Proper Use Case
You may encounter situations in which you have forgotten the administrator password on a Windows computer, and you need to reset the password. This tutorial will walk you through how to reset it using an open source tool called ntpasswd.
Improper Use Cases
- If your Windows computer is joined to a domain, and you’re trying to reset a domain account password, you need to do that through Active Directory. ntpasswd will not help you reset domain accounts, only local accounts.
- If you are trying to find out (instead of reset) an admin password, you cannot do so through ntpasswd. You may have some success doing so using Ophcrack, but it doesn’t always work and may take a very long time. For more details on why, check out the FAQ page for Ophcrack.
- Try to break into an active (but locked) session. In order to use ntpasswd to reset an admin password, you have to reboot the computer. Really, you shouldn’t be breaking into people’s sessions anyway!
Download and use the USB / burn the CD
If you go to the ntpasswd website and scroll down, you should see some downloads available. There’s one for USB, one for floppy, and one for CD. Even though you “waste” a CD, I think for first-time use of ntpasswd a burnt CD is the best way to go.
Download the .iso (disk image) zip file and unzip it.
Then you want to burn the .iso to CD as a disk image (not as data). For more details on how to do so, check out this tutorial, which uses a Ubuntu .iso as an example, but the same procedure works for any .iso, really.
Once you have the CD burnt, plop it into the optical drive for your old Windows computer and boot from the CD. You may have to press a special key during bootup (e.g., Esc, F12, F10, etc.) to get the computer to boot from the CD instead of its internal hard drive.
The actual password resetting
Once ntpasswd boots up, you’ll see some special boot options.
You can type in boot and hit Enter. I believe you can even just hit Enter without typing boot. There are some special options, but try the default one first unless you run into problems.
ntpasswd will automatically scan the hard drive for any existing Windows installations. Some people have dual-boot Windows installations but in all likelihood you’ll have only one, so you can just select the default by hitting Enter (otherwise, type in the number of the drive/partition you want, and then hit Enter).
Hit Enter, because you want to select Password reset [sam].
Hit Enter, because you want to select Edit user data and passwords.
You’ll see a list of users. You can select a particular admin users you want to reset the password for. For the sake of this demonstration, we’re going to use the built-in Windows Administrator account.
To select the user you want, type in the RID number. Since I’m selecting the Administrator account for this demo, I’m typing in 01f4.
In this particular case, the Administrator account is locked (which it is by default in Windows). So I’m going to type 2 to unlock the account. You do not need to do this most likely for any normal (not built-in) administrator account.
Type 1 to blank out the existing user password.
Type q to quit.
Type q to quit again.
This part is super important! When you’re asked if you want to write the files back, you definitely want to type y to write them back, even though the default is n.
You may get a cryptic error that says cat: can’t open ‘/tmp/disk’: No such file or directory. Ignore it. It’s probably fine.
If you’re done with everything, type n to not run the whole process again.
When prompted, hit Control-Alt-Delete to reboot the computer, and then eject the ntpasswd CD so Windows will boot up.
You should now be able to click on the account (in this case, Administrator) to log in without a password.
Depending on your settings, you may just get a username and password prompt—in which case, enter the username and leave the password blank.
Wait to log in…
Go to the Control Panel and set or reset any passwords you want, now that you are again administrator of the Windows installation.