Proper Use Case
You may encounter situations in which you have forgotten the administrator password on a Windows computer, and you need to reset the password. This tutorial will walk you through how to reset it using an open source tool called ntpasswd.
Improper Use Cases
- If your Windows computer is joined to a domain, and you're trying to reset a domain account password, you need to do that through Active Directory. ntpasswd will not help you reset domain accounts, only local accounts.
- If you are trying to find out (instead of reset) an admin password, you cannot do so through ntpasswd. You may have some success doing so using Ophcrack, but it doesn't always work and may take a very long time. For more details on why, check out the FAQ page for Ophcrack.
- Try to break into an active (but locked) session. In order to use ntpasswd to reset an admin password, you have to reboot the computer. Really, you shouldn't be breaking into people's sessions anyway!
Download and use the USB / burn the CD
If you go to the ntpasswd website and scroll down, you should see some downloads available. There's one for USB, one for floppy, and one for CD. Even though you "waste" a CD, I think for first-time use of ntpasswd a burnt CD is the best way to go.
Download the .iso (disk image) zip file and unzip it.
Then you want to burn the .iso to CD as a disk image (not as data). For more details on how to do so, check out this tutorial, which uses a Ubuntu .iso as an example, but the same procedure works for any .iso, really.
Once you have the CD burnt, plop it into the optical drive for your old Windows computer and boot from the CD. You may have to press a special key during bootup (e.g., Esc, F12, F10, etc.) to get the computer to boot from the CD instead of its internal hard drive.
The actual password resetting
ntpasswd will automatically scan the hard drive for any existing Windows installations. Some people have dual-boot Windows installations but in all likelihood you'll have only one, so you can just select the default by hitting Enter (otherwise, type in the number of the drive/partition you want, and then hit Enter).
You'll see a list of users. You can select a particular admin users you want to reset the password for. For the sake of this demonstration, we're going to use the built-in Windows Administrator account.
To select the user you want, type in the RID number. Since I'm selecting the Administrator account for this demo, I'm typing in 01f4.
In this particular case, the Administrator account is locked (which it is by default in Windows). So I'm going to type 2 to unlock the account. You do not need to do this most likely for any normal (not built-in) administrator account.
If you're done with everything, type n to not run the whole process again.
Depending on your settings, you may just get a username and password prompt—in which case, enter the username and leave the password blank.