
How to use?
Please read the walthrough (now a bit outdated, sorry) and the
FAQ before mailing me questions
If you have the CD or USB, all drivers are included.
Overview
- Get the machine to boot from the CD or USB drive.
- Load drivers (usually automatic, but possible to run manual select)
- Disk select, tell which disk contains the Windows system. Optionally
you will have to load drivers.
- PATH select, where on the disk is the system? (now usually
automatic)
- File select, which parts of registry to load, based on what you want
to do.
- Password reset or other registry edit.
- Write back to disk (you will be asked)
DON'T PANIC!! - Most questions can usually be answered with the default answer which is given in [brackets]. Just press enter/return
to accept the default answer.
The walkthrough and instructions is now on its own page! but is quite old.. hope to make a new one..
What can go wrong?
Well. Lots of things, actually. But most of the problems is of the
type "cannot find" something. And then nothing happens.
Also, see the FAQ for
help with common problems.
INSTRUCTIONS ONCE BOOTED TO
It may be best to print these instruction and then follow from that printed copy—and print from the version on the web site resource URL perhaps too in case they update something with it since after my post here.
This is the detail that explains what options to pick once the bootdisk starts booting to find and point to the internal hard drive and pick the current Windows OS objects to blank out the LOCAL user accounts on that Windows OS on the hard drive.
This part may seem complex or involved at first, but just let the bootdisk boot up and go through the screen until it prompts or waits for you to tell it what to do. Look over these instructions and just pick the appropriate options as instructed—it should make sense so just read it over until you get it.
Typically though you'll. . .
a. pick the Windows disk partition on the hard drive the bootdisk
inspects
b. from the list of usernames it finds, type the name of the account
you'll change (e.g. administrator, jsmith, etc.)
c. from the next list, it'll tell you if the account is disabled, expired, etc. so you know what you'll need change to reset it for specifically to ensure you can sign on with it afterwards when booted back to Windows
d. on the next screen you'll want to unlock the account, blank the password on the account or set account as local administrator (option 1, 3, and 4).
i. you may need to do step "d." one time per action and then pick the username of the account again for the next action if it needs
more than one action completed (e.g. blank password, unlock account,
etc.)ii. I'd just steer clear of setting passwords here and just do that through Windows Control Panel once you get signed onto Windows with a blank password as administrator, etc.
e. be sure you select "Y" to save your changes to and then when the PC reboots, let it reboot to Windows and then sign on with the blank password to the account you changed with the bootdisk.
If it doesn't work, boot to the bootdisk and do it again, maybe you didn't pick some option so it didn't do what you expected it to. Since you're factory wiping this hard drive anyway, there should not be much danger in loosing anything or corrupting anything as then you'd just reimage/factory reset it again.
Resource: http://pogostick.net/~pnh/ntpasswd/walkthrough.html
Offline NT Password & Registry Editor, Walkthrough
2014, NOTE: This is now a bit old, some are the same, some look a bit different..
The following is a walkthrough of using the CD to reset one user (admin) on a test Vista computer.
Insert the CD and convince your BIOS that it should boot from it. How to boot from a CD varies from computer make to computer make, so I cannot help you much. Some BIOS shows a boot device select menu if you press ESC, F8, F11 or F12 or something like that during the self test. (some even tell you on the screen what to press)
If it boots, you should see this:
ISOLINUX 3.51 2007-06-10 Copyright (C) 1994-2007 H. Peter Anvin
*************************************************************************** * * * Windows NT/2k/XP/Vista Change Password / Registry Editor / Boot CD * *
* * (c) 1998-2007 Petter Nordahl-Hagen. Distributed under GNU GPL v2 * *
* * DISCLAIMER: THIS SOFTWARE COMES WITH ABSOLUTELY NO WARRANTIES! * * THE AUTHOR CAN NOT BE HELD RESPONSIBLE FOR ANY DAMAGE * * CAUSED BY THE (MIS)USE OF THIS SOFTWARE
* * * * More info at: http://pogostick.net/~pnh/ntpasswd/ * * Email : pnh@pogostick.net * * * * CD build date: Sun Sep 23 14:15:35 CEST 2007 * ***************************************************************************
Press enter to boot, or give linux kernel boot options first if needed. Some that I have to use once in a while: boot nousb
- to turn off USB if not used and it causes problems boot irqpoll - if some drivers hang with irq problem messages boot nodrivers - skip automatic disk driver loading
boot: Usually just press enter here. If you have linux knowledge, you can tweak kernel options if you need/like.
Then it boots and outputs a lot of kernel messages about your hardware and such.. most if not all are nothing to worry about.
Loading vmlinuz.................. Loading scsi.cgz.........................
Loading initrd.cgz.......... Ready. Linux version 2.6.22.6 (root@athene) (gcc version 4.1.1 20060724 (prerelease) (4.1.1-3mdk))
#2 Sun Sep 9 16:59:48 CEST 2007 BIOS-provided physical RAM map: BIOS-e820: 0000000000000000 - 000000000009f800 (usable) BIOS-e820: 000000000009f800 - 00000000000a0000 (reserved) BIOS-e820: 00000000000ca000 - 00000000000cc000 (reserved) BIOS-e820: 00000000000dc000 - 0000000000100000 (reserved) BIOS-e820: 0000000000100000 - 00000000316f0000 (usable) BIOS-e820: 00000000316f0000 - 00000000316ff000 (ACPI data) BIOS-e820: 00000000316ff000 - 0000000031700000 (ACPI NVS) BIOS-e820: 0000000031700000 - 0000000031800000 (usable) BIOS-e820: 00000000fec00000 - 00000000fec10000 (reserved) BIOS-e820: 00000000fee00000 - 00000000fee01000 (reserved) BIOS-e820: 00000000fffe0000 - 0000000100000000 (reserved) 792MB LOWMEM available. Zone PFN ranges:
DMA 0 -> 4096
Normal 4096 -> 202752 early_node_map[1] active PFN ranges
...
Serial: 8250/16550 driver $Revision: 1.90 $ 4 ports, IRQ sharing enabled serial8250: ttyS0 at I/O 0x3f8 (irq = 4) is a 16550A Floppy drive(s): fd0 is 1.44M FDC 0 is a post-1991 82077 RAMDISK driver initialized: 16 RAM disks of 32000K size 1024 blocksize USB Universal Host Controller Interface driver v3.0 Initializing USB Mass Storage driver... usbcore: registered new interface driver usb-storage USB Mass Storage support registered. serio: i8042 KBD port at 0x60,0x64 irq 1 serio: i8042 AUX port at 0x60,0x64 irq 12 usbcore: registered new interface driver usbhid drivers/hid/usbhid/hid-core.c: v2.6:USB HID core driver Using IPI Shortcut mode BIOS EDD facility v0.16 2004-Jun-25, 1 devices found Freeing unused kernel memory: 144k freed Booting ntpasswd Mounting: proc sys Ramdisk setup complete, stage separation.. In stage 2 Spawning shells on console 2 - 6 Initialization complete!
** Preparing driver modules to dir /lib/modules/2.6.22.6 input: AT Translated Set 2 keyboard as /class/input/input0
Most of the generic linux boot now done, and we try to load the disk drivers. If you use the floppy version you will be asked to swap floppies at this point. Drivers are then tried based on PCI hardware indentification.
** Will now try to auto-load relevant drivers based on PCI information
---- AUTO DISK DRIVER select ---- --- PROBE FOUND THE FOLLOWING DRIVERS: ata_piix ata_generic mptspi --- TRYING TO LOAD THE DRIVERS ### Loading ata_piix scsi0 : ata_piix scsi1 : ata_piix ata1: PATA max UDMA/33 cmd 0x000101f0 ctl 0x000103f6 bmdma 0x00011050 irq 14 ata2: PATA max UDMA/33 cmd 0x00010170 ctl 0x00010376 bmdma 0x00011058 irq 15 ata2.00: ATAPI: VMware Virtual IDE CDROM Drive, 00000001, max UDMA/33 ata2.00: configured for UDMA/33 scsi 1:0:0:0: CD-ROM NECVMWar VMware IDE CDR10 1.00 PQ: 0 ANSI: 5 sr0: scsi3-mmc drive: 1x/1x xa/form2 cdda tray Uniform CD-ROM driver Revision: 3.20
### Loading ata_generic
### Loading mptspi Fusion MPT base driver 3.04.04 Copyright (c) 1999-2007 LSI Logic Corporation Fusion MPT SPI Host driver 3.04.04 PCI: Found IRQ 9 for device 0000:00:10.0 mptbase: Initiating ioc0 bringup ioc0: 53C1030: Capabilities={Initiator} scsi2 : ioc0: LSI53C1030, FwRev=01032920h, Ports=1, MaxQ=128, IRQ=9 scsi 2:0:0:0: Direct-Access VMware, VMware Virtual S 1.0 PQ: 0 ANSI: 2 target2:0:0: Beginning Domain Validation target2:0:0: Domain Validation skipping write tests target2:0:0: Ending Domain Validation target2:0:0: FAST-40 WIDE SCSI 80.0 MB/s ST (25 ns, offset 127) sd 2:0:0:0: [sda] 83886080 512-byte hardware sectors (42950 MB) sd 2:0:0:0: [sda] Write Protect is off sd 2:0:0:0: [sda] Cache data unavailable sd 2:0:0:0: [sda] Assuming drive cache: write through sd 2:0:0:0: [sda] 83886080 512-byte hardware sectors (42950 MB) sd 2:0:0:0: [sda] Write Protect is off sd 2:0:0:0: [sda] Cache data unavailable sd 2:0:0:0: [sda] Assuming drive cache: write through sda: sda1 sd 2:0:0:0: [sda] Attached SCSI disk
Most of these messages are from the drivers themselves. Some talk a lot, some doesn't. But all give info on the brand and model and size of the disks found, if any.
------------------------------------------------------------- Driver load done, if none loaded, you may try manual instead.
-------------------------------------------------------------
** If no disk show up, you may have to try again (d option) or manual (m).
You can later load more drivers..
************************************************************************* * Windows Registry Edit Utility Floppy / chntpw * * (c) 1997 - 2007 Petter N Hagen - pnh@pogostick.net * * GNU GPL v2 license, see files on CD * * * * This utility will enable you to change or blank the password of * * any user (incl. administrator) on an Windows NT/2k/XP/Vista * * WITHOUT knowing the old password. * * Unlocking locked/disabled accounts also supported. * * * * It also has a registry editor, and there is now support for * * adding and deleting keys and values. * * * * Tested on: NT3.51 & NT4: Workstation, Server, PDC. * * Win2k Prof & Server to SP4. Cannot change AD. * * XP Home & Prof: up to SP2 * * Win 2003 Server (cannot change AD passwords) * * Vista 32 and 64 bit * * * * HINT: If things scroll by too fast, press SHIFT-PGUP/PGDOWN ... * *************************************************************************
========================================================= There are several steps to go through:
- Disk select with optional loading of disk drivers
- PATH select, where are the Windows systems files stored
- File-select, what parts of registry we need
- Then finally the password change or registry edit itself
- If changes were made, write them back to disk
DON'T PANIC! Usually the defaults are OK, just press enter
all the way through the questions
========================================================= ¤ Step ONE: Select disk where the Windows installation is
=========================================================
Disks: Disk /dev/sda: 42.9 GB, 42949672960 bytes
Candidate Windows partitions found: 1 : /dev/sda1 40958MB BOOT
Here it has found one disk with one partition
Please select partition by number or q = quit d = automatically start disk drivers m = manually select disk drivers to load f = fetch additional drivers from floppy / usb a = show all partitions found l = show propbable Windows (NTFS) partitions only Select: [1]
Here you select one of the partitions listed above (in this case there is only one) or one of the letters from the menu.
Floppy users may need to do 'f' to load in more drivers from another floppy.
The 'd' option will re-run the PCI scan and start relevant drivers (they must already be loaded from floppy with 'f' option)
The 'm' for manual load will present a list of all the drivers with short description if available, and allow you to specify which to load. (Dependecies are handled automatically)
Here we only have one partition, so we just press enter to select it.
Selected 1
Mounting from /dev/sda1, with filesystem type NTFS
NTFS volume version 3.1.
It was an NTFS filesystem, and it mounted successfully.
========================================================= ¤ Step TWO: Select PATH and registry files
========================================================= What is the path to the registry directory? (relative to windows disk) [WINDOWS/system32/config] :
The registry is usually system32/config under WINDOWS or WINNT directory, depending on the windows version (and it may be changed during installation). If the correct partition has been selected, the default prompt will be adjusted to match if it can find one of the usual variants.
We accept the defaults.. and get a (bit filtered) directory listing showing most of the interesting registry files
-rw------- 2 0 0 262144 Feb 28 2007 BCD-Template
-rw------- 2 0 0 6815744 Sep 23 12:33 COMPONENTS -rw------- 1 0 0 262144 Sep 23 12:33 DEFAULT drwx------ 1 0 0 0 Nov 2 2006 Journal drwx------ 1 0 0 8192 Sep 23 12:33 RegBack
-rw------- 1 0 0 524288 Sep 23 12:33 SAM -rw------- 1 0 0 262144 Sep 23 12:33 SECURITY -rw------- 1 0 0 15728640 Sep 23 12:33 SOFTWARE -rw------- 1 0 0 9175040 Sep 23 12:33 SYSTEM drwx------ 1 0 0 4096 Nov 2 2006 TxR drwx------ 1 0 0 4096 Feb 27 2007 systemprofile
Select which part of registry to load, use predefined choices or list the files with space as delimiter 1 - Password reset [sam system security] 2 - RecoveryConsole parameters [software] q - quit - return to previous [1] :
Choice 1 is for password edit, most used. But if you wish, you can load any of the files (just enter it's name) and do manual registry edit on them.
But here, we select 1 for password edit, some files are copied around into memory and the edit application is invoked.
Selected files: sam system security Copying sam system security to /tmp
========================================================= ¤ Step THREE: Password or registry edit
========================================================= chntpw version 0.99.5 070923 (decade), (c) Petter N Hagen Hive name (from header): <SystemRootSystem32ConfigSAM> ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf> Page at 0x44000 is not 'hbin', assuming file contains garbage at end File size 524288 [80000] bytes, containing 11 pages (+ 1 headerpage) Used for data: 288/250904 blocks/bytes, unused: 15/23176 blocks/bytes.
Hive name (from header): <SYSTEM> ROOT KEY at offset: 0x001020 * Subkey indexing type is: 686c <lh> Page at 0x8b4000 is not 'hbin', assuming file contains garbage at end File size 9175040 [8c0000] bytes, containing 2117 pages (+ 1 headerpage) Used for data: 96982/6224016 blocks/bytes, unused: 4381/2830032 blocks/bytes.
Hive name (from header): <emRootSystem32ConfigSECURITY> ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf> Page at 0x6000 is not 'hbin', assuming file contains garbage at end File size 262144 [40000] bytes, containing 5 pages (+ 1 headerpage) Used for data: 334/17312 blocks/bytes, unused: 7/3008 blocks/bytes.
* SAM policy limits: Failed logins before lockout is: 0 Minimum password length : 0 Password history count : 0
======== chntpw Main Interactive Menu ========
Loaded hives:
1 - Edit user data and passwords
2 - Syskey status & change
3 - RecoveryConsole settings
- - -
9 - Registry editor, now with full write support!
q - Quit (you will be asked if there is something to save)
What to do? [1] ->
This demo shows selection 1 for password edit, but you can also do other things. Note that 2, Syskey may be dangerous! AND NOT NEEDED TO RESET PASSWORDS! and does not work at all on Vista, but you get some info before you do any changes.
Selection 3, RecoveryConsole is only relevant for Win2k, XP and 2003 and you must have selected to load the SOFTWARE part of the registry (selection 2) earlier.
The manual registry editor is always available, it is not the most user-friendly thing, but anyway..
We continue our quest to change our "admin" users password..
===== chntpw Edit User Info & Passwords ====
| RID -|---------- Username ------------| Admin? |- Lock? --| | 03e8 | admin | ADMIN | | | 01f4 | Administrator | ADMIN | dis/lock | | 03ec | grumf1 | | | | 03ed | grumf2 | | | | 03ee | grumf3 | | | | 01f5 | Guest | | dis/lock | | 03ea | jalla1 | ADMIN | *BLANK* | | 03eb | jalla2 | | *BLANK* | | 03e9 | petro | ADMIN | *BLANK* |
This is a list of all local users on the machine. You may see more users here than in the overly user-friendly control panel, for example XP has some help and support built in users. The users marked "ADMIN" are members of the administrators group, which means they have admin rights, if you can login to one of them you can get control of the machine.
The buildt in (at install time in all windows versions) administrator is always RID 01f4. This example is from Vista, and Vista by default has this locked down (the installer instead asks and makes another user the regular use administrator, in this case RID 03e8)
The "lock?" collumn show if the user account is disabled or locked out (due to many logon attempts for example) or BLANK if the password seems to be blank.
We select to edit the "admin" user (this was the user made administrator by the Vista installer)
Select: ! - quit, . - list users, 0x - User with RID (hex) or simply enter the username to change: [Administrator] admin
RID : 1000 [03e8] Username: admin fullname: comment : homedir :
User is member of 1 groups: 00000220 = Administrators (which has 4 members)
Group 220 is THE BOSS GROUP! :)
Account bits: 0x0214 = [ ] Disabled | [ ] Homedir req. | [X] Passwd not req. | [ ] Temp. duplicate | [X] Normal account | [ ] NMS account | [ ] Domain trust ac | [ ] Wks trust act. | [ ] Srv trust act | [X] Pwd don't expir | [ ] Auto lockout | [ ] (unknown 0x08) | [ ] (unknown 0x10) | [ ] (unknown 0x20) | [ ] (unknown 0x40) |
Failed login count: 0, while max tries is: 0 Total login count: 3
Some status info, user is locked out if "Disabled" is set or "Failed login count" is larger than "max tries" policy setting. This user is not locked in any way. The lockout can be reset with option 4 below.
- - - - User Edit Menu: 1 - Clear (blank) user password 2 - Edit (set new) user password (careful with this on XP or Vista) 3 - Promote user (make user an administrator) (4 - Unlock and enable user account) [seems unlocked already] q - Quit editing user, back to user select Select: [q] > 1 Password cleared!
Here we just reset/clear/blank the password. But you can also try to set a new password with option 2, but it will only work if the password is not blank already. Also, it often fails to work on XP and newer systems.
Number 3 is to put a non-admin user into the administrators (220) group, thus making the user an administrator. IT IS STILL EXPERIMENTAL AND IT MAY sometimes RESULT IN STRANGE ERRORS WHEN LATER EDITING THE GROUP FROM WINDOWS! Also, usually pointless in promoting the Guest user, as it is most likely forbidden to log in by the security policy settings.
Select: ! - quit, . - list users, 0x - User with RID (hex) or simply enter the username to change: [Administrator] !
Exclamation point ! quits out (it's SHIFT 1 on the US keyboard layout used on the boot CD) Then we get back to the main menu, and select to quit..
======== chntpw Main Interactive Menu ========
Loaded hives: <sam> <system> <security>
1 - Edit user data and passwords
2 - Syskey status & change
3 - RecoveryConsole settings
- - -
9 - Registry editor, now with full write support!
q - Quit (you will be asked if there is something to save)
What to do? [1] -> q
Hives that have changed: # Name 0 - OK
========================================================= ¤ Step FOUR: Writing back changes
========================================================= About to write file(s) back! Do it? [n] : y
You must answer y, or the changes will not be saved. This is the last chance to change your mind!
Writing sam
Only changed files of the registry are actually written back.
If you forgot something, you may run again, else press CTRL-ALT-DEL to reboot.
***** EDIT COMPLETE *****
You can try again if it somehow failed, or you selected wrong New run? [n] : n
=========================================================
* end of scripts.. returning to the shell.. * Press CTRL-ALT-DEL to reboot now (remove floppy first) * or do whatever you want from the shell.. * However, if you mount something, remember to umount before reboot * You may also restart the script procedure with 'sh /scripts/main.sh'
(Please ignore the message about job control, it is not relevant)
BusyBox v1.1.0-pre1 (2005.12.30-19:45+0000) Built-in shell (ash) Enter 'help' for a list of built-in commands.
sh: can't access tty; job control turned off And I got about a gazillion questions on this error message, even if it is mentioned in the FAQ It is from the shell telling it cannot do "job control" which means it cannot handle CTRL-C etc. It HAS NOTHING TO DO WITH YOUR PASSWORD RESET DID NOT WORK! That is caused by a lot of other things.
add a comment |
Use this bootdisk to boot PCs with Windows OSes to blank out the LOCAL
user account passwords, ENABLE
or DISABLE
LOCAL user accounts, etc.
You can use this if you've forgotten your LOCAL
Windows user account password, you've done a factory reimage/reset on your Windows OS and the account has a password you don't know what it is, and things of this sort of nature so you can log into Windows as some account WITHOUT a password just to get in, and then set the password from the Windows Control Panel, etc. to something you do know afterwards.
THE STEPS IN BRIEF
Download the bootdisk image file
Burn bootdisk image file onto media (e.g.
USB
orCD
) to boot PC from it rather than the hard drive or Windows.Put the newly burned bootdisk media into the PC, and then instruct the PC to boot from it rather than the internal hard drive with Windows installed.
Follow the instruction from the below section labeled
INSTRUCTIONS ONCE BOOTED TO
for what options to pick, etc. to enable existing local Windows accounts and/or blank out the password of the accounts and so on.
General Information
Resource: http://pogostick.net/~pnh/ntpasswd/bootdisk.html
Offline Windows Password & Registry Editor, Bootdisk / CD
I've put together a CD or USB Drive image which contains things needed
to reset the passwords on most systems.
The bootdisk should support most of the more usual disk controllers,
and it should auto-load most of them. Both PS/2 and USB keyboard
supported.
More or less tested from NT3.5 up to Windows 8.1, including the server
versions like 2003, 2008 and 2012. Also 64 bit windows supported.
DANGER WILL ROBINSON!
If password is reset on users that have EFS encrypted files, and the system is XP or newer, all encrypted files for that user will be
UNREADABLE! and cannot be recovered unless you remember the old
password again If you don't know if you have encrypted files or not,
you most likely don't have them. (except maybe on corporate systems)
Please see the Frequently Asked
Questions and the
version history below before emailing questions to me. Thanks!
Download Bootdisk
Resource: http://pogostick.net/~pnh/ntpasswd/bootdisk.html
Download
Note: Some links may be offsite.
CD release, see below on how to use
cd140201.zip (~18MB) - Bootable CD image.
usb140201.zip (~18MB) - Files for USB install
Previous release:
cd110511.zip (~4MB) - Bootable CD image.
usb110511.zip (~4MB) - Files for USB install
The files inside the USB zip are exactly the same as on the CD. See
below for instructions on how to make USB disk bootable.
Floppy release (not updated anymore), see below on how to use them
bd080526.zip (~1.4M) - Bootdisk image
drivers1-080526.zip
(~310K) - Disk drivers (mostly PATA/SATA)
drivers2-080526.zip
(~1.2M) - Disk drivers (mostly SCSI)
Previous versions may sometimes be found here (also my site)
NOTE: Versions before 0704xx will corrupt the disk on VISTA/win7/8!
NOTE THAT THE BOOTDISK CONTAINS CRYPTHOGRAPHIC CODE, and that it may be ILLEGAL to RE-EXPORT it from your country.
HOW TO USE
Resource: http://pogostick.net/~pnh/ntpasswd/bootdisk.html
How to use?
Please read the walthrough (now a bit outdated, sorry) and the
FAQ before mailing me questions
If you have the CD or USB, all drivers are included.
Overview
- Get the machine to boot from the CD or USB drive.
- Load drivers (usually automatic, but possible to run manual select)
- Disk select, tell which disk contains the Windows system. Optionally
you will have to load drivers.
- PATH select, where on the disk is the system? (now usually
automatic)
- File select, which parts of registry to load, based on what you want
to do.
- Password reset or other registry edit.
- Write back to disk (you will be asked)
DON'T PANIC!! - Most questions can usually be answered with the default answer which is given in [brackets]. Just press enter/return
to accept the default answer.
The walkthrough and instructions is now on its own page! but is quite old.. hope to make a new one..
What can go wrong?
Well. Lots of things, actually. But most of the problems is of the
type "cannot find" something. And then nothing happens.
Also, see the FAQ for
help with common problems.
INSTRUCTIONS ONCE BOOTED TO
It may be best to print these instruction and then follow from that printed copy—and print from the version on the web site resource URL perhaps too in case they update something with it since after my post here.
This is the detail that explains what options to pick once the bootdisk starts booting to find and point to the internal hard drive and pick the current Windows OS objects to blank out the LOCAL user accounts on that Windows OS on the hard drive.
This part may seem complex or involved at first, but just let the bootdisk boot up and go through the screen until it prompts or waits for you to tell it what to do. Look over these instructions and just pick the appropriate options as instructed—it should make sense so just read it over until you get it.
Typically though you'll. . .
a. pick the Windows disk partition on the hard drive the bootdisk
inspects
b. from the list of usernames it finds, type the name of the account
you'll change (e.g. administrator, jsmith, etc.)
c. from the next list, it'll tell you if the account is disabled, expired, etc. so you know what you'll need change to reset it for specifically to ensure you can sign on with it afterwards when booted back to Windows
d. on the next screen you'll want to unlock the account, blank the password on the account or set account as local administrator (option 1, 3, and 4).
i. you may need to do step "d." one time per action and then pick the username of the account again for the next action if it needs
more than one action completed (e.g. blank password, unlock account,
etc.)ii. I'd just steer clear of setting passwords here and just do that through Windows Control Panel once you get signed onto Windows with a blank password as administrator, etc.
e. be sure you select "Y" to save your changes to and then when the PC reboots, let it reboot to Windows and then sign on with the blank password to the account you changed with the bootdisk.
If it doesn't work, boot to the bootdisk and do it again, maybe you didn't pick some option so it didn't do what you expected it to. Since you're factory wiping this hard drive anyway, there should not be much danger in loosing anything or corrupting anything as then you'd just reimage/factory reset it again.
Resource: http://pogostick.net/~pnh/ntpasswd/walkthrough.html
Offline NT Password & Registry Editor, Walkthrough
2014, NOTE: This is now a bit old, some are the same, some look a bit different..
The following is a walkthrough of using the CD to reset one user (admin) on a test Vista computer.
Insert the CD and convince your BIOS that it should boot from it. How to boot from a CD varies from computer make to computer make, so I cannot help you much. Some BIOS shows a boot device select menu if you press ESC, F8, F11 or F12 or something like that during the self test. (some even tell you on the screen what to press)
If it boots, you should see this:
ISOLINUX 3.51 2007-06-10 Copyright (C) 1994-2007 H. Peter Anvin
*************************************************************************** * * * Windows NT/2k/XP/Vista Change Password / Registry Editor / Boot CD * *
* * (c) 1998-2007 Petter Nordahl-Hagen. Distributed under GNU GPL v2 * *
* * DISCLAIMER: THIS SOFTWARE COMES WITH ABSOLUTELY NO WARRANTIES! * * THE AUTHOR CAN NOT BE HELD RESPONSIBLE FOR ANY DAMAGE * * CAUSED BY THE (MIS)USE OF THIS SOFTWARE
* * * * More info at: http://pogostick.net/~pnh/ntpasswd/ * * Email : pnh@pogostick.net * * * * CD build date: Sun Sep 23 14:15:35 CEST 2007 * ***************************************************************************
Press enter to boot, or give linux kernel boot options first if needed. Some that I have to use once in a while: boot nousb
- to turn off USB if not used and it causes problems boot irqpoll - if some drivers hang with irq problem messages boot nodrivers - skip automatic disk driver loading
boot: Usually just press enter here. If you have linux knowledge, you can tweak kernel options if you need/like.
Then it boots and outputs a lot of kernel messages about your hardware and such.. most if not all are nothing to worry about.
Loading vmlinuz.................. Loading scsi.cgz.........................
Loading initrd.cgz.......... Ready. Linux version 2.6.22.6 (root@athene) (gcc version 4.1.1 20060724 (prerelease) (4.1.1-3mdk))
#2 Sun Sep 9 16:59:48 CEST 2007 BIOS-provided physical RAM map: BIOS-e820: 0000000000000000 - 000000000009f800 (usable) BIOS-e820: 000000000009f800 - 00000000000a0000 (reserved) BIOS-e820: 00000000000ca000 - 00000000000cc000 (reserved) BIOS-e820: 00000000000dc000 - 0000000000100000 (reserved) BIOS-e820: 0000000000100000 - 00000000316f0000 (usable) BIOS-e820: 00000000316f0000 - 00000000316ff000 (ACPI data) BIOS-e820: 00000000316ff000 - 0000000031700000 (ACPI NVS) BIOS-e820: 0000000031700000 - 0000000031800000 (usable) BIOS-e820: 00000000fec00000 - 00000000fec10000 (reserved) BIOS-e820: 00000000fee00000 - 00000000fee01000 (reserved) BIOS-e820: 00000000fffe0000 - 0000000100000000 (reserved) 792MB LOWMEM available. Zone PFN ranges:
DMA 0 -> 4096
Normal 4096 -> 202752 early_node_map[1] active PFN ranges
...
Serial: 8250/16550 driver $Revision: 1.90 $ 4 ports, IRQ sharing enabled serial8250: ttyS0 at I/O 0x3f8 (irq = 4) is a 16550A Floppy drive(s): fd0 is 1.44M FDC 0 is a post-1991 82077 RAMDISK driver initialized: 16 RAM disks of 32000K size 1024 blocksize USB Universal Host Controller Interface driver v3.0 Initializing USB Mass Storage driver... usbcore: registered new interface driver usb-storage USB Mass Storage support registered. serio: i8042 KBD port at 0x60,0x64 irq 1 serio: i8042 AUX port at 0x60,0x64 irq 12 usbcore: registered new interface driver usbhid drivers/hid/usbhid/hid-core.c: v2.6:USB HID core driver Using IPI Shortcut mode BIOS EDD facility v0.16 2004-Jun-25, 1 devices found Freeing unused kernel memory: 144k freed Booting ntpasswd Mounting: proc sys Ramdisk setup complete, stage separation.. In stage 2 Spawning shells on console 2 - 6 Initialization complete!
** Preparing driver modules to dir /lib/modules/2.6.22.6 input: AT Translated Set 2 keyboard as /class/input/input0
Most of the generic linux boot now done, and we try to load the disk drivers. If you use the floppy version you will be asked to swap floppies at this point. Drivers are then tried based on PCI hardware indentification.
** Will now try to auto-load relevant drivers based on PCI information
---- AUTO DISK DRIVER select ---- --- PROBE FOUND THE FOLLOWING DRIVERS: ata_piix ata_generic mptspi --- TRYING TO LOAD THE DRIVERS ### Loading ata_piix scsi0 : ata_piix scsi1 : ata_piix ata1: PATA max UDMA/33 cmd 0x000101f0 ctl 0x000103f6 bmdma 0x00011050 irq 14 ata2: PATA max UDMA/33 cmd 0x00010170 ctl 0x00010376 bmdma 0x00011058 irq 15 ata2.00: ATAPI: VMware Virtual IDE CDROM Drive, 00000001, max UDMA/33 ata2.00: configured for UDMA/33 scsi 1:0:0:0: CD-ROM NECVMWar VMware IDE CDR10 1.00 PQ: 0 ANSI: 5 sr0: scsi3-mmc drive: 1x/1x xa/form2 cdda tray Uniform CD-ROM driver Revision: 3.20
### Loading ata_generic
### Loading mptspi Fusion MPT base driver 3.04.04 Copyright (c) 1999-2007 LSI Logic Corporation Fusion MPT SPI Host driver 3.04.04 PCI: Found IRQ 9 for device 0000:00:10.0 mptbase: Initiating ioc0 bringup ioc0: 53C1030: Capabilities={Initiator} scsi2 : ioc0: LSI53C1030, FwRev=01032920h, Ports=1, MaxQ=128, IRQ=9 scsi 2:0:0:0: Direct-Access VMware, VMware Virtual S 1.0 PQ: 0 ANSI: 2 target2:0:0: Beginning Domain Validation target2:0:0: Domain Validation skipping write tests target2:0:0: Ending Domain Validation target2:0:0: FAST-40 WIDE SCSI 80.0 MB/s ST (25 ns, offset 127) sd 2:0:0:0: [sda] 83886080 512-byte hardware sectors (42950 MB) sd 2:0:0:0: [sda] Write Protect is off sd 2:0:0:0: [sda] Cache data unavailable sd 2:0:0:0: [sda] Assuming drive cache: write through sd 2:0:0:0: [sda] 83886080 512-byte hardware sectors (42950 MB) sd 2:0:0:0: [sda] Write Protect is off sd 2:0:0:0: [sda] Cache data unavailable sd 2:0:0:0: [sda] Assuming drive cache: write through sda: sda1 sd 2:0:0:0: [sda] Attached SCSI disk
Most of these messages are from the drivers themselves. Some talk a lot, some doesn't. But all give info on the brand and model and size of the disks found, if any.
------------------------------------------------------------- Driver load done, if none loaded, you may try manual instead.
-------------------------------------------------------------
** If no disk show up, you may have to try again (d option) or manual (m).
You can later load more drivers..
************************************************************************* * Windows Registry Edit Utility Floppy / chntpw * * (c) 1997 - 2007 Petter N Hagen - pnh@pogostick.net * * GNU GPL v2 license, see files on CD * * * * This utility will enable you to change or blank the password of * * any user (incl. administrator) on an Windows NT/2k/XP/Vista * * WITHOUT knowing the old password. * * Unlocking locked/disabled accounts also supported. * * * * It also has a registry editor, and there is now support for * * adding and deleting keys and values. * * * * Tested on: NT3.51 & NT4: Workstation, Server, PDC. * * Win2k Prof & Server to SP4. Cannot change AD. * * XP Home & Prof: up to SP2 * * Win 2003 Server (cannot change AD passwords) * * Vista 32 and 64 bit * * * * HINT: If things scroll by too fast, press SHIFT-PGUP/PGDOWN ... * *************************************************************************
========================================================= There are several steps to go through:
- Disk select with optional loading of disk drivers
- PATH select, where are the Windows systems files stored
- File-select, what parts of registry we need
- Then finally the password change or registry edit itself
- If changes were made, write them back to disk
DON'T PANIC! Usually the defaults are OK, just press enter
all the way through the questions
========================================================= ¤ Step ONE: Select disk where the Windows installation is
=========================================================
Disks: Disk /dev/sda: 42.9 GB, 42949672960 bytes
Candidate Windows partitions found: 1 : /dev/sda1 40958MB BOOT
Here it has found one disk with one partition
Please select partition by number or q = quit d = automatically start disk drivers m = manually select disk drivers to load f = fetch additional drivers from floppy / usb a = show all partitions found l = show propbable Windows (NTFS) partitions only Select: [1]
Here you select one of the partitions listed above (in this case there is only one) or one of the letters from the menu.
Floppy users may need to do 'f' to load in more drivers from another floppy.
The 'd' option will re-run the PCI scan and start relevant drivers (they must already be loaded from floppy with 'f' option)
The 'm' for manual load will present a list of all the drivers with short description if available, and allow you to specify which to load. (Dependecies are handled automatically)
Here we only have one partition, so we just press enter to select it.
Selected 1
Mounting from /dev/sda1, with filesystem type NTFS
NTFS volume version 3.1.
It was an NTFS filesystem, and it mounted successfully.
========================================================= ¤ Step TWO: Select PATH and registry files
========================================================= What is the path to the registry directory? (relative to windows disk) [WINDOWS/system32/config] :
The registry is usually system32/config under WINDOWS or WINNT directory, depending on the windows version (and it may be changed during installation). If the correct partition has been selected, the default prompt will be adjusted to match if it can find one of the usual variants.
We accept the defaults.. and get a (bit filtered) directory listing showing most of the interesting registry files
-rw------- 2 0 0 262144 Feb 28 2007 BCD-Template
-rw------- 2 0 0 6815744 Sep 23 12:33 COMPONENTS -rw------- 1 0 0 262144 Sep 23 12:33 DEFAULT drwx------ 1 0 0 0 Nov 2 2006 Journal drwx------ 1 0 0 8192 Sep 23 12:33 RegBack
-rw------- 1 0 0 524288 Sep 23 12:33 SAM -rw------- 1 0 0 262144 Sep 23 12:33 SECURITY -rw------- 1 0 0 15728640 Sep 23 12:33 SOFTWARE -rw------- 1 0 0 9175040 Sep 23 12:33 SYSTEM drwx------ 1 0 0 4096 Nov 2 2006 TxR drwx------ 1 0 0 4096 Feb 27 2007 systemprofile
Select which part of registry to load, use predefined choices or list the files with space as delimiter 1 - Password reset [sam system security] 2 - RecoveryConsole parameters [software] q - quit - return to previous [1] :
Choice 1 is for password edit, most used. But if you wish, you can load any of the files (just enter it's name) and do manual registry edit on them.
But here, we select 1 for password edit, some files are copied around into memory and the edit application is invoked.
Selected files: sam system security Copying sam system security to /tmp
========================================================= ¤ Step THREE: Password or registry edit
========================================================= chntpw version 0.99.5 070923 (decade), (c) Petter N Hagen Hive name (from header): <SystemRootSystem32ConfigSAM> ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf> Page at 0x44000 is not 'hbin', assuming file contains garbage at end File size 524288 [80000] bytes, containing 11 pages (+ 1 headerpage) Used for data: 288/250904 blocks/bytes, unused: 15/23176 blocks/bytes.
Hive name (from header): <SYSTEM> ROOT KEY at offset: 0x001020 * Subkey indexing type is: 686c <lh> Page at 0x8b4000 is not 'hbin', assuming file contains garbage at end File size 9175040 [8c0000] bytes, containing 2117 pages (+ 1 headerpage) Used for data: 96982/6224016 blocks/bytes, unused: 4381/2830032 blocks/bytes.
Hive name (from header): <emRootSystem32ConfigSECURITY> ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf> Page at 0x6000 is not 'hbin', assuming file contains garbage at end File size 262144 [40000] bytes, containing 5 pages (+ 1 headerpage) Used for data: 334/17312 blocks/bytes, unused: 7/3008 blocks/bytes.
* SAM policy limits: Failed logins before lockout is: 0 Minimum password length : 0 Password history count : 0
======== chntpw Main Interactive Menu ========
Loaded hives:
1 - Edit user data and passwords
2 - Syskey status & change
3 - RecoveryConsole settings
- - -
9 - Registry editor, now with full write support!
q - Quit (you will be asked if there is something to save)
What to do? [1] ->
This demo shows selection 1 for password edit, but you can also do other things. Note that 2, Syskey may be dangerous! AND NOT NEEDED TO RESET PASSWORDS! and does not work at all on Vista, but you get some info before you do any changes.
Selection 3, RecoveryConsole is only relevant for Win2k, XP and 2003 and you must have selected to load the SOFTWARE part of the registry (selection 2) earlier.
The manual registry editor is always available, it is not the most user-friendly thing, but anyway..
We continue our quest to change our "admin" users password..
===== chntpw Edit User Info & Passwords ====
| RID -|---------- Username ------------| Admin? |- Lock? --| | 03e8 | admin | ADMIN | | | 01f4 | Administrator | ADMIN | dis/lock | | 03ec | grumf1 | | | | 03ed | grumf2 | | | | 03ee | grumf3 | | | | 01f5 | Guest | | dis/lock | | 03ea | jalla1 | ADMIN | *BLANK* | | 03eb | jalla2 | | *BLANK* | | 03e9 | petro | ADMIN | *BLANK* |
This is a list of all local users on the machine. You may see more users here than in the overly user-friendly control panel, for example XP has some help and support built in users. The users marked "ADMIN" are members of the administrators group, which means they have admin rights, if you can login to one of them you can get control of the machine.
The buildt in (at install time in all windows versions) administrator is always RID 01f4. This example is from Vista, and Vista by default has this locked down (the installer instead asks and makes another user the regular use administrator, in this case RID 03e8)
The "lock?" collumn show if the user account is disabled or locked out (due to many logon attempts for example) or BLANK if the password seems to be blank.
We select to edit the "admin" user (this was the user made administrator by the Vista installer)
Select: ! - quit, . - list users, 0x - User with RID (hex) or simply enter the username to change: [Administrator] admin
RID : 1000 [03e8] Username: admin fullname: comment : homedir :
User is member of 1 groups: 00000220 = Administrators (which has 4 members)
Group 220 is THE BOSS GROUP! :)
Account bits: 0x0214 = [ ] Disabled | [ ] Homedir req. | [X] Passwd not req. | [ ] Temp. duplicate | [X] Normal account | [ ] NMS account | [ ] Domain trust ac | [ ] Wks trust act. | [ ] Srv trust act | [X] Pwd don't expir | [ ] Auto lockout | [ ] (unknown 0x08) | [ ] (unknown 0x10) | [ ] (unknown 0x20) | [ ] (unknown 0x40) |
Failed login count: 0, while max tries is: 0 Total login count: 3
Some status info, user is locked out if "Disabled" is set or "Failed login count" is larger than "max tries" policy setting. This user is not locked in any way. The lockout can be reset with option 4 below.
- - - - User Edit Menu: 1 - Clear (blank) user password 2 - Edit (set new) user password (careful with this on XP or Vista) 3 - Promote user (make user an administrator) (4 - Unlock and enable user account) [seems unlocked already] q - Quit editing user, back to user select Select: [q] > 1 Password cleared!
Here we just reset/clear/blank the password. But you can also try to set a new password with option 2, but it will only work if the password is not blank already. Also, it often fails to work on XP and newer systems.
Number 3 is to put a non-admin user into the administrators (220) group, thus making the user an administrator. IT IS STILL EXPERIMENTAL AND IT MAY sometimes RESULT IN STRANGE ERRORS WHEN LATER EDITING THE GROUP FROM WINDOWS! Also, usually pointless in promoting the Guest user, as it is most likely forbidden to log in by the security policy settings.
Select: ! - quit, . - list users, 0x - User with RID (hex) or simply enter the username to change: [Administrator] !
Exclamation point ! quits out (it's SHIFT 1 on the US keyboard layout used on the boot CD) Then we get back to the main menu, and select to quit..
======== chntpw Main Interactive Menu ========
Loaded hives: <sam> <system> <security>
1 - Edit user data and passwords
2 - Syskey status & change
3 - RecoveryConsole settings
- - -
9 - Registry editor, now with full write support!
q - Quit (you will be asked if there is something to save)
What to do? [1] -> q
Hives that have changed: # Name 0 - OK
========================================================= ¤ Step FOUR: Writing back changes
========================================================= About to write file(s) back! Do it? [n] : y
You must answer y, or the changes will not be saved. This is the last chance to change your mind!
Writing sam
Only changed files of the registry are actually written back.
If you forgot something, you may run again, else press CTRL-ALT-DEL to reboot.
***** EDIT COMPLETE *****
You can try again if it somehow failed, or you selected wrong New run? [n] : n
=========================================================
* end of scripts.. returning to the shell.. * Press CTRL-ALT-DEL to reboot now (remove floppy first) * or do whatever you want from the shell.. * However, if you mount something, remember to umount before reboot * You may also restart the script procedure with 'sh /scripts/main.sh'
(Please ignore the message about job control, it is not relevant)
BusyBox v1.1.0-pre1 (2005.12.30-19:45+0000) Built-in shell (ash) Enter 'help' for a list of built-in commands.
sh: can't access tty; job control turned off And I got about a gazillion questions on this error message, even if it is mentioned in the FAQ It is from the shell telling it cannot do "job control" which means it cannot handle CTRL-C etc. It HAS NOTHING TO DO WITH YOUR PASSWORD RESET DID NOT WORK! That is caused by a lot of other things.
Use this bootdisk to boot PCs with Windows OSes to blank out the LOCAL
user account passwords, ENABLE
or DISABLE
LOCAL user accounts, etc.
You can use this if you've forgotten your LOCAL
Windows user account password, you've done a factory reimage/reset on your Windows OS and the account has a password you don't know what it is, and things of this sort of nature so you can log into Windows as some account WITHOUT a password just to get in, and then set the password from the Windows Control Panel, etc. to something you do know afterwards.
THE STEPS IN BRIEF
Download the bootdisk image file
Burn bootdisk image file onto media (e.g.
USB
orCD
) to boot PC from it rather than the hard drive or Windows.Put the newly burned bootdisk media into the PC, and then instruct the PC to boot from it rather than the internal hard drive with Windows installed.
Follow the instruction from the below section labeled
INSTRUCTIONS ONCE BOOTED TO
for what options to pick, etc. to enable existing local Windows accounts and/or blank out the password of the accounts and so on.
General Information
Resource: http://pogostick.net/~pnh/ntpasswd/bootdisk.html
Offline Windows Password & Registry Editor, Bootdisk / CD
I've put together a CD or USB Drive image which contains things needed
to reset the passwords on most systems.
The bootdisk should support most of the more usual disk controllers,
and it should auto-load most of them. Both PS/2 and USB keyboard
supported.
More or less tested from NT3.5 up to Windows 8.1, including the server
versions like 2003, 2008 and 2012. Also 64 bit windows supported.
DANGER WILL ROBINSON!
If password is reset on users that have EFS encrypted files, and the system is XP or newer, all encrypted files for that user will be
UNREADABLE! and cannot be recovered unless you remember the old
password again If you don't know if you have encrypted files or not,
you most likely don't have them. (except maybe on corporate systems)
Please see the Frequently Asked
Questions and the
version history below before emailing questions to me. Thanks!
Download Bootdisk
Resource: http://pogostick.net/~pnh/ntpasswd/bootdisk.html
Download
Note: Some links may be offsite.
CD release, see below on how to use
cd140201.zip (~18MB) - Bootable CD image.
usb140201.zip (~18MB) - Files for USB install
Previous release:
cd110511.zip (~4MB) - Bootable CD image.
usb110511.zip (~4MB) - Files for USB install
The files inside the USB zip are exactly the same as on the CD. See
below for instructions on how to make USB disk bootable.
Floppy release (not updated anymore), see below on how to use them
bd080526.zip (~1.4M) - Bootdisk image
drivers1-080526.zip
(~310K) - Disk drivers (mostly PATA/SATA)
drivers2-080526.zip
(~1.2M) - Disk drivers (mostly SCSI)
Previous versions may sometimes be found here (also my site)
NOTE: Versions before 0704xx will corrupt the disk on VISTA/win7/8!
NOTE THAT THE BOOTDISK CONTAINS CRYPTHOGRAPHIC CODE, and that it may be ILLEGAL to RE-EXPORT it from your country.
HOW TO USE
Resource: http://pogostick.net/~pnh/ntpasswd/bootdisk.html
How to use?
Please read the walthrough (now a bit outdated, sorry) and the
FAQ before mailing me questions
If you have the CD or USB, all drivers are included.
Overview
- Get the machine to boot from the CD or USB drive.
- Load drivers (usually automatic, but possible to run manual select)
- Disk select, tell which disk contains the Windows system. Optionally
you will have to load drivers.
- PATH select, where on the disk is the system? (now usually
automatic)
- File select, which parts of registry to load, based on what you want
to do.
- Password reset or other registry edit.
- Write back to disk (you will be asked)
DON'T PANIC!! - Most questions can usually be answered with the default answer which is given in [brackets]. Just press enter/return
to accept the default answer.
The walkthrough and instructions is now on its own page! but is quite old.. hope to make a new one..
What can go wrong?
Well. Lots of things, actually. But most of the problems is of the
type "cannot find" something. And then nothing happens.
Also, see the FAQ for
help with common problems.
INSTRUCTIONS ONCE BOOTED TO
It may be best to print these instruction and then follow from that printed copy—and print from the version on the web site resource URL perhaps too in case they update something with it since after my post here.
This is the detail that explains what options to pick once the bootdisk starts booting to find and point to the internal hard drive and pick the current Windows OS objects to blank out the LOCAL user accounts on that Windows OS on the hard drive.
This part may seem complex or involved at first, but just let the bootdisk boot up and go through the screen until it prompts or waits for you to tell it what to do. Look over these instructions and just pick the appropriate options as instructed—it should make sense so just read it over until you get it.
Typically though you'll. . .
a. pick the Windows disk partition on the hard drive the bootdisk
inspects
b. from the list of usernames it finds, type the name of the account
you'll change (e.g. administrator, jsmith, etc.)
c. from the next list, it'll tell you if the account is disabled, expired, etc. so you know what you'll need change to reset it for specifically to ensure you can sign on with it afterwards when booted back to Windows
d. on the next screen you'll want to unlock the account, blank the password on the account or set account as local administrator (option 1, 3, and 4).
i. you may need to do step "d." one time per action and then pick the username of the account again for the next action if it needs
more than one action completed (e.g. blank password, unlock account,
etc.)ii. I'd just steer clear of setting passwords here and just do that through Windows Control Panel once you get signed onto Windows with a blank password as administrator, etc.
e. be sure you select "Y" to save your changes to and then when the PC reboots, let it reboot to Windows and then sign on with the blank password to the account you changed with the bootdisk.
If it doesn't work, boot to the bootdisk and do it again, maybe you didn't pick some option so it didn't do what you expected it to. Since you're factory wiping this hard drive anyway, there should not be much danger in loosing anything or corrupting anything as then you'd just reimage/factory reset it again.
Resource: http://pogostick.net/~pnh/ntpasswd/walkthrough.html
Offline NT Password & Registry Editor, Walkthrough
2014, NOTE: This is now a bit old, some are the same, some look a bit different..
The following is a walkthrough of using the CD to reset one user (admin) on a test Vista computer.
Insert the CD and convince your BIOS that it should boot from it. How to boot from a CD varies from computer make to computer make, so I cannot help you much. Some BIOS shows a boot device select menu if you press ESC, F8, F11 or F12 or something like that during the self test. (some even tell you on the screen what to press)
If it boots, you should see this:
ISOLINUX 3.51 2007-06-10 Copyright (C) 1994-2007 H. Peter Anvin
*************************************************************************** * * * Windows NT/2k/XP/Vista Change Password / Registry Editor / Boot CD * *
* * (c) 1998-2007 Petter Nordahl-Hagen. Distributed under GNU GPL v2 * *
* * DISCLAIMER: THIS SOFTWARE COMES WITH ABSOLUTELY NO WARRANTIES! * * THE AUTHOR CAN NOT BE HELD RESPONSIBLE FOR ANY DAMAGE * * CAUSED BY THE (MIS)USE OF THIS SOFTWARE
* * * * More info at: http://pogostick.net/~pnh/ntpasswd/ * * Email : pnh@pogostick.net * * * * CD build date: Sun Sep 23 14:15:35 CEST 2007 * ***************************************************************************
Press enter to boot, or give linux kernel boot options first if needed. Some that I have to use once in a while: boot nousb
- to turn off USB if not used and it causes problems boot irqpoll - if some drivers hang with irq problem messages boot nodrivers - skip automatic disk driver loading
boot: Usually just press enter here. If you have linux knowledge, you can tweak kernel options if you need/like.
Then it boots and outputs a lot of kernel messages about your hardware and such.. most if not all are nothing to worry about.
Loading vmlinuz.................. Loading scsi.cgz.........................
Loading initrd.cgz.......... Ready. Linux version 2.6.22.6 (root@athene) (gcc version 4.1.1 20060724 (prerelease) (4.1.1-3mdk))
#2 Sun Sep 9 16:59:48 CEST 2007 BIOS-provided physical RAM map: BIOS-e820: 0000000000000000 - 000000000009f800 (usable) BIOS-e820: 000000000009f800 - 00000000000a0000 (reserved) BIOS-e820: 00000000000ca000 - 00000000000cc000 (reserved) BIOS-e820: 00000000000dc000 - 0000000000100000 (reserved) BIOS-e820: 0000000000100000 - 00000000316f0000 (usable) BIOS-e820: 00000000316f0000 - 00000000316ff000 (ACPI data) BIOS-e820: 00000000316ff000 - 0000000031700000 (ACPI NVS) BIOS-e820: 0000000031700000 - 0000000031800000 (usable) BIOS-e820: 00000000fec00000 - 00000000fec10000 (reserved) BIOS-e820: 00000000fee00000 - 00000000fee01000 (reserved) BIOS-e820: 00000000fffe0000 - 0000000100000000 (reserved) 792MB LOWMEM available. Zone PFN ranges:
DMA 0 -> 4096
Normal 4096 -> 202752 early_node_map[1] active PFN ranges
...
Serial: 8250/16550 driver $Revision: 1.90 $ 4 ports, IRQ sharing enabled serial8250: ttyS0 at I/O 0x3f8 (irq = 4) is a 16550A Floppy drive(s): fd0 is 1.44M FDC 0 is a post-1991 82077 RAMDISK driver initialized: 16 RAM disks of 32000K size 1024 blocksize USB Universal Host Controller Interface driver v3.0 Initializing USB Mass Storage driver... usbcore: registered new interface driver usb-storage USB Mass Storage support registered. serio: i8042 KBD port at 0x60,0x64 irq 1 serio: i8042 AUX port at 0x60,0x64 irq 12 usbcore: registered new interface driver usbhid drivers/hid/usbhid/hid-core.c: v2.6:USB HID core driver Using IPI Shortcut mode BIOS EDD facility v0.16 2004-Jun-25, 1 devices found Freeing unused kernel memory: 144k freed Booting ntpasswd Mounting: proc sys Ramdisk setup complete, stage separation.. In stage 2 Spawning shells on console 2 - 6 Initialization complete!
** Preparing driver modules to dir /lib/modules/2.6.22.6 input: AT Translated Set 2 keyboard as /class/input/input0
Most of the generic linux boot now done, and we try to load the disk drivers. If you use the floppy version you will be asked to swap floppies at this point. Drivers are then tried based on PCI hardware indentification.
** Will now try to auto-load relevant drivers based on PCI information
---- AUTO DISK DRIVER select ---- --- PROBE FOUND THE FOLLOWING DRIVERS: ata_piix ata_generic mptspi --- TRYING TO LOAD THE DRIVERS ### Loading ata_piix scsi0 : ata_piix scsi1 : ata_piix ata1: PATA max UDMA/33 cmd 0x000101f0 ctl 0x000103f6 bmdma 0x00011050 irq 14 ata2: PATA max UDMA/33 cmd 0x00010170 ctl 0x00010376 bmdma 0x00011058 irq 15 ata2.00: ATAPI: VMware Virtual IDE CDROM Drive, 00000001, max UDMA/33 ata2.00: configured for UDMA/33 scsi 1:0:0:0: CD-ROM NECVMWar VMware IDE CDR10 1.00 PQ: 0 ANSI: 5 sr0: scsi3-mmc drive: 1x/1x xa/form2 cdda tray Uniform CD-ROM driver Revision: 3.20
### Loading ata_generic
### Loading mptspi Fusion MPT base driver 3.04.04 Copyright (c) 1999-2007 LSI Logic Corporation Fusion MPT SPI Host driver 3.04.04 PCI: Found IRQ 9 for device 0000:00:10.0 mptbase: Initiating ioc0 bringup ioc0: 53C1030: Capabilities={Initiator} scsi2 : ioc0: LSI53C1030, FwRev=01032920h, Ports=1, MaxQ=128, IRQ=9 scsi 2:0:0:0: Direct-Access VMware, VMware Virtual S 1.0 PQ: 0 ANSI: 2 target2:0:0: Beginning Domain Validation target2:0:0: Domain Validation skipping write tests target2:0:0: Ending Domain Validation target2:0:0: FAST-40 WIDE SCSI 80.0 MB/s ST (25 ns, offset 127) sd 2:0:0:0: [sda] 83886080 512-byte hardware sectors (42950 MB) sd 2:0:0:0: [sda] Write Protect is off sd 2:0:0:0: [sda] Cache data unavailable sd 2:0:0:0: [sda] Assuming drive cache: write through sd 2:0:0:0: [sda] 83886080 512-byte hardware sectors (42950 MB) sd 2:0:0:0: [sda] Write Protect is off sd 2:0:0:0: [sda] Cache data unavailable sd 2:0:0:0: [sda] Assuming drive cache: write through sda: sda1 sd 2:0:0:0: [sda] Attached SCSI disk
Most of these messages are from the drivers themselves. Some talk a lot, some doesn't. But all give info on the brand and model and size of the disks found, if any.
------------------------------------------------------------- Driver load done, if none loaded, you may try manual instead.
-------------------------------------------------------------
** If no disk show up, you may have to try again (d option) or manual (m).
You can later load more drivers..
************************************************************************* * Windows Registry Edit Utility Floppy / chntpw * * (c) 1997 - 2007 Petter N Hagen - pnh@pogostick.net * * GNU GPL v2 license, see files on CD * * * * This utility will enable you to change or blank the password of * * any user (incl. administrator) on an Windows NT/2k/XP/Vista * * WITHOUT knowing the old password. * * Unlocking locked/disabled accounts also supported. * * * * It also has a registry editor, and there is now support for * * adding and deleting keys and values. * * * * Tested on: NT3.51 & NT4: Workstation, Server, PDC. * * Win2k Prof & Server to SP4. Cannot change AD. * * XP Home & Prof: up to SP2 * * Win 2003 Server (cannot change AD passwords) * * Vista 32 and 64 bit * * * * HINT: If things scroll by too fast, press SHIFT-PGUP/PGDOWN ... * *************************************************************************
========================================================= There are several steps to go through:
- Disk select with optional loading of disk drivers
- PATH select, where are the Windows systems files stored
- File-select, what parts of registry we need
- Then finally the password change or registry edit itself
- If changes were made, write them back to disk
DON'T PANIC! Usually the defaults are OK, just press enter
all the way through the questions
========================================================= ¤ Step ONE: Select disk where the Windows installation is
=========================================================
Disks: Disk /dev/sda: 42.9 GB, 42949672960 bytes
Candidate Windows partitions found: 1 : /dev/sda1 40958MB BOOT
Here it has found one disk with one partition
Please select partition by number or q = quit d = automatically start disk drivers m = manually select disk drivers to load f = fetch additional drivers from floppy / usb a = show all partitions found l = show propbable Windows (NTFS) partitions only Select: [1]
Here you select one of the partitions listed above (in this case there is only one) or one of the letters from the menu.
Floppy users may need to do 'f' to load in more drivers from another floppy.
The 'd' option will re-run the PCI scan and start relevant drivers (they must already be loaded from floppy with 'f' option)
The 'm' for manual load will present a list of all the drivers with short description if available, and allow you to specify which to load. (Dependecies are handled automatically)
Here we only have one partition, so we just press enter to select it.
Selected 1
Mounting from /dev/sda1, with filesystem type NTFS
NTFS volume version 3.1.
It was an NTFS filesystem, and it mounted successfully.
========================================================= ¤ Step TWO: Select PATH and registry files
========================================================= What is the path to the registry directory? (relative to windows disk) [WINDOWS/system32/config] :
The registry is usually system32/config under WINDOWS or WINNT directory, depending on the windows version (and it may be changed during installation). If the correct partition has been selected, the default prompt will be adjusted to match if it can find one of the usual variants.
We accept the defaults.. and get a (bit filtered) directory listing showing most of the interesting registry files
-rw------- 2 0 0 262144 Feb 28 2007 BCD-Template
-rw------- 2 0 0 6815744 Sep 23 12:33 COMPONENTS -rw------- 1 0 0 262144 Sep 23 12:33 DEFAULT drwx------ 1 0 0 0 Nov 2 2006 Journal drwx------ 1 0 0 8192 Sep 23 12:33 RegBack
-rw------- 1 0 0 524288 Sep 23 12:33 SAM -rw------- 1 0 0 262144 Sep 23 12:33 SECURITY -rw------- 1 0 0 15728640 Sep 23 12:33 SOFTWARE -rw------- 1 0 0 9175040 Sep 23 12:33 SYSTEM drwx------ 1 0 0 4096 Nov 2 2006 TxR drwx------ 1 0 0 4096 Feb 27 2007 systemprofile
Select which part of registry to load, use predefined choices or list the files with space as delimiter 1 - Password reset [sam system security] 2 - RecoveryConsole parameters [software] q - quit - return to previous [1] :
Choice 1 is for password edit, most used. But if you wish, you can load any of the files (just enter it's name) and do manual registry edit on them.
But here, we select 1 for password edit, some files are copied around into memory and the edit application is invoked.
Selected files: sam system security Copying sam system security to /tmp
========================================================= ¤ Step THREE: Password or registry edit
========================================================= chntpw version 0.99.5 070923 (decade), (c) Petter N Hagen Hive name (from header): <SystemRootSystem32ConfigSAM> ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf> Page at 0x44000 is not 'hbin', assuming file contains garbage at end File size 524288 [80000] bytes, containing 11 pages (+ 1 headerpage) Used for data: 288/250904 blocks/bytes, unused: 15/23176 blocks/bytes.
Hive name (from header): <SYSTEM> ROOT KEY at offset: 0x001020 * Subkey indexing type is: 686c <lh> Page at 0x8b4000 is not 'hbin', assuming file contains garbage at end File size 9175040 [8c0000] bytes, containing 2117 pages (+ 1 headerpage) Used for data: 96982/6224016 blocks/bytes, unused: 4381/2830032 blocks/bytes.
Hive name (from header): <emRootSystem32ConfigSECURITY> ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf> Page at 0x6000 is not 'hbin', assuming file contains garbage at end File size 262144 [40000] bytes, containing 5 pages (+ 1 headerpage) Used for data: 334/17312 blocks/bytes, unused: 7/3008 blocks/bytes.
* SAM policy limits: Failed logins before lockout is: 0 Minimum password length : 0 Password history count : 0
======== chntpw Main Interactive Menu ========
Loaded hives:
1 - Edit user data and passwords
2 - Syskey status & change
3 - RecoveryConsole settings
- - -
9 - Registry editor, now with full write support!
q - Quit (you will be asked if there is something to save)
What to do? [1] ->
This demo shows selection 1 for password edit, but you can also do other things. Note that 2, Syskey may be dangerous! AND NOT NEEDED TO RESET PASSWORDS! and does not work at all on Vista, but you get some info before you do any changes.
Selection 3, RecoveryConsole is only relevant for Win2k, XP and 2003 and you must have selected to load the SOFTWARE part of the registry (selection 2) earlier.
The manual registry editor is always available, it is not the most user-friendly thing, but anyway..
We continue our quest to change our "admin" users password..
===== chntpw Edit User Info & Passwords ====
| RID -|---------- Username ------------| Admin? |- Lock? --| | 03e8 | admin | ADMIN | | | 01f4 | Administrator | ADMIN | dis/lock | | 03ec | grumf1 | | | | 03ed | grumf2 | | | | 03ee | grumf3 | | | | 01f5 | Guest | | dis/lock | | 03ea | jalla1 | ADMIN | *BLANK* | | 03eb | jalla2 | | *BLANK* | | 03e9 | petro | ADMIN | *BLANK* |
This is a list of all local users on the machine. You may see more users here than in the overly user-friendly control panel, for example XP has some help and support built in users. The users marked "ADMIN" are members of the administrators group, which means they have admin rights, if you can login to one of them you can get control of the machine.
The buildt in (at install time in all windows versions) administrator is always RID 01f4. This example is from Vista, and Vista by default has this locked down (the installer instead asks and makes another user the regular use administrator, in this case RID 03e8)
The "lock?" collumn show if the user account is disabled or locked out (due to many logon attempts for example) or BLANK if the password seems to be blank.
We select to edit the "admin" user (this was the user made administrator by the Vista installer)
Select: ! - quit, . - list users, 0x - User with RID (hex) or simply enter the username to change: [Administrator] admin
RID : 1000 [03e8] Username: admin fullname: comment : homedir :
User is member of 1 groups: 00000220 = Administrators (which has 4 members)
Group 220 is THE BOSS GROUP! :)
Account bits: 0x0214 = [ ] Disabled | [ ] Homedir req. | [X] Passwd not req. | [ ] Temp. duplicate | [X] Normal account | [ ] NMS account | [ ] Domain trust ac | [ ] Wks trust act. | [ ] Srv trust act | [X] Pwd don't expir | [ ] Auto lockout | [ ] (unknown 0x08) | [ ] (unknown 0x10) | [ ] (unknown 0x20) | [ ] (unknown 0x40) |
Failed login count: 0, while max tries is: 0 Total login count: 3
Some status info, user is locked out if "Disabled" is set or "Failed login count" is larger than "max tries" policy setting. This user is not locked in any way. The lockout can be reset with option 4 below.
- - - - User Edit Menu: 1 - Clear (blank) user password 2 - Edit (set new) user password (careful with this on XP or Vista) 3 - Promote user (make user an administrator) (4 - Unlock and enable user account) [seems unlocked already] q - Quit editing user, back to user select Select: [q] > 1 Password cleared!
Here we just reset/clear/blank the password. But you can also try to set a new password with option 2, but it will only work if the password is not blank already. Also, it often fails to work on XP and newer systems.
Number 3 is to put a non-admin user into the administrators (220) group, thus making the user an administrator. IT IS STILL EXPERIMENTAL AND IT MAY sometimes RESULT IN STRANGE ERRORS WHEN LATER EDITING THE GROUP FROM WINDOWS! Also, usually pointless in promoting the Guest user, as it is most likely forbidden to log in by the security policy settings.
Select: ! - quit, . - list users, 0x - User with RID (hex) or simply enter the username to change: [Administrator] !
Exclamation point ! quits out (it's SHIFT 1 on the US keyboard layout used on the boot CD) Then we get back to the main menu, and select to quit..
======== chntpw Main Interactive Menu ========
Loaded hives: <sam> <system> <security>
1 - Edit user data and passwords
2 - Syskey status & change
3 - RecoveryConsole settings
- - -
9 - Registry editor, now with full write support!
q - Quit (you will be asked if there is something to save)
What to do? [1] -> q
Hives that have changed: # Name 0 - OK
========================================================= ¤ Step FOUR: Writing back changes
========================================================= About to write file(s) back! Do it? [n] : y
You must answer y, or the changes will not be saved. This is the last chance to change your mind!
Writing sam
Only changed files of the registry are actually written back.
If you forgot something, you may run again, else press CTRL-ALT-DEL to reboot.
***** EDIT COMPLETE *****
You can try again if it somehow failed, or you selected wrong New run? [n] : n
=========================================================
* end of scripts.. returning to the shell.. * Press CTRL-ALT-DEL to reboot now (remove floppy first) * or do whatever you want from the shell.. * However, if you mount something, remember to umount before reboot * You may also restart the script procedure with 'sh /scripts/main.sh'
(Please ignore the message about job control, it is not relevant)
BusyBox v1.1.0-pre1 (2005.12.30-19:45+0000) Built-in shell (ash) Enter 'help' for a list of built-in commands.
sh: can't access tty; job control turned off And I got about a gazillion questions on this error message, even if it is mentioned in the FAQ It is from the shell telling it cannot do "job control" which means it cannot handle CTRL-C etc. It HAS NOTHING TO DO WITH YOUR PASSWORD RESET DID NOT WORK! That is caused by a lot of other things.
edited Jan 4 '18 at 4:39
answered Dec 26 '15 at 15:18
Pimp Juice IT
23.1k113869
23.1k113869
add a comment |
add a comment |
You can gain command line access (in SYSTEM context) to a Windows computer by changing a couple of registry values. You can then reset passwords, create new accounts, run cracking tools, and so on.
This is the short version, for advanced users and sysadmins:
1) Boot to Windows 7 from the installation or repair DVD, or from Windows PE 3 boot media, or from a Windows 7 installation on another HDD. (If the target OS is Vista, use the Vista installation DVD, or Windows PE 2, or another Vista installation. If the target OS is Windows XP, use Windows PE or another Windows XP installation.)
2) Load the SYSTEM registry hive from the target OS. Back it up first.
3) In the Setup key, change SetupType to 2 and CmdLine to cmd.exe.
4) Boot the target OS. You’ll get a command-line window in system context.
There are more details here including instructions for non-experts on using this technique to reset a password. (Remember that resetting a password will result in the loss of all encrypted files and data.)
add a comment |
You can gain command line access (in SYSTEM context) to a Windows computer by changing a couple of registry values. You can then reset passwords, create new accounts, run cracking tools, and so on.
This is the short version, for advanced users and sysadmins:
1) Boot to Windows 7 from the installation or repair DVD, or from Windows PE 3 boot media, or from a Windows 7 installation on another HDD. (If the target OS is Vista, use the Vista installation DVD, or Windows PE 2, or another Vista installation. If the target OS is Windows XP, use Windows PE or another Windows XP installation.)
2) Load the SYSTEM registry hive from the target OS. Back it up first.
3) In the Setup key, change SetupType to 2 and CmdLine to cmd.exe.
4) Boot the target OS. You’ll get a command-line window in system context.
There are more details here including instructions for non-experts on using this technique to reset a password. (Remember that resetting a password will result in the loss of all encrypted files and data.)
add a comment |
You can gain command line access (in SYSTEM context) to a Windows computer by changing a couple of registry values. You can then reset passwords, create new accounts, run cracking tools, and so on.
This is the short version, for advanced users and sysadmins:
1) Boot to Windows 7 from the installation or repair DVD, or from Windows PE 3 boot media, or from a Windows 7 installation on another HDD. (If the target OS is Vista, use the Vista installation DVD, or Windows PE 2, or another Vista installation. If the target OS is Windows XP, use Windows PE or another Windows XP installation.)
2) Load the SYSTEM registry hive from the target OS. Back it up first.
3) In the Setup key, change SetupType to 2 and CmdLine to cmd.exe.
4) Boot the target OS. You’ll get a command-line window in system context.
There are more details here including instructions for non-experts on using this technique to reset a password. (Remember that resetting a password will result in the loss of all encrypted files and data.)
You can gain command line access (in SYSTEM context) to a Windows computer by changing a couple of registry values. You can then reset passwords, create new accounts, run cracking tools, and so on.
This is the short version, for advanced users and sysadmins:
1) Boot to Windows 7 from the installation or repair DVD, or from Windows PE 3 boot media, or from a Windows 7 installation on another HDD. (If the target OS is Vista, use the Vista installation DVD, or Windows PE 2, or another Vista installation. If the target OS is Windows XP, use Windows PE or another Windows XP installation.)
2) Load the SYSTEM registry hive from the target OS. Back it up first.
3) In the Setup key, change SetupType to 2 and CmdLine to cmd.exe.
4) Boot the target OS. You’ll get a command-line window in system context.
There are more details here including instructions for non-experts on using this technique to reset a password. (Remember that resetting a password will result in the loss of all encrypted files and data.)
edited Sep 7 '11 at 21:26
answered Sep 7 '11 at 21:14
Harry Johnston
4,38652248
4,38652248
add a comment |
add a comment |
You can reset your password using another tool called Hiren's BootCD.
Download Hiren's Boot from here, unzip it and use BurnCDCC.exe to burn the ISO to a DVD.
Boot using Hiren's Boot on your locked PC and in the menu shown select Offline NT/2000/XP/Vista/7 Password Changer and click Enter twice (for confirmation and to continue for the list of Linux Kernel Boot).
In the following prompt select the correct drive where the Windows is installed. Press Enter to confirm that your registry directory is Windows/system32/config
.
On the chntpw Main Interactive Menu select [1] for Edit user data and passwords
Select the user you want to reset the password by typing the username and hitting Enter
There you have a list of options for this user. [1] should be for Clear the password.
After successfully resetting your forgotten Windows password, type “!” to close the User Editor Tool.
Now type “q” and hit Enter to close the Offline Password Editor and Registry tool.
Now type “y” and hit Enter to confirm the password change.
Now it will ask you whether you want to use it again or not. Just type “n” and hit Enter.
Remove your CD and restart the PC and your user shouldn't have a password anymore.
Hope this helps you.
Hiren's is considered pirated software as of the date you posted.
– Moab
Aug 16 '16 at 21:54
add a comment |
You can reset your password using another tool called Hiren's BootCD.
Download Hiren's Boot from here, unzip it and use BurnCDCC.exe to burn the ISO to a DVD.
Boot using Hiren's Boot on your locked PC and in the menu shown select Offline NT/2000/XP/Vista/7 Password Changer and click Enter twice (for confirmation and to continue for the list of Linux Kernel Boot).
In the following prompt select the correct drive where the Windows is installed. Press Enter to confirm that your registry directory is Windows/system32/config
.
On the chntpw Main Interactive Menu select [1] for Edit user data and passwords
Select the user you want to reset the password by typing the username and hitting Enter
There you have a list of options for this user. [1] should be for Clear the password.
After successfully resetting your forgotten Windows password, type “!” to close the User Editor Tool.
Now type “q” and hit Enter to close the Offline Password Editor and Registry tool.
Now type “y” and hit Enter to confirm the password change.
Now it will ask you whether you want to use it again or not. Just type “n” and hit Enter.
Remove your CD and restart the PC and your user shouldn't have a password anymore.
Hope this helps you.
Hiren's is considered pirated software as of the date you posted.
– Moab
Aug 16 '16 at 21:54
add a comment |
You can reset your password using another tool called Hiren's BootCD.
Download Hiren's Boot from here, unzip it and use BurnCDCC.exe to burn the ISO to a DVD.
Boot using Hiren's Boot on your locked PC and in the menu shown select Offline NT/2000/XP/Vista/7 Password Changer and click Enter twice (for confirmation and to continue for the list of Linux Kernel Boot).
In the following prompt select the correct drive where the Windows is installed. Press Enter to confirm that your registry directory is Windows/system32/config
.
On the chntpw Main Interactive Menu select [1] for Edit user data and passwords
Select the user you want to reset the password by typing the username and hitting Enter
There you have a list of options for this user. [1] should be for Clear the password.
After successfully resetting your forgotten Windows password, type “!” to close the User Editor Tool.
Now type “q” and hit Enter to close the Offline Password Editor and Registry tool.
Now type “y” and hit Enter to confirm the password change.
Now it will ask you whether you want to use it again or not. Just type “n” and hit Enter.
Remove your CD and restart the PC and your user shouldn't have a password anymore.
Hope this helps you.
You can reset your password using another tool called Hiren's BootCD.
Download Hiren's Boot from here, unzip it and use BurnCDCC.exe to burn the ISO to a DVD.
Boot using Hiren's Boot on your locked PC and in the menu shown select Offline NT/2000/XP/Vista/7 Password Changer and click Enter twice (for confirmation and to continue for the list of Linux Kernel Boot).
In the following prompt select the correct drive where the Windows is installed. Press Enter to confirm that your registry directory is Windows/system32/config
.
On the chntpw Main Interactive Menu select [1] for Edit user data and passwords
Select the user you want to reset the password by typing the username and hitting Enter
There you have a list of options for this user. [1] should be for Clear the password.
After successfully resetting your forgotten Windows password, type “!” to close the User Editor Tool.
Now type “q” and hit Enter to close the Offline Password Editor and Registry tool.
Now type “y” and hit Enter to confirm the password change.
Now it will ask you whether you want to use it again or not. Just type “n” and hit Enter.
Remove your CD and restart the PC and your user shouldn't have a password anymore.
Hope this helps you.
edited Jan 4 '16 at 19:47
Stackcraft_noob
1,314313
1,314313
answered Nov 10 '14 at 9:19
Radu Dramba
14411
14411
Hiren's is considered pirated software as of the date you posted.
– Moab
Aug 16 '16 at 21:54
add a comment |
Hiren's is considered pirated software as of the date you posted.
– Moab
Aug 16 '16 at 21:54
Hiren's is considered pirated software as of the date you posted.
– Moab
Aug 16 '16 at 21:54
Hiren's is considered pirated software as of the date you posted.
– Moab
Aug 16 '16 at 21:54
add a comment |
Windows Boot Genius - Recovers your lost Windows local administrator/user passwords in Windows 8.1, 8, 7, Vista, XP.
Password Recovery Bundle - Instantly bypass, unlock or reset lost administrator and other account passwords on any Windows 8, 7, 2008, Vista, XP, 2003, 2000 system, if you forgot Windows password and couldn't log into the computer. It can also reset Windows domain administrator/user password for Windows 2012 / 2008 / 2003 / 2000 Active Directory servers.
Renee Passnow - Use PassNow which is independent of Windows system: reset login password, clone hard disk, create disk partition or format disk, erase data and fix system startup problems.
None of these are free as of 2016
– Moab
Aug 16 '16 at 21:57
add a comment |
Windows Boot Genius - Recovers your lost Windows local administrator/user passwords in Windows 8.1, 8, 7, Vista, XP.
Password Recovery Bundle - Instantly bypass, unlock or reset lost administrator and other account passwords on any Windows 8, 7, 2008, Vista, XP, 2003, 2000 system, if you forgot Windows password and couldn't log into the computer. It can also reset Windows domain administrator/user password for Windows 2012 / 2008 / 2003 / 2000 Active Directory servers.
Renee Passnow - Use PassNow which is independent of Windows system: reset login password, clone hard disk, create disk partition or format disk, erase data and fix system startup problems.
None of these are free as of 2016
– Moab
Aug 16 '16 at 21:57
add a comment |
Windows Boot Genius - Recovers your lost Windows local administrator/user passwords in Windows 8.1, 8, 7, Vista, XP.
Password Recovery Bundle - Instantly bypass, unlock or reset lost administrator and other account passwords on any Windows 8, 7, 2008, Vista, XP, 2003, 2000 system, if you forgot Windows password and couldn't log into the computer. It can also reset Windows domain administrator/user password for Windows 2012 / 2008 / 2003 / 2000 Active Directory servers.
Renee Passnow - Use PassNow which is independent of Windows system: reset login password, clone hard disk, create disk partition or format disk, erase data and fix system startup problems.
Windows Boot Genius - Recovers your lost Windows local administrator/user passwords in Windows 8.1, 8, 7, Vista, XP.
Password Recovery Bundle - Instantly bypass, unlock or reset lost administrator and other account passwords on any Windows 8, 7, 2008, Vista, XP, 2003, 2000 system, if you forgot Windows password and couldn't log into the computer. It can also reset Windows domain administrator/user password for Windows 2012 / 2008 / 2003 / 2000 Active Directory servers.
Renee Passnow - Use PassNow which is independent of Windows system: reset login password, clone hard disk, create disk partition or format disk, erase data and fix system startup problems.
edited Jan 20 '15 at 15:39
answered Jan 18 '15 at 22:22
Davidenko
1,13231529
1,13231529
None of these are free as of 2016
– Moab
Aug 16 '16 at 21:57
add a comment |
None of these are free as of 2016
– Moab
Aug 16 '16 at 21:57
None of these are free as of 2016
– Moab
Aug 16 '16 at 21:57
None of these are free as of 2016
– Moab
Aug 16 '16 at 21:57
add a comment |
Adding an answer to cover the method that worked for me (which is not yet fully covered in other answers here). This works for Windows 7, later versions of windows have this exploit closed.
I attempted some other procedures listed in other answers without success. What worked for me was the replace sethc.exe (sticky keys) with cmd.exe hack/trick. But I had to do this through using Notepad.exe which is run to view logfiles after system recovery. Other techniques to get in on command-line as admin with drive mounted didn't work so I had to use this Notepad trick.
Procedure:
Shutdown and reboot. When Windows starting is seen hold down the power button and power off.
Power on. Windows boot should report that last Windows start up failed so it will give the option of "Launch startup repair". Choose this option.
Cancel the Startup Repair. Cancel the System Restore.
A report dialog will show reporting repair could not be done. In there expand "View problem details". Under problem details a link to x:/windows/... log file is shown. Click on this.
Notepad.exe opens showing the logfile. This Notepad is running as Administrator and the mounted filesystem x: is your hard disk.
5.1 Notepad: File - Open - browse to X:/Windows/system32 - scroll to sethc.exe
5.2 Right-click on sethc.exe and rename to sethc-BACKUP.exe
5.3 Scroll to cmd.exe. Right-click on cmd.exe. Copy. Right click. Paste.
5.4. When I pasted cmd.exe the command-line ran (as Administrator) so I did 'cd x:/Windows/system32' and then 'copy cmd.exe sethc.exe' on command-line.
5.4-1 If you prefer not command-line then just use Notepad File Open browser and make a copy of cmd.exe and rename it to sethc.exe
Reboot without any funny stuff.
At login page hit shift key 5 times or more triggering sticky keys. Instead of sticky keys prompt a command-line dialog appears. Running as Administrator. 'net user Administrator *' to set the password.
Good description with screenshots of the procedure here:
http://null-byte.wonderhowto.com/how-to/hack-windows-7-become-admin-0160151/
Background: The Administrator password with laptop was not known by owner. They had a user account with admin privs so didn't find the need of it. UNTIL the windows login page stopped showing their user! We are guessing the User profile became corrupt or had something bad in it.
I attempted a series of procedures before getting the Notepad+sticky keys replace hack to work. For the record here they are (and the problem I encountered with them):
When trying to log in as Administrator after an incorrect password you are prompted to insert rescue disk (in order to reset password). We had a Windows 7 rescue disk on cd. But the prompt asked for floppy or USB. I had no handy USB stick and was too lazy to go shopping and messing with creating USB boot disk.
Using system repair disk to get in on command-line did not allow the replacing of sethc.exe with cmd.exe trick/hack. Or allow resetting admin password 'net use Administrator *'. The command-line was running as admin but not as the real admin on machine more as the system repair admin and the disk did not seem to be mounted with full access . . . ~ not sure ~
Using linux system rescue cd (https://www.system-rescue-cd.org (version 4.8.2)) I could not mount the drive. I would kindof see it was a GPT partitioned drive - tools ntfs-3g gparted sfdisk should work with GPT but didn't. This computer has a prompt for username + domain + password before windows starts so not sure but maybe there is some extra security (which is needed to mount drive?)
What eventually DID work was follow system recover sequence (no external/additional cd needed) at end view logfile (opens in Notepad). Then do file open - browse to cmd.exe - copy - paste - overwrite sethc.exe. Then reboot - trigger sticky keys - set password using command-line 'net user Administrator *'.
In conclusion, this solution doesn't require you to have any extra boot or repair CD. It is very portable :-) It is pretty simple. So it is probably worth trying as one of the first password recovery methods.
The PC I'm using has the sticky keys shortcut disabled. I tried this, and when I got to login, clicked the ease of access centre to launch sticky keys, but just got an error message. Went to system repair to undo my dirty work, and this time was prompted for a password before I could even launch system repair. Seems like I pissed windows off...
– Some_Guy
Jun 18 '18 at 2:17
add a comment |
Adding an answer to cover the method that worked for me (which is not yet fully covered in other answers here). This works for Windows 7, later versions of windows have this exploit closed.
I attempted some other procedures listed in other answers without success. What worked for me was the replace sethc.exe (sticky keys) with cmd.exe hack/trick. But I had to do this through using Notepad.exe which is run to view logfiles after system recovery. Other techniques to get in on command-line as admin with drive mounted didn't work so I had to use this Notepad trick.
Procedure:
Shutdown and reboot. When Windows starting is seen hold down the power button and power off.
Power on. Windows boot should report that last Windows start up failed so it will give the option of "Launch startup repair". Choose this option.
Cancel the Startup Repair. Cancel the System Restore.
A report dialog will show reporting repair could not be done. In there expand "View problem details". Under problem details a link to x:/windows/... log file is shown. Click on this.
Notepad.exe opens showing the logfile. This Notepad is running as Administrator and the mounted filesystem x: is your hard disk.
5.1 Notepad: File - Open - browse to X:/Windows/system32 - scroll to sethc.exe
5.2 Right-click on sethc.exe and rename to sethc-BACKUP.exe
5.3 Scroll to cmd.exe. Right-click on cmd.exe. Copy. Right click. Paste.
5.4. When I pasted cmd.exe the command-line ran (as Administrator) so I did 'cd x:/Windows/system32' and then 'copy cmd.exe sethc.exe' on command-line.
5.4-1 If you prefer not command-line then just use Notepad File Open browser and make a copy of cmd.exe and rename it to sethc.exe
Reboot without any funny stuff.
At login page hit shift key 5 times or more triggering sticky keys. Instead of sticky keys prompt a command-line dialog appears. Running as Administrator. 'net user Administrator *' to set the password.
Good description with screenshots of the procedure here:
http://null-byte.wonderhowto.com/how-to/hack-windows-7-become-admin-0160151/
Background: The Administrator password with laptop was not known by owner. They had a user account with admin privs so didn't find the need of it. UNTIL the windows login page stopped showing their user! We are guessing the User profile became corrupt or had something bad in it.
I attempted a series of procedures before getting the Notepad+sticky keys replace hack to work. For the record here they are (and the problem I encountered with them):
When trying to log in as Administrator after an incorrect password you are prompted to insert rescue disk (in order to reset password). We had a Windows 7 rescue disk on cd. But the prompt asked for floppy or USB. I had no handy USB stick and was too lazy to go shopping and messing with creating USB boot disk.
Using system repair disk to get in on command-line did not allow the replacing of sethc.exe with cmd.exe trick/hack. Or allow resetting admin password 'net use Administrator *'. The command-line was running as admin but not as the real admin on machine more as the system repair admin and the disk did not seem to be mounted with full access . . . ~ not sure ~
Using linux system rescue cd (https://www.system-rescue-cd.org (version 4.8.2)) I could not mount the drive. I would kindof see it was a GPT partitioned drive - tools ntfs-3g gparted sfdisk should work with GPT but didn't. This computer has a prompt for username + domain + password before windows starts so not sure but maybe there is some extra security (which is needed to mount drive?)
What eventually DID work was follow system recover sequence (no external/additional cd needed) at end view logfile (opens in Notepad). Then do file open - browse to cmd.exe - copy - paste - overwrite sethc.exe. Then reboot - trigger sticky keys - set password using command-line 'net user Administrator *'.
In conclusion, this solution doesn't require you to have any extra boot or repair CD. It is very portable :-) It is pretty simple. So it is probably worth trying as one of the first password recovery methods.
The PC I'm using has the sticky keys shortcut disabled. I tried this, and when I got to login, clicked the ease of access centre to launch sticky keys, but just got an error message. Went to system repair to undo my dirty work, and this time was prompted for a password before I could even launch system repair. Seems like I pissed windows off...
– Some_Guy
Jun 18 '18 at 2:17
add a comment |
Adding an answer to cover the method that worked for me (which is not yet fully covered in other answers here). This works for Windows 7, later versions of windows have this exploit closed.
I attempted some other procedures listed in other answers without success. What worked for me was the replace sethc.exe (sticky keys) with cmd.exe hack/trick. But I had to do this through using Notepad.exe which is run to view logfiles after system recovery. Other techniques to get in on command-line as admin with drive mounted didn't work so I had to use this Notepad trick.
Procedure:
Shutdown and reboot. When Windows starting is seen hold down the power button and power off.
Power on. Windows boot should report that last Windows start up failed so it will give the option of "Launch startup repair". Choose this option.
Cancel the Startup Repair. Cancel the System Restore.
A report dialog will show reporting repair could not be done. In there expand "View problem details". Under problem details a link to x:/windows/... log file is shown. Click on this.
Notepad.exe opens showing the logfile. This Notepad is running as Administrator and the mounted filesystem x: is your hard disk.
5.1 Notepad: File - Open - browse to X:/Windows/system32 - scroll to sethc.exe
5.2 Right-click on sethc.exe and rename to sethc-BACKUP.exe
5.3 Scroll to cmd.exe. Right-click on cmd.exe. Copy. Right click. Paste.
5.4. When I pasted cmd.exe the command-line ran (as Administrator) so I did 'cd x:/Windows/system32' and then 'copy cmd.exe sethc.exe' on command-line.
5.4-1 If you prefer not command-line then just use Notepad File Open browser and make a copy of cmd.exe and rename it to sethc.exe
Reboot without any funny stuff.
At login page hit shift key 5 times or more triggering sticky keys. Instead of sticky keys prompt a command-line dialog appears. Running as Administrator. 'net user Administrator *' to set the password.
Good description with screenshots of the procedure here:
http://null-byte.wonderhowto.com/how-to/hack-windows-7-become-admin-0160151/
Background: The Administrator password with laptop was not known by owner. They had a user account with admin privs so didn't find the need of it. UNTIL the windows login page stopped showing their user! We are guessing the User profile became corrupt or had something bad in it.
I attempted a series of procedures before getting the Notepad+sticky keys replace hack to work. For the record here they are (and the problem I encountered with them):
When trying to log in as Administrator after an incorrect password you are prompted to insert rescue disk (in order to reset password). We had a Windows 7 rescue disk on cd. But the prompt asked for floppy or USB. I had no handy USB stick and was too lazy to go shopping and messing with creating USB boot disk.
Using system repair disk to get in on command-line did not allow the replacing of sethc.exe with cmd.exe trick/hack. Or allow resetting admin password 'net use Administrator *'. The command-line was running as admin but not as the real admin on machine more as the system repair admin and the disk did not seem to be mounted with full access . . . ~ not sure ~
Using linux system rescue cd (https://www.system-rescue-cd.org (version 4.8.2)) I could not mount the drive. I would kindof see it was a GPT partitioned drive - tools ntfs-3g gparted sfdisk should work with GPT but didn't. This computer has a prompt for username + domain + password before windows starts so not sure but maybe there is some extra security (which is needed to mount drive?)
What eventually DID work was follow system recover sequence (no external/additional cd needed) at end view logfile (opens in Notepad). Then do file open - browse to cmd.exe - copy - paste - overwrite sethc.exe. Then reboot - trigger sticky keys - set password using command-line 'net user Administrator *'.
In conclusion, this solution doesn't require you to have any extra boot or repair CD. It is very portable :-) It is pretty simple. So it is probably worth trying as one of the first password recovery methods.
Adding an answer to cover the method that worked for me (which is not yet fully covered in other answers here). This works for Windows 7, later versions of windows have this exploit closed.
I attempted some other procedures listed in other answers without success. What worked for me was the replace sethc.exe (sticky keys) with cmd.exe hack/trick. But I had to do this through using Notepad.exe which is run to view logfiles after system recovery. Other techniques to get in on command-line as admin with drive mounted didn't work so I had to use this Notepad trick.
Procedure:
Shutdown and reboot. When Windows starting is seen hold down the power button and power off.
Power on. Windows boot should report that last Windows start up failed so it will give the option of "Launch startup repair". Choose this option.
Cancel the Startup Repair. Cancel the System Restore.
A report dialog will show reporting repair could not be done. In there expand "View problem details". Under problem details a link to x:/windows/... log file is shown. Click on this.
Notepad.exe opens showing the logfile. This Notepad is running as Administrator and the mounted filesystem x: is your hard disk.
5.1 Notepad: File - Open - browse to X:/Windows/system32 - scroll to sethc.exe
5.2 Right-click on sethc.exe and rename to sethc-BACKUP.exe
5.3 Scroll to cmd.exe. Right-click on cmd.exe. Copy. Right click. Paste.
5.4. When I pasted cmd.exe the command-line ran (as Administrator) so I did 'cd x:/Windows/system32' and then 'copy cmd.exe sethc.exe' on command-line.
5.4-1 If you prefer not command-line then just use Notepad File Open browser and make a copy of cmd.exe and rename it to sethc.exe
Reboot without any funny stuff.
At login page hit shift key 5 times or more triggering sticky keys. Instead of sticky keys prompt a command-line dialog appears. Running as Administrator. 'net user Administrator *' to set the password.
Good description with screenshots of the procedure here:
http://null-byte.wonderhowto.com/how-to/hack-windows-7-become-admin-0160151/
Background: The Administrator password with laptop was not known by owner. They had a user account with admin privs so didn't find the need of it. UNTIL the windows login page stopped showing their user! We are guessing the User profile became corrupt or had something bad in it.
I attempted a series of procedures before getting the Notepad+sticky keys replace hack to work. For the record here they are (and the problem I encountered with them):
When trying to log in as Administrator after an incorrect password you are prompted to insert rescue disk (in order to reset password). We had a Windows 7 rescue disk on cd. But the prompt asked for floppy or USB. I had no handy USB stick and was too lazy to go shopping and messing with creating USB boot disk.
Using system repair disk to get in on command-line did not allow the replacing of sethc.exe with cmd.exe trick/hack. Or allow resetting admin password 'net use Administrator *'. The command-line was running as admin but not as the real admin on machine more as the system repair admin and the disk did not seem to be mounted with full access . . . ~ not sure ~
Using linux system rescue cd (https://www.system-rescue-cd.org (version 4.8.2)) I could not mount the drive. I would kindof see it was a GPT partitioned drive - tools ntfs-3g gparted sfdisk should work with GPT but didn't. This computer has a prompt for username + domain + password before windows starts so not sure but maybe there is some extra security (which is needed to mount drive?)
What eventually DID work was follow system recover sequence (no external/additional cd needed) at end view logfile (opens in Notepad). Then do file open - browse to cmd.exe - copy - paste - overwrite sethc.exe. Then reboot - trigger sticky keys - set password using command-line 'net user Administrator *'.
In conclusion, this solution doesn't require you to have any extra boot or repair CD. It is very portable :-) It is pretty simple. So it is probably worth trying as one of the first password recovery methods.
edited Sep 26 '16 at 14:22
answered Sep 26 '16 at 13:45
gaoithe
37334
37334
The PC I'm using has the sticky keys shortcut disabled. I tried this, and when I got to login, clicked the ease of access centre to launch sticky keys, but just got an error message. Went to system repair to undo my dirty work, and this time was prompted for a password before I could even launch system repair. Seems like I pissed windows off...
– Some_Guy
Jun 18 '18 at 2:17
add a comment |
The PC I'm using has the sticky keys shortcut disabled. I tried this, and when I got to login, clicked the ease of access centre to launch sticky keys, but just got an error message. Went to system repair to undo my dirty work, and this time was prompted for a password before I could even launch system repair. Seems like I pissed windows off...
– Some_Guy
Jun 18 '18 at 2:17
The PC I'm using has the sticky keys shortcut disabled. I tried this, and when I got to login, clicked the ease of access centre to launch sticky keys, but just got an error message. Went to system repair to undo my dirty work, and this time was prompted for a password before I could even launch system repair. Seems like I pissed windows off...
– Some_Guy
Jun 18 '18 at 2:17
The PC I'm using has the sticky keys shortcut disabled. I tried this, and when I got to login, clicked the ease of access centre to launch sticky keys, but just got an error message. Went to system repair to undo my dirty work, and this time was prompted for a password before I could even launch system repair. Seems like I pissed windows off...
– Some_Guy
Jun 18 '18 at 2:17
add a comment |
Use Kon-Boot to boot into the system bypassing the login. After you login change to your required password.
5
please be more precise in your Answer! Explain how to use konboot and how to change the password afterwards!
– Simon
Apr 26 '13 at 6:30
1
Konboot is a simple CD, just boot the disk. It will bypass the Windows password when you normally would be asked for one.
– Jeff Clayton
Dec 31 '14 at 22:10
To change the password is simple too, just go to the control panel and look for Users and Groups to edit.
– Jeff Clayton
Dec 31 '14 at 22:11
You can change the password for any user there.
– Jeff Clayton
Dec 31 '14 at 22:12
Kon Boot is no longer Free........
– Moab
Aug 16 '16 at 21:56
add a comment |
Use Kon-Boot to boot into the system bypassing the login. After you login change to your required password.
5
please be more precise in your Answer! Explain how to use konboot and how to change the password afterwards!
– Simon
Apr 26 '13 at 6:30
1
Konboot is a simple CD, just boot the disk. It will bypass the Windows password when you normally would be asked for one.
– Jeff Clayton
Dec 31 '14 at 22:10
To change the password is simple too, just go to the control panel and look for Users and Groups to edit.
– Jeff Clayton
Dec 31 '14 at 22:11
You can change the password for any user there.
– Jeff Clayton
Dec 31 '14 at 22:12
Kon Boot is no longer Free........
– Moab
Aug 16 '16 at 21:56
add a comment |
Use Kon-Boot to boot into the system bypassing the login. After you login change to your required password.
Use Kon-Boot to boot into the system bypassing the login. After you login change to your required password.
edited Mar 17 '15 at 5:29
janot
3732520
3732520
answered Apr 26 '13 at 5:28
Shankar
13018
13018
5
please be more precise in your Answer! Explain how to use konboot and how to change the password afterwards!
– Simon
Apr 26 '13 at 6:30
1
Konboot is a simple CD, just boot the disk. It will bypass the Windows password when you normally would be asked for one.
– Jeff Clayton
Dec 31 '14 at 22:10
To change the password is simple too, just go to the control panel and look for Users and Groups to edit.
– Jeff Clayton
Dec 31 '14 at 22:11
You can change the password for any user there.
– Jeff Clayton
Dec 31 '14 at 22:12
Kon Boot is no longer Free........
– Moab
Aug 16 '16 at 21:56
add a comment |
5
please be more precise in your Answer! Explain how to use konboot and how to change the password afterwards!
– Simon
Apr 26 '13 at 6:30
1
Konboot is a simple CD, just boot the disk. It will bypass the Windows password when you normally would be asked for one.
– Jeff Clayton
Dec 31 '14 at 22:10
To change the password is simple too, just go to the control panel and look for Users and Groups to edit.
– Jeff Clayton
Dec 31 '14 at 22:11
You can change the password for any user there.
– Jeff Clayton
Dec 31 '14 at 22:12
Kon Boot is no longer Free........
– Moab
Aug 16 '16 at 21:56
5
5
please be more precise in your Answer! Explain how to use konboot and how to change the password afterwards!
– Simon
Apr 26 '13 at 6:30
please be more precise in your Answer! Explain how to use konboot and how to change the password afterwards!
– Simon
Apr 26 '13 at 6:30
1
1
Konboot is a simple CD, just boot the disk. It will bypass the Windows password when you normally would be asked for one.
– Jeff Clayton
Dec 31 '14 at 22:10
Konboot is a simple CD, just boot the disk. It will bypass the Windows password when you normally would be asked for one.
– Jeff Clayton
Dec 31 '14 at 22:10
To change the password is simple too, just go to the control panel and look for Users and Groups to edit.
– Jeff Clayton
Dec 31 '14 at 22:11
To change the password is simple too, just go to the control panel and look for Users and Groups to edit.
– Jeff Clayton
Dec 31 '14 at 22:11
You can change the password for any user there.
– Jeff Clayton
Dec 31 '14 at 22:12
You can change the password for any user there.
– Jeff Clayton
Dec 31 '14 at 22:12
Kon Boot is no longer Free........
– Moab
Aug 16 '16 at 21:56
Kon Boot is no longer Free........
– Moab
Aug 16 '16 at 21:56
add a comment |
Some of the answers here are quite complicated for some. The easiest way I know is to use windows password rescuer..
how to use explanation are all here:
http://www.daossoft.com/documents/how-to-use-windows-password-rescuer-personal.html
EDIT: As suggested in the comment here is what you need.
Another computer
Windows Password Rescuer Software
A USB disk or a CD/DVD
Steps:
- Download the tool from the Daosoft website http://www.daossoft.com/products/windows-password-rescuer.html .
- Install it on an available computer then run it.
- Create a password recovery disk (USB flash drive or a CD/DVD) using the tool..
- choose between the media types depending on what u have (USB flash drive or a CD/DVD).. choose which drive it is on then on the step 2 click on begin burning..
- when it is done remove the USB flash drive or the CD/DVD used
- Now on the computer to be repaired boot it to CD/DVD or USB disk depending on the recovery disk made.
- Restart your computer.. recovery disk should already be inserted.
- It should boot through your recovery disk
- on the ui choose the windows which is affected.
- next choose the account you want to reset
- then click on reset password, a prompt will appear asking you for confirmation on resetting that account's password - click on yes
- on the table the account chosen should have the word blank on password
- Click on reboot. There will be a confirmation window telling you can eject the recovery disk.. eject it then click yes.
You should have no problems logging in your account now.
2
Your answer looks simple because you don't tell the details on how to rescue the password using the tool. Should the link you provided break in the future your answer would be worthless.
– zagrimsan
Sep 13 '16 at 7:01
add a comment |
Some of the answers here are quite complicated for some. The easiest way I know is to use windows password rescuer..
how to use explanation are all here:
http://www.daossoft.com/documents/how-to-use-windows-password-rescuer-personal.html
EDIT: As suggested in the comment here is what you need.
Another computer
Windows Password Rescuer Software
A USB disk or a CD/DVD
Steps:
- Download the tool from the Daosoft website http://www.daossoft.com/products/windows-password-rescuer.html .
- Install it on an available computer then run it.
- Create a password recovery disk (USB flash drive or a CD/DVD) using the tool..
- choose between the media types depending on what u have (USB flash drive or a CD/DVD).. choose which drive it is on then on the step 2 click on begin burning..
- when it is done remove the USB flash drive or the CD/DVD used
- Now on the computer to be repaired boot it to CD/DVD or USB disk depending on the recovery disk made.
- Restart your computer.. recovery disk should already be inserted.
- It should boot through your recovery disk
- on the ui choose the windows which is affected.
- next choose the account you want to reset
- then click on reset password, a prompt will appear asking you for confirmation on resetting that account's password - click on yes
- on the table the account chosen should have the word blank on password
- Click on reboot. There will be a confirmation window telling you can eject the recovery disk.. eject it then click yes.
You should have no problems logging in your account now.
2
Your answer looks simple because you don't tell the details on how to rescue the password using the tool. Should the link you provided break in the future your answer would be worthless.
– zagrimsan
Sep 13 '16 at 7:01
add a comment |
Some of the answers here are quite complicated for some. The easiest way I know is to use windows password rescuer..
how to use explanation are all here:
http://www.daossoft.com/documents/how-to-use-windows-password-rescuer-personal.html
EDIT: As suggested in the comment here is what you need.
Another computer
Windows Password Rescuer Software
A USB disk or a CD/DVD
Steps:
- Download the tool from the Daosoft website http://www.daossoft.com/products/windows-password-rescuer.html .
- Install it on an available computer then run it.
- Create a password recovery disk (USB flash drive or a CD/DVD) using the tool..
- choose between the media types depending on what u have (USB flash drive or a CD/DVD).. choose which drive it is on then on the step 2 click on begin burning..
- when it is done remove the USB flash drive or the CD/DVD used
- Now on the computer to be repaired boot it to CD/DVD or USB disk depending on the recovery disk made.
- Restart your computer.. recovery disk should already be inserted.
- It should boot through your recovery disk
- on the ui choose the windows which is affected.
- next choose the account you want to reset
- then click on reset password, a prompt will appear asking you for confirmation on resetting that account's password - click on yes
- on the table the account chosen should have the word blank on password
- Click on reboot. There will be a confirmation window telling you can eject the recovery disk.. eject it then click yes.
You should have no problems logging in your account now.
Some of the answers here are quite complicated for some. The easiest way I know is to use windows password rescuer..
how to use explanation are all here:
http://www.daossoft.com/documents/how-to-use-windows-password-rescuer-personal.html
EDIT: As suggested in the comment here is what you need.
Another computer
Windows Password Rescuer Software
A USB disk or a CD/DVD
Steps:
- Download the tool from the Daosoft website http://www.daossoft.com/products/windows-password-rescuer.html .
- Install it on an available computer then run it.
- Create a password recovery disk (USB flash drive or a CD/DVD) using the tool..
- choose between the media types depending on what u have (USB flash drive or a CD/DVD).. choose which drive it is on then on the step 2 click on begin burning..
- when it is done remove the USB flash drive or the CD/DVD used
- Now on the computer to be repaired boot it to CD/DVD or USB disk depending on the recovery disk made.
- Restart your computer.. recovery disk should already be inserted.
- It should boot through your recovery disk
- on the ui choose the windows which is affected.
- next choose the account you want to reset
- then click on reset password, a prompt will appear asking you for confirmation on resetting that account's password - click on yes
- on the table the account chosen should have the word blank on password
- Click on reboot. There will be a confirmation window telling you can eject the recovery disk.. eject it then click yes.
You should have no problems logging in your account now.
edited Sep 14 '16 at 6:23
answered Sep 13 '16 at 6:29
Chan
7117
7117
2
Your answer looks simple because you don't tell the details on how to rescue the password using the tool. Should the link you provided break in the future your answer would be worthless.
– zagrimsan
Sep 13 '16 at 7:01
add a comment |
2
Your answer looks simple because you don't tell the details on how to rescue the password using the tool. Should the link you provided break in the future your answer would be worthless.
– zagrimsan
Sep 13 '16 at 7:01
2
2
Your answer looks simple because you don't tell the details on how to rescue the password using the tool. Should the link you provided break in the future your answer would be worthless.
– zagrimsan
Sep 13 '16 at 7:01
Your answer looks simple because you don't tell the details on how to rescue the password using the tool. Should the link you provided break in the future your answer would be worthless.
– zagrimsan
Sep 13 '16 at 7:01
add a comment |
One more tip. For Windows 8 and Windows 10, the preferred the login method is with Microsoft account. So you can reset the password and use the new for login.
Microsoft account password reset page: https://account.live.com/password/reset
For local windows account, you can reset the password by following this tutorial.
add a comment |
One more tip. For Windows 8 and Windows 10, the preferred the login method is with Microsoft account. So you can reset the password and use the new for login.
Microsoft account password reset page: https://account.live.com/password/reset
For local windows account, you can reset the password by following this tutorial.
add a comment |
One more tip. For Windows 8 and Windows 10, the preferred the login method is with Microsoft account. So you can reset the password and use the new for login.
Microsoft account password reset page: https://account.live.com/password/reset
For local windows account, you can reset the password by following this tutorial.
One more tip. For Windows 8 and Windows 10, the preferred the login method is with Microsoft account. So you can reset the password and use the new for login.
Microsoft account password reset page: https://account.live.com/password/reset
For local windows account, you can reset the password by following this tutorial.
edited Oct 9 '16 at 6:34
answered Sep 26 '16 at 7:19
zuligan
412
412
add a comment |
add a comment |
Reset Admin-Password Windows 8.1, November 2016
I'd prefer to answer to this question, because it is about Windows 8.1 and not 7, but it has been closed unwisely.
To avoid any misunderstanding: I needed to recover a Win 8.1 admin-pw.
If you try this answer: https://superuser.com/a/952224/82741 , and its Option 1, you'll find, that the trick no longer works.
The last step, when @td512 suggests to use net user ...
, it did not work in my case. Instead, I found that I can have a GUI from Windows to change the PW: type control userpasswords2
, which made it appear, instead of net user ...
.
add a comment |
Reset Admin-Password Windows 8.1, November 2016
I'd prefer to answer to this question, because it is about Windows 8.1 and not 7, but it has been closed unwisely.
To avoid any misunderstanding: I needed to recover a Win 8.1 admin-pw.
If you try this answer: https://superuser.com/a/952224/82741 , and its Option 1, you'll find, that the trick no longer works.
The last step, when @td512 suggests to use net user ...
, it did not work in my case. Instead, I found that I can have a GUI from Windows to change the PW: type control userpasswords2
, which made it appear, instead of net user ...
.
add a comment |
Reset Admin-Password Windows 8.1, November 2016
I'd prefer to answer to this question, because it is about Windows 8.1 and not 7, but it has been closed unwisely.
To avoid any misunderstanding: I needed to recover a Win 8.1 admin-pw.
If you try this answer: https://superuser.com/a/952224/82741 , and its Option 1, you'll find, that the trick no longer works.
The last step, when @td512 suggests to use net user ...
, it did not work in my case. Instead, I found that I can have a GUI from Windows to change the PW: type control userpasswords2
, which made it appear, instead of net user ...
.
Reset Admin-Password Windows 8.1, November 2016
I'd prefer to answer to this question, because it is about Windows 8.1 and not 7, but it has been closed unwisely.
To avoid any misunderstanding: I needed to recover a Win 8.1 admin-pw.
If you try this answer: https://superuser.com/a/952224/82741 , and its Option 1, you'll find, that the trick no longer works.
The last step, when @td512 suggests to use net user ...
, it did not work in my case. Instead, I found that I can have a GUI from Windows to change the PW: type control userpasswords2
, which made it appear, instead of net user ...
.
edited Mar 20 '17 at 10:04
Community♦
1
1
answered Nov 30 '16 at 20:04
Keks Dose
193212
193212
add a comment |
add a comment |
i had this problem in past but i found a way to break the password.you just download this and read README.txt file you will get all easy steps using which you can break your password. still i am writing a steps for you :
STEPS:
step 1 : download the file from here
step 2 :copy all downloaded files in you removable disk (pen drive)
step 3 :open a command prompt write this line: h:syslinux.exe -ma h: (replace "h" with your removable drive like i,j,G)
step 4:insert a pen drive in your targeted PC and boot this pen drive(legacy must be ON).
step 5: click enter though out all the steps until you get instruction like clear password.
step 6:after getting this step clear password.complete this step and restart your system now it will not ask a password to enter and computer will start.
add a comment |
i had this problem in past but i found a way to break the password.you just download this and read README.txt file you will get all easy steps using which you can break your password. still i am writing a steps for you :
STEPS:
step 1 : download the file from here
step 2 :copy all downloaded files in you removable disk (pen drive)
step 3 :open a command prompt write this line: h:syslinux.exe -ma h: (replace "h" with your removable drive like i,j,G)
step 4:insert a pen drive in your targeted PC and boot this pen drive(legacy must be ON).
step 5: click enter though out all the steps until you get instruction like clear password.
step 6:after getting this step clear password.complete this step and restart your system now it will not ask a password to enter and computer will start.
add a comment |
i had this problem in past but i found a way to break the password.you just download this and read README.txt file you will get all easy steps using which you can break your password. still i am writing a steps for you :
STEPS:
step 1 : download the file from here
step 2 :copy all downloaded files in you removable disk (pen drive)
step 3 :open a command prompt write this line: h:syslinux.exe -ma h: (replace "h" with your removable drive like i,j,G)
step 4:insert a pen drive in your targeted PC and boot this pen drive(legacy must be ON).
step 5: click enter though out all the steps until you get instruction like clear password.
step 6:after getting this step clear password.complete this step and restart your system now it will not ask a password to enter and computer will start.
i had this problem in past but i found a way to break the password.you just download this and read README.txt file you will get all easy steps using which you can break your password. still i am writing a steps for you :
STEPS:
step 1 : download the file from here
step 2 :copy all downloaded files in you removable disk (pen drive)
step 3 :open a command prompt write this line: h:syslinux.exe -ma h: (replace "h" with your removable drive like i,j,G)
step 4:insert a pen drive in your targeted PC and boot this pen drive(legacy must be ON).
step 5: click enter though out all the steps until you get instruction like clear password.
step 6:after getting this step clear password.complete this step and restart your system now it will not ask a password to enter and computer will start.
edited Jan 4 '16 at 19:47
Stackcraft_noob
1,314313
1,314313
answered Sep 21 '15 at 15:58
ALI SHEKH
545
545
add a comment |
add a comment |
protected by Jeff Atwood Jun 7 '10 at 6:51
Thank you for your interest in this question.
Because it has attracted low-quality or spam answers that had to be removed, posting an answer now requires 10 reputation on this site (the association bonus does not count).
Would you like to answer one of these unanswered questions instead?
4
To address the specific issue of machines without CD/DVD drives: it is possible to create a bootable USB stick instead. It is likely that some of the packaged solutions mentioned below provide explicit support for this. Failing that, however, you could borrow or buy a USB DVD drive and boot from that.
– Harry Johnston
Sep 7 '11 at 21:25
Did you change the external CD details or something? Because that would have been helpful to know before everyone answered.
– cutrightjm
Apr 7 '12 at 0:15
1
Try putting caps lock on. Then retry all of your combinations. Might've been on when you set it and didn't realise.
– Brok3n
Jan 18 '15 at 22:48
1
If you have neither a CD nor a USB drive, you can refer to this trick but it involves too many steps. If you have a USB drive, things could be much easier and you can install Offline NT Password & Registry or Hiren's BootCD onto your USB with Rufus, next boot your machine off USB, and you can reset the password.
– Durfee
Mar 30 '17 at 0:41