Skip to content

Resetting forgotten Windows password – chntpw

I come back with the story again, and this time I go to the dark side … a little. Why the dark side, you ask? Part of my job is to use Windows OS and I can’t escape that. So I consider Windows the dark side because I know there is something better and of course I use that something every day. The other side of the dark side story is about computer ethics, but I had no other way out of the situation. I had to use Linux and the chntpw tool to allow myself access to one of the user accounts on one of computers at work.

How’s the password forgotten?

A small introduction to the whole situation that arose. It happened that software was installed on the computer, which for some reason no longer wanted to start. An error message says – the application version is not supported. All this would be understandable if on other computers with the same setting the same application works. I thought that this problem was as simple and that installing a new version would probably save me.

As I recently took over as administrator I was supposed to have all the user and administrator passwords. For all other computers except for that group of a dozen machines, I didn’t have any. I asked other colleagues, but it didn‘t help. It happens to be forgotten. I tried all possible combinations based on other passwords, but that didn’t work either. So the problem started to complicate. Instead of 5 minutes of work, it turned out to take a little more time.

Prerequisites for solving the problem

The good old Google, the one I regularly criticize, proved useful this time. He pointed me to the chntpw tool and instructions on another website (whose images I will use in the text – thank you for not getting mad :D).

The solution to my problem consisted of a few conditions and a few steps. The conditions are that I have a bootable flash drive with Linux installed (any distro would finish the job) and an Internet connection. It is not necessary to download Kali Linux, BlackArch or some similar pen-testing distro.

The process of deleting a password and setting a new one

After booting Linux from the flash drive, we immediately switch to the console. First you need to mount the partition on which Windows is installed. The next step is to use chntpw over the SAM (Security Account Manager) file in which the user account data is stored. I will also state the exact path and which command starts the tool and the procedure for deleting the forgotten password. And after that, in a few moments, everything was settled.

1. #mount /dev/sda1 /mnt                       - Partition sda1 is mounted (the one with Windows)
2. cd /mnt/Windows/system32/config   - Directory where SAM file is located
3. chntpw -l SAM                                       - Starting the chntpw

In addition to some information that the tool itself provides at startup, it will also display a list of all users, with their identification numbers (RID in the picture). This number is needed to select the user whose password we are changing.

4. We enter the RID number of the user to go to the next menu, which is shown in the following image.
5. Entering the number 1 selects the deletion of the existing password (although it is shown differently in the picture, you can also directly change the password).
6. The changes are then written to a file and exited from the tool
7.  # umount /mnt

After this procedure, the user’s password is deleted and when you reset the computer and start Windows, you will not need a password when logging in (because it no longer exists). You can set up a new one later. The procedure itself takes a few minutes and, as you can see, is not complicated. After this, I was able to return to solving the initial problem, here is a reminder for me in the future, and maybe it will be useful to someone else 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *