Reset
Windows Password
Forgot your administrator password?
Don't panic, it happens to some other people too, and you have found the
solution! The following instructions will show you step-by-step how to reset
your local Windows password. This only works for local user accounts, however,
not domain accounts.The password recovery tool from this page is written by
Petter Nordahl-Hagen, and the original information, as well as the downloadable
tool, can be found from his website. According to the author, this
tool should work for Windows NT/2000/XP/Vista.
WARNING! Users who have EFS encrypted files on the Windows XP or
Vista computers will loose access to the EFS encrypted files after recovery of
your password!
Use this trick at your own
risks
The tool to reset your password can
be downloaded here.
I. Download the bootdisk:
- Download the bootdisk, which includes the password recovery tool here. The file contains the ISO CD image.
- Unzip (extract) the ISO file and burn it to a CD. Note that this is an ISO file, you must burn it to CD as an ISO image, not as a "data" file. Also, the image is bootable, you need to burn the image to a CD using the image burning feature; do not extract the contents of the ISO and burn them to the CD, you'll end up with a CD that can't boot!
II. Understanding the Process:
1.
You will use the bootdisk created
form the above steps to bootup your computer, which you want to reset your
administrator password.
2.
you will be asked for things like:
which drive is the boot drive, which path to the SAM file, etc but don’t worry details
will be provided.
3.
Once you have selected an account to
reset the password, you’ll need to type in a new password: however, it is
highly recommended to use a BLANK password at this point, then you can change
your password later in windows.
4.
Follow the prompts to the end. You’ll
need to save the changes at the end.
III. OK! Enough talking. Here are
the steps:
- Startup your computer with the bootdisk created above. You should see a welcome screen following with a prompt:
2. boot:
- Just wait, the bootup process will continute automatically. Then you should see a screen similar to this:
4. =========================================================
5. . Step ONE: Select disk where the Windows
installation is
6. =========================================================
7. ....
8. NT partitions found:
9. 1 : /dev/sda1
4001MB Boot
10. 2
: /dev/sda5 2148MB
11.
12. Please select partition by number or
13. a = show all partitions, d = automatically
load new disk drivers
14. m = manually load new disk drivers
15. l = relist NTFS/FAT partitions, q = quit
16. Select: [1]
- Notice the last line "Select: [1]" which shows the [1] as default selection because the tool detected the bootup partition is [1]. This might be different on your own machine, so you should review the list shown under "NT partitions found:". The partition with the word "Boot" should be selected.
- Hit Enter once you confirm the selection. You should see a similar screen as follows:
19. =========================================================
20. . Step TWO: Select PATH and registry files
21. =========================================================
22. ....
23. What is the path to the registry
directory? (relative to windows disk)
24. [windows/system32/config] :
- Notice the last line "[windows/system32/config]" which shows the default path. This was also
detected by the tool. If the path is correct, hit Enter, or if you wish to
enter a different path, enter it now then hit Enter.
Here are the paths for different versions of Windows:
- Windows NT 3.51: winnt35/system32/config
- Windows NT 4 and Windows 2000: winnt/system32/config
- Windows XP/2003 (and often Windows 2000 upgraded from Windows 98 or earlier): windows/system32/config - Once you hit "Enter", you should see the next screen similar to the following:
27. -r-------- 1 0
0 262144 Jan 12 18:01 SAM
28. -r-------- 1 0
0 262144 Jan 12 18:01
SECURITY
29. -r-------- 1 0
0 262144 Jan 12 18:01
default
30. -r-------- 1 0
0 8912896 Jan 12 18:01
software
31. -r-------- 1 0
0 2359296 Jan 12 18:01
system
32. dr-x------ 1 0
0 4096 Sep 8 11:37 systemprofile
33. -r-------- 1 0
0 262144 Sep 8 11:53 userdiff
34.
35. Select which part of registry to load, use
predefined choices
36. or list the files with space as delimiter
37. 1 - Password reset [sam system security]
38. 2 - RecoveryConsole parameters [software]
39. q - quit - return to previous
40. [1]
- Hit "Enter" with the default option selected "[1]". Then ...:
42. =========================================================
43. . Step THREE: Password or registry edit
44. =========================================================
45. Loaded hives:
46.
47. 1
- Edit user data and passwords
48. 2
- Syskey status & change
49. 3
- RecoveryConsole settings
50. - - -
51. 9
- Registry editor, now with full write support!
52. q
- Quit (you will be asked if there is something to save)
53.
54. What to do? [1] -> 1
- Hit "Enter" with the default option selected "[1]". Then ...:
56. ===== chntpw Edit User Info &
Passwords ====
57.
58. RID: 01f4, Username: <Administrator>
59. RID: 01f5, Username: <Guest>,
*disabled or locked*
60. RID: 03e8, Username:
<HelpAssistant>, *disabled or locked*
61. RID: 03eb, Username: <pnh>,
*disabled or locked*
62. RID: 03ea, Username:
<SUPPORT_388945a0>, *disabled or locked*
63.
64. Select: ! - quit, . - list users,
0x<RID> - User with RID (hex)
65. or simply enter the username to change:
[Administrator]
- Hit "Enter" with the default option selected "[Administrator]", or select another user account. Here you can enter the full user account surrounded by < and >, CASE-SENSITIVE, or enter the RID number (i.e. 0x1f4). Assuming you select the Administrator account, you should see the following screen:
67. RID
: 0500 [01f4]
68. Username: Administrator
69. fullname:
70. comment : Built-in account for
administering the computer/domain
71. homedir :
72.
73. Account bits: 0x0210 =
74. [ ] Disabled | [ ] Homedir req. | [ ] Passwd not req. |
75. [ ] Temp. duplicate | [X] Normal
account | [ ] NMS account |
76. [ ] Domain trust ac | [ ] Wks trust
act. | [ ] Srv trust act |
77. [X] Pwd don't expir | [ ] Auto
lockout | [ ] (unknown 0x08) |
78. [ ] (unknown 0x10) | [ ] (unknown 0x20) | [ ] (unknown 0x40) |
79.
80. Failed login count: 0, while max tries is:
0
81. Total
login count: 3
82.
83. * = blank the password (This may work
better than setting a new password!)
84. Enter nothing to leave it unchanged
85. Please enter new password: *
- At the prompt "Please enter new password", Enter the * for a blank password (HIGHLY RECOMMENDED!) then press Enter
87. Please enter new password: *
88. Blanking password!
89.
90. Do you really wish to change it? (y/n) [n]
y
- At the prompt, type in "y", then press Enter. Note that the default option is "n".
92. Do you really wish to change it? (y/n) [n]
y
93. Changed!
94.
95. Select: ! - quit, . - list users, 0x -
User with RID (hex)
96. or simply enter the username to change:
[Administrator] !
- Enter the "!" to go back to the main menu. Then select "q" at the following menu to quit:
98. <>========<> chntpw Main
Interactive Menu <>========<>
99.
100.
Loaded
hives:
101.
102.
1 - Edit user data and passwords
103.
2 - Syskey status & change
104.
3 - RecoveryConsole settings
105.
- - -
106.
9 - Registry editor, now with full write
support!
107.
q - Quit (you will be asked if there is
something to save)
108.
109.
What
to do? [1] -> q
- A prompt to save changes displays, enter "y" to save:
111.
=========================================================
112.
.
Step FOUR: Writing back changes
113.
=========================================================
114.
About
to write file(s) back! Do it? [n] : y
- The changes are saved! You should see the following screen, press Enter, and reboot your computer.
116.
Writing sam
117.
118.
*****
EDIT COMPLETE *****
119.
120.
You
can try again if it somehow failed, or you selected wrong
121.
New
run? [n] : n
No comments:
Post a Comment