Creative Commons

2010-05-17 19:58:22

Reset A Forgotten Windows Password

Have you ever had a Windows XP machine where you forgot your password and didn't know the password for the administrator account? Or maybe you have a newer Vista of 7 machine that doesn't have an administrator account and your grandkids just entered your password wrong enough times to lock out your account. In any case, what do you do? There is no way into your machine without a password for a working account. Lucky for you, other ways exist.

While many tools exist, some free and some not free, I will explain the one that I use because it is the most versatile. All you need is the latest Knoppix DVD. Make sure you grab the DVD because the CD doesn't contain everything that we need.

So why am I using a full, bootable operating system when other slimmer tools will do the job. Here is what the Knoppix DVD gets you that other slimmer tools don't: That last one is pretty useful. On the off chance that you need to do more fixing than passwords, having a full-featured OS at your disposal means you can do literally anything.

Now it's time to go over the few easy steps to reset a forgotten password.

  1. Boot the Knoppix DVD

  2. Open a root terminal
  3. The normal terminal icon on the taskbar will open a terminal as the 'knoppix' user. We, however, need root privileges to do what we need to do, so don't click that icon. Instead, click the penguin icon. This will pop a short list in which "Root Terminal" will be a choice.

  4. Edit fstab
  5. You probably already saw that there was an icon on the desktop which would automatically mount your Windows drive and give you a file browser. If you clicked it, way to go, genius, you did it wrong. Right click the icon and unmount the drive. We need to keep the drive unmounted until we've made our change. In the root terminal, edit /etc/fstab. You will see a line similar to:
    /dev/sda1 /media/sda1 ntfs noauto,nouser,uid=0,gid=0,umask=002 0 0
    Change it to read:
    /dev/sda1 /media/sda1 ntfs rw,noauto,nouser,uid=0,gid=0,umask=002 0 0
    By adding the "rw," to the line, we enable writing to the Windows partition, which is necessary to blank the password. Because writing to an NTFS drive is still considered "experimental", it's not enabled by default. Save fstab.

  6. Mount the drive
  7. Sure, you could click the icon on the desktop now that we've changed the drive to writable, but you don't want to do that. I will hate you. You want to do it the right way:
    mount /media/sda1

  8. Change to the SAM directory
  9. Depending on how your version of Windows was installed, you may have to play around with capitalization and such, but the directory should be like the following:
    cd /media/sda1/Windows/system32/config

  10. List the users
  11. Now we get to use the tool to reset passwords, chntpw. First of all, let's see what users exist on your Windows drive:
    chntpw -l SAM
    "SAM" is the filename in the config folder, so be sure you have the proper case.

  12. Reset the password
  13. If you want to reset the administrator password, you can just enter:
    chntpw SAM
    If you want to reset a specific user account, you need to enter:
    chntpw -u USERNAME SAM
    Be sure to enter an asterisk (*) for the password to blank it because changing it to an ascii value doesn't work. You'll have to answer yes (y) to two questions asking if you're sure and if you want to write the changes.

  14. Unmount the drive
  15. umount /media/sda1

  16. Reboot
  17. However you want to do that.
And there you have it. A blank password for the account that you chose. If your machine uses the Welcome screen and only has one user (this is the case for most people), you should be automatically logged in. If you have multiple users on your system or you make use of the login box, you'll have to enter your username and leave the password box empty. Once logged in, just change your password as you normally would (CTRL+ALT+DEL or through the Control Panel) and you're back to normal.


Post a comment!