Table of Contents
You forgot your windows logon password
There are serveral methods for recovering a lost windows logon password. Unfortunately, many methods expect you to have prepared for the situation. Also, there are commercial methods that require a payment.
The Hirens WinPE method
July 11, 2019. The following method has been added. My opinion. This method is user friendly, compared to the Linux and chntpw method.
Recently I was made aware of https://www.hirensbootcd.org/ . After you download the iso and burn it to a thumb drive, with something like Rufus, then you boot from the thumb drive and have the choice of using a large set of utilities, including “Nt Password Edit”. You may be challenged with “How do I boot from the thumb drive?”. Unfortunately, computer manufactures have not standardized the process for how to manipulate/change the boot options. Here are links to compilations of boot key options from disk-image.com and urtech.ca. One method to find the boot options of a specific brand of computer is to google “ComputerBrandName boot keys”.
The linux and chntpw method.
This method/process might be considered when other methods are not an option or less desirable.
In a nutshell, this process requires that you boot your computer with Linux and use chntpw to clear the password. Linux and chntpw are free to use.
If you forgot your password for logging into Windows AND it is a local password, then the password can be cleared (set to nothing), with a program named chntpw (change NT password). chntpw is a program that requires the Linux operating system. This also means your computer needs the ability to boot from an alternate media. Alternate media in this case means a CD or a DVD or a USB device. This also means that your BIOS probably needs to be configured to allow booting from an alternate media. It is not uncommon for BIOS boot options, to be changed for the period of time you need to boot Linux, and use chntpw. Most PC's have the ability to change bios boot options. The magic of finding the process that will allow you to change the BIOS options might be discovered by executing an internet search for “CompterModel boot keys ”. You need to substitute the manufacture and/or model for ComputerModel .
The source for chntpw is available from the creator of the program at https://pogostick.net/~pnh/ntpasswd/ . You will find other references to chntpw if you do an internet search for “chntpw ” or “offline NT password ”. There are other command line tools available from the author of chntpw. You can find additional information at https://pogostick.net/~pnh/ntpasswd/.
Here is the wikipedia page about chntpw.
chntpw is available as part of systemrescuecd. Please note that chntpw and systemrescuecd have been available for many years.
Reset your password with chntpw
———————– Beginning of chntpw man page ———————————–
Below is a copy of the Linux “manual page” for chntpw. Take note of the “Examples” in the following text. It would be best if you experimented with non-destructive options before trying to clear a password.
CHNTPW(8) System Manager's Manual CHNTPW(8)
chntpw - utility to overwrite passwords of Windows systems
chntpw [options] <samfile> [systemfile] [securityfile] [otherreghive] […]
This manual page documents briefly the chntpw command. This manual page was written for the Debian distribution because the original program does not have a manual page.
chntpw is a utility to view some information and reset user passwords in a Windows NT/2000 SAM userdatabase file used by Microsoft Windows Operating System (in NT3.x and later versions). This file is usually located at \WINDOWS\system32\config\SAM on the Windows file system. It is not necessary to know the previous passwords to reset them. In addition it contains a simple registry editor and ahex-editor with which the information contained in a registry file can be browsed and modified. This program should be able to handle both 32 and 64 bit Microsoft Windows and all versions from NT3.x up to Win8.1.
-h Show a summary of options.
Username or username ID (RID) to change. The default is 'Administrator'.
-l List all users in the SAM database and exit.
-i Interactive Menu system: list all users (as per -l option) and then ask for the user to change.
-e Registry editor with limited capabilities (but it does include write sup‐port). For a slightly more powerful editor see reged
-d Use buffer debugger instead (hex editor)
-L Log all changed filenames to /tmp/changed. When this option is set the program automatically saves the changes in the hive files without prompting the user.
Be careful when using the -L option as a root user in a multiuser system. The filename is fixed and this can be used by malicious users (dropping a symlink with the same name) to overwrite system files.
-N Do not allocate more information, only allow the editing of existing values with same size.
-E Do not expand the hive file (safe mode).
-v Print verbose information and debug messages.
ntfs-3g /dev/sda1 /media/win ; cd /media/win/WINDOWS/system32/config/
Mount the Windows file system and enters the directory \WINDOWS\system32\config where Windows stores the SAM database.
chntpw SAM system
Opens registry hives SAM and system and change administrator account. This will work even if the name has been changed or it has been localized (since different language versions of NT use different administrator names).
chntpw -l SAM
Lists the users defined in the SAM registry file.
chntpw -u jabbathehutt SAM
Prompts for password for jabbathehutt and changes it in the SAM registry file, if found (otherwise do nothing).
This program uses undocumented structures in the SAM database. Use with caution (i.e. make sure you make a backup of the file before any changes are done).
Password changing is only possible if the program has been specifically compiled with some cryptographic functions. This feature, however, only works properly in Windows NT and Windows 2000 systems. It might not work properly in Windows XP, Vista, Win7, Win8 and later systems.
In the Debian distribution this feature is not enabled.
reged, samusrgrp, sampasswd
If you are looking for an automated procedure for password recovery, you might want to check the bootdisks (can be used in CD and USB drives) provided by the upstream author at http://pogostick.net/~pnh/ntpasswd/
You will find more information available on how this program works, including in depth details on how the registry works, in the text files
/usr/share/doc/chntpw/README.txt and /usr/share/doc/chntpw/MANUAL.txt
This program was written by Petter N Hagen.
This manual page was written by Javier Fernandez-Sanguino email@example.com, for the Debian GNU/Linux system (but may be used by others).
13th March 2010 CHNTPW(8)
———————– End of chntpw man page ———————————–
Youtube surfing led me to Kon-Boot. This looks interesting because it appears to work with Apple or WIndows. However… Hmmm. Kon-Boot is NOT free. Kon-boot may be considered a virus.
A link to kon-boot.com
Here is the wikipedia reference… Kon-Boot page on Wikipedia
If you visit youtube.com and search for kon-boot, there are several videos about usage.