Reset Windows Password /w KNOPPIX.

15 October, 2006

If you forget a password for your user on your Windows system (especially if the user is administrator), your computer immediately becomes a paperweight. It’s like being locked out of your car without a spare set of keys and without a way to contact a locksmith. Use Knoppix as your locksmith to reset the password to a new value or even completely erase it.

User accounts have an interesting history in Windows. The Windows 9x series did offer usernames and passwords, but every user could overwrite every other user’s files, and the system did not offer any real security. If you forget your password in Windows 9x, resetting it is as simple as deleting a .pwd file with a DOS disk. With Windows NT, 2000, and XP, Microsoft has increased its user security by creating different user accounts on the same system and passwords that protect them. However, unlike in Windows 9x, if you forget your Administrator password, your only recourse is to purchase a tool to reset your Windows password or to reinstall Windows to create a new administrator account. If you have a Knoppix disc, you can download and use the chntpw tool, which is a small program that lets you reset the local passwords on a Windows system, and return to your system.

Get chntpw

The chntpw tool is part of the ntpasswd package, which can be downloaded in boot floppy form from its web site at http://home.eunet.no/~pnordahl/ntpasswd/. However, this gives you a floppy image and requires that you mount multiple loopback entries to extract the utility from the floppy image to use under Knoppix. While you can simply create an ntpasswd boot floppy, this means yet another rescue disk to carry with you, and the beauty of Knoppix is that you have access to all of your recovery tools in a single disc. Luckily, the chntpw tool is now part of Debian unstable, which means that you can grab it directly from Debian’s repository.

 

You could use the apt-get wrapper, which is included for Knoppix, to download chntpw. However, to be certain you retrieve the latest version of chntpw, you must run the apt-get update, which downloads about 10 times as much data per repository as the 85-KB chntpw package. It saves bandwidth and time to download the package directly.

You can get the latest chntpw package from http://packages.debian.org/unstable/admin/chntpw. Download the .deb to your /home/knoppix directory. Most of the Knoppix system is read-only, so you can’t directly install this package. Instead, you must convert it to a tar file, and then extract out the chntpw utility. Open up a terminal, and run the following commands:

knoppix@ttyp1[config]$ alien --to-tgz chntpw_0.99.2-1_i386 .deb
knoppix@ttyp1[config]$ tar xvzf chntpw-0.99.2 .tgz ./usr/sbin/chntpw
knoppix@ttyp1[config]$ mv ./usr/sbin/chntpw ./

Change the .deb and .tgz filenames to match the version of chntpw that you downloaded. This command makes use of the alien utility, which has the ability to convert files between .rpm, .deb, and .tgz. This conversion is necessary to extract only the chntpw executable file. Once you are finished with these commands, the chntpw utility is in /home/knoppix and ready to use.

Reset the Password

To reset the password, you must have write permissions on the Windows partition. If you have a FAT or FAT32 Windows partition, click on the drive on the desktop to mount it, then right-click on the hard-drive icon and choose Actions|Change read/write mode, or on the command line, type:

knoppix@ttyp1[config]$ sudo mount -o rw /dev/hda1
 /mnt/hda1

Replace hda1 with your Windows partition. If you have an NTFS partition, follow the steps in Prev tuts to mount the NTFS partition with write permissions.

Once the partition is mounted, you must locate the directory containing the SAM file. For Windows 2000 and XP systems, this directory should be located under windows/system32/config or winnt/system32/config. In this example, navigate to the /mnt/hda1/windows/system32/config directory, and notice a number of files, including ones called SAM, SYSTEM, and SECURITY, that may or may not be in all caps. Once you have navigated to this directory on the command line, reset the Windows Administrator password by running:

knoppix@ttyp1[config]$ /home/knoppix/chntpw SAM

Remember that SAM is the name of the SAM file in the directory, and may or may not be all in caps. The default for this utility is to edit the Administrator password, so there is no need to specify an account. While you have the option to change the password to a different value, it is recommended to just reset the password and then change it when you get back into Windows. You can reset the password by typing * instead of a password when prompted.

knoppix@ttyp1[config]$ /home/knoppix/chntpw SAM
chntpw version 0.99.2 040105, (c) Petter N Hagen
openHive(sam) failed: Read-only file system, trying read-only
Hive's name (from header): <SystemRootSystem32ConfigSAM>
ROOT KEY at offset: 0x001020
...output supressed...
* = blank the password (This may work better than setting a new password!)
Enter nothing to leave it unchanged
Please enter new password: *

If you want to reset the password for a user other than Administrator, list the users in the SAM file with the -l option:

knoppix@ttyp1[config]$ /home/knoppix/chntpw -l SAM
chntpw version 0.99.2 040105, (c) Petter N Hagen
Hive's name (from header): <SystemRootSystem32ConfigSAM>
ROOT KEY at offset: 0x001020
Page at 0x6000 is not 'hbin', assuming file contains garbage at end
File size 262144 [40000] bytes, containing 5 pages (+ 1 headerpage)
Used for data: 218/16928 blocks/bytes, unused: 4/3392 blocks/bytes.
* SAM policy limits:
Failed logins before lockout is: 0
Minimum password length        : 0
Password history count         : 0
RID: 01f4, Username: <Administrator>, *BLANK password*
RID: 01f5, Username: <Guest>, *disabled or locked*
RID: 03e8, Username: <HelpAssistant>
RID: 03ea, Username: <SUPPORT_388945a0>, *disabled or locked*
Hives that have changed:
 #  Name
None!

This example has four users: Administrator, Guest, HelpAssistant, and SUPPORT_388945a0. Pick the user you want to edit, and then run chntpw with the -u option:

knoppix@ttyp1[config]$ /home/knoppix/chntpw -u username
 SAM

Once you change the password and save your changes, unmount the filesystem and reboot:

knoppix@ttyp1[config]$ cd
knoppix@ttyp1[knoppix]$ sudo umount /mnt/hda1

When you boot back to Windows, the password should be blank, so you can log in and change the password with the regular Windows tools.

Advertisements

19 Responses to “Reset Windows Password /w KNOPPIX.”

  1. sam said

    hi there,
    thanks for the useful infos about boot.ini , i just have one extra question.
    i have both windows xp and linux installed on my computer, the linux boot loader controls the boot operation through GRB upon booting linux screen comes up and it shows you what OS to boot into.
    Is there any way that I can have windows to control the boot process ?
    thank you.

    cheers

    Sam

  2. MINTH said

    Your instructions suck ass.

  3. didi said

    it’s nice tut!

  4. Tony said

    Very good web site, great work and thank you for your service.D

  5. dans said

    Thanks for the infos 🙂

  6. compn said

    thx for instructions, easy to use a flash drive to copy over chntpw too! 🙂

  7. Thank you very much for this tutorial. There are far too many incomplete explanations of this procedure, but this worked very well for me. I really wish I could find documentation like this on a more regular basis.

  8. A. Nobody said

    Thanks for the tut. It worked as advertised.

    I don’t know if you are still maintaining this, but I was able to download the pkg from the debian website and install it by clicking on the icon on the desktop (launching kpkg). To do this, you do need to set a password for root. You can do this by opening the shell, typing ‘su’, then typing ‘passwd’, then follow the instructions. i think thats easier than converting and extracting the package … etc.

  9. BBT said

    To retrieve the package on Debian style distros, siply use:

    sudo apt-get install chntpw

  10. plasmidmap said

    Totally awesome! If you have Ubuntu installed (either on same HDD or another) it’s very simple to reset the password:

    – Mount the NTFS Partition
    – sudo aptitude install chntpw
    – chntpw /media/disk/WINDOWS/system32/config/SAM
    – Follow instructions…

    Finished!!

    Thank you!

  11. YAA Adding this to my bookmarks. Thank You

  12. Seth said

    Great post, just used this to promote a Windows 7 user account back to an administrator from an Ubuntu install on the same drive.

    Check out https://help.ubuntu.com/community/MountingWindowsPartitions/ThirdPartyNTFS3G

    for a quick and easy way to get the NTFS partition mounted read/write from Ubuntu.

  13. lcd said

    You have great blog and this post is good!

  14. Do you have copy writer for so good articles? If so please give me contacts, because this really rocks! 🙂

  15. Seems like u truly know a great deal pertaining to this particular issue and that demonstrates
    as a result of this posting, termed “Reset Windows
    Password /w KNOPPIX. Learn To live”. Thanks a lot -Penelope

  16. You really put together a lot of great ideas in ur post, “Reset Windows Password /w KNOPPIX.
    Learn To live”. I am going to possibly be coming back again to ur web-site eventually.
    Many thanks -Virgie

  17. Normand said

    “Reset Windows Password /w KNOPPIX. | Learn To live…” Fabric Roman Shades was
    in fact a great post. In case it possessed much more photos
    this would most likely be possibly even much better.
    Regards ,Dee

  18. Woah! I’m really enjoying the template/theme of this blog. It’s simple, yet effective.
    A lot of times it’s challenging to get that “perfect balance” between superb usability and appearance. I must say you’ve
    done a amazing job with this. In addition, the blog loads super quick
    for me on Opera. Outstanding Blog!

  19. Johne443 said

    I like this post, enjoyed this one regards for posting. He removes the greatest ornament of friendship, who takes away from it respect. by Cicero. cdbcdfkfagad

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: