Resetting a Windows password with ntpasswd


Proper Use Case

You may encounter situations in which you have forgotten the administrator password on a Windows computer, and you need to reset the password. This tutorial will walk you through how to reset it using an open source tool called ntpasswd.

Improper Use Cases

  1. If your Windows computer is joined to a domain, and you’re trying to reset a domain account password, you need to do that through Active Directory. ntpasswd will not help you reset domain accounts, only local accounts.
  2. If you are trying to find out (instead of reset) an admin password, you cannot do so through ntpasswd. You may have some success doing so using Ophcrack, but it doesn’t always work and may take a very long time. For more details on why, check out the FAQ page for Ophcrack.
  3. Try to break into an active (but locked) session. In order to use ntpasswd to reset an admin password, you have to reboot the computer. Really, you shouldn’t be breaking into people’s sessions anyway!

Download and use the USB / burn the CD

ntpassword01
If you go to the ntpasswd website and scroll down, you should see some downloads available. There’s one for USB, one for floppy, and one for CD. Even though you “waste” a CD, I think for first-time use of ntpasswd a burnt CD is the best way to go.

Download the .iso (disk image) zip file and unzip it.

Then you want to burn the .iso to CD as a disk image (not as data). For more details on how to do so, check out this tutorial, which uses a Ubuntu .iso as an example, but the same procedure works for any .iso, really.

Once you have the CD burnt, plop it into the optical drive for your old Windows computer and boot from the CD. You may have to press a special key during bootup (e.g., Esc, F12, F10, etc.) to get the computer to boot from the CD instead of its internal hard drive.

The actual password resetting

ntpassword02
Once ntpasswd boots up, you’ll see some special boot options.

ntpassword03
You can type in boot and hit Enter. I believe you can even just hit Enter without typing boot. There are some special options, but try the default one first unless you run into problems.

ntpassword04
ntpasswd will automatically scan the hard drive for any existing Windows installations. Some people have dual-boot Windows installations but in all likelihood you’ll have only one, so you can just select the default by hitting Enter (otherwise, type in the number of the drive/partition you want, and then hit Enter).

ntpassword05
Hit Enter, because you want to select Password reset [sam].

ntpassword06
Hit Enter, because you want to select Edit user data and passwords.

ntpassword07
You’ll see a list of users. You can select a particular admin users you want to reset the password for. For the sake of this demonstration, we’re going to use the built-in Windows Administrator account.

To select the user you want, type in the RID number. Since I’m selecting the Administrator account for this demo, I’m typing in 01f4.

ntpassword08
In this particular case, the Administrator account is locked (which it is by default in Windows). So I’m going to type 2 to unlock the account. You do not need to do this most likely for any normal (not built-in) administrator account.

ntpassword09
Type 1 to blank out the existing user password.

ntpassword10
Type q to quit.

ntpassword11
Type q to quit again.

ntpassword12
This part is super important! When you’re asked if you want to write the files back, you definitely want to type y to write them back, even though the default is n.

ntpassword13
You may get a cryptic error that says cat: can’t open ‘/tmp/disk’: No such file or directory. Ignore it. It’s probably fine.

If you’re done with everything, type n to not run the whole process again.

ntpassword14
When prompted, hit Control-Alt-Delete to reboot the computer, and then eject the ntpasswd CD so Windows will boot up.

ntpassword15
You should now be able to click on the account (in this case, Administrator) to log in without a password.

Depending on your settings, you may just get a username and password prompt—in which case, enter the username and leave the password blank.

ntpassword16
Wait to log in…

ntpassword17
Go to the Control Panel and set or reset any passwords you want, now that you are again administrator of the Windows installation.


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.