How to Reset Windows Password

Forgot your administrator password? Don't panic, it happens to some other people too, and you have found the solution! The following instructions will show you step-by-step how to reset your local Windows password. This only works for local user accounts, however, not domain accounts.The password recovery tool from this page is written by Petter Nordahl-Hagen, and the original information, as well as the downloadable tool, can be found from his website. According to the author, this tool should work for Windows NT/2000/XP/Vista.

WARNING! Users who have EFS encrypted files on the Windows XP or Vista computers will loose access to the EFS encrypted files after recovery of your password!


Use this trick at your own risks

The tool to reset your password can be downloaded here.

I. Download the bootdisk:
Download the bootdisk, which includes the password recovery tool here. The file contains the ISO CD image.
Unzip (extract) the ISO file and burn it to a CD. Note that this is an ISO file, you must burn it to CD as an ISO image, not as a "data" file. If you're not sure how, see this article. Also, the image is bootable, you need to burn the image to a CD using the image burning feature; do not extract the contents of the ISO and burn them to the CD, you'll end up with a CD that can't boot!

II. Understanding the process:
You'll use the bootdisk created from the above steps to bootup your computer, which you want to reset your administrator password.
You'll be asked for things like: which drive is the boot drive, which path to the SAM file, etc.. but don't worry, details will be provided.
Once you have selected an account to reset the password, you'll need to type in a new password; however, it is highly recommended to use a BLANK password at this point, then you can change your password later in Windows.
Follow the prompts to the end. You'll need to save the changes at the end!

III. OK! Enough talking. Here are the steps:
Startup your computer with the bootdisk created above. You should see a welcome screen following with a prompt:

boot:

Just wait, the bootup process will continute automatically. Then you should see a screen similar to this:

========================================================= . Step ONE: Select disk where the Windows installation is ========================================================= .... NT partitions found: 1 : /dev/sda1 4001MB Boot 2 : /dev/sda5 2148MB Please select partition by number or a = show all partitions, d = automatically load new disk drivers m = manually load new disk drivers l = relist NTFS/FAT partitions, q = quit Select: [1]

Notice the last line "Select: [1]" which shows the [1] as default selection because the tool detected the bootup partition is [1]. This might be different on your own machine, so you should review the list shown under "NT partitions found:". The partition with the word "Boot" should be selected.


Hit Enter once you confirm the selection. You should see a similar screen as follows:

========================================================= . Step TWO: Select PATH and registry files ========================================================= .... What is the path to the registry directory? (relative to windows disk) [windows/system32/config] :

Notice the last line "[windows/system32/config]" which shows the default path. This was also detected by the tool. If the path is correct, hit Enter, or if you wish to enter a different path, enter it now then hit Enter.
Here are the paths for different versions of Windows:
- Windows NT 3.51: winnt35/system32/config
- Windows NT 4 and Windows 2000: winnt/system32/config
- Windows XP/2003 (and often Windows 2000 upgraded from Windows 98 or earlier): windows/system32/config


Once you hit "Enter", you should see the next screen similar to the following:

-r-------- 1 0 0 262144 Jan 12 18:01 SAM -r-------- 1 0 0 262144 Jan 12 18:01 SECURITY -r-------- 1 0 0 262144 Jan 12 18:01 default -r-------- 1 0 0 8912896 Jan 12 18:01 software -r-------- 1 0 0 2359296 Jan 12 18:01 system dr-x------ 1 0 0 4096 Sep 8 11:37 systemprofile -r-------- 1 0 0 262144 Sep 8 11:53 userdiff Select which part of registry to load, use predefined choices or list the files with space as delimiter 1 - Password reset [sam system security] 2 - RecoveryConsole parameters [software] q - quit - return to previous [1]

Hit "Enter" with the default option selected "[1]". Then ...:

========================================================= 

 . Step THREE: Password or registry edit ========================================================= 

 Loaded hives: 1 - Edit user data and passwords 2 - Syskey status & change 3 - RecoveryConsole settings - - - 9 - Registry editor, now with full write support! q - Quit (you will be asked if there is something to save) What to do? [1] -> 1

Hit "Enter" with the default option selected "[1]". Then ...:

===== chntpw Edit User Info & Passwords ==== 

RID: 01f4, Username: <Administrator> RID: 01f5, Username: <Guest>, *disabled or locked* RID: 03e8, Username: <HelpAssistant>, *disabled or locked* RID: 03eb, Username: <pnh>, *disabled or locked* RID: 03ea, Username: <SUPPORT_388945a0>, *disabled or locked* Select: ! - quit, . - list users, 0x<RID> - User with RID (hex) or simply enter the username to change: [Administrator]

Hit "Enter" with the default option selected "[Administrator]", or select another user account. Here you can enter the full user account surrounded by < and >, CASE-SENSITIVE, or enter the RID number (i.e. 0x1f4). Assuming you select the Administrator account, you should see the following screen:

RID : 0500 [01f4] Username: Administrator fullname: comment : Built-in account for administering the computer/domain homedir : Account bits: 0x0210 = [ ] Disabled | [ ] Homedir req. | [ ] Passwd not req. | [ ] Temp. duplicate | [X] Normal account | [ ] NMS account | [ ] Domain trust ac | [ ] Wks trust act. | [ ] Srv trust act | [X] Pwd don't expir | [ ] Auto lockout | [ ] (unknown 0x08) | [ ] (unknown 0x10) | [ ] (unknown 0x20) | [ ] (unknown 0x40) | Failed login count: 0, while max tries is: 0 Total login count: 3 * = blank the password (This may work better than setting a new password!) Enter nothing to leave it unchanged Please enter new password: *

At the prompt "Please enter new password", Enter the * for a blank password (HIGHLY RECOMMENDED!) then press Enter

Please enter new password: * Blanking password! Do you really wish to change it? (y/n) [n] y

At the prompt, type in "y", then press Enter. Note that the default option is "n".

Do you really wish to change it? (y/n) [n] y Changed! 

Select: ! - quit, . - list users, 0x - User with RID (hex) or simply enter the username to change: [Administrator] !

Enter the "!" to go back to the main menu. Then select "q" at the following menu to quit:

<>========<> chntpw Main Interactive Menu <>========<> 

 Loaded hives: 1 - Edit user data and passwords 2 - Syskey status & change 3 - RecoveryConsole settings - - - 9 - Registry editor, now with full write support! q - Quit (you will be asked if there is something to save) What to do? [1] -> q 

A prompt to save changes displays, enter "y" to save:

========================================================= 

      . Step FOUR: Writing back changes ========================================================= 

 About to write file(s) back! Do it? [n] : y 

The changes are saved! You should see the following screen, press Enter, and reboot your computer.

Writing sam ***** EDIT COMPLETE ***** You can try again if it somehow failed, or you selected wrong New run? [n] : n 

We can't get smarter without sharing, so follow & post a comment!


Warning:
You can try these codes at your own responsibility ! We are not responsible for any malfunction and we don’t accept any complaints.