Reset Administrator Password of WinXP/Vista

Have you ever forgot your WindowsXP or Vista’s Administrator password? Have you ever re-installed your XP just because you forgot your admin password and didn’t know how to reset it? Do you want to reset your friends Administrator password?

If your answer for any of the above question is ‘yes’ then this is the right place for you to get help. In this post i will explain simple way to reset password of any user account using a linux live CD. I will be explaining the password resetting procedure using Ubuntu live cd. Its not mandatory to use live cd, same steps can be used if you have duel boot linux partition.


  • Ubuntu Live CD
  • CD-ROM should be the first option in the target computers bios boot sequence.

OK  if you have met above mentioned pre-requisites, lets get started. We will be using a small NT password recover utility chntpw ( change NT password ). chntpw contains a simple registry editor which allows us to change bits and bytes.

Default ISO of Ubuntu-9.04 does not contain chntpw utility. We need to explicitly install it using either of following way.

  • $ sudo apt-get install chntpw
  • Manual: If repository do not find the package.

We need to manually satisfy dependencies for chntpw utility by using

Bughira# apt-get install libgcrypt11

Now download debian package of chntpw utility from here and install it using

Bughira:~# dpkg -i chntpw_0.99.5-0+nmu1_i386.deb
Selecting previously deselected package chntpw.
(Reading database ... 129568 files and directories currently installed.)
Unpacking chntpw (from .../chntpw_0.99.5-0+nmu1_i386.deb) ...
Setting up chntpw (0.99.5-0+nmu1) ...
Processing triggers for man-db ...

Resetting the password:

  • Mount the windows partition
  • Change the current directory to WINDOWS\system32\config
  • Bughira# chntpw -l SAM  (this will list all the configured users on the target system)
* SAM policy limits:
Failed logins before lockout is: 0
Minimum password length        : 0
Password history count         : 0
| RID -|---------- Username ------------| Admin? |- Lock? --|
| 03eb | admin                          | ADMIN  | dis/lock |
| 01f4 | Administrator                  | ADMIN  | dis/lock |
| 03ed | ASPNET                         |        |          |
| 01f5 | Guest                          |        | dis/lock |
| 03e8 | HelpAssistant                  |        | dis/lock |
| 03ea | SUPPORT_388945a0               |        | dis/lock |
  • Bughira# chntpw -u Administrator SAM
  • If we do not specify any user account then Administrator user account it selected and following menu is presented
- - - - User Edit Menu:
 1 - Clear (blank) user password
 2 - Edit (set new) user password (careful with this on XP or Vista)
 3 - Promote user (make user an administrator)
 4 - Unlock and enable user account [probably locked now]
 q - Quit editing user, back to user select

Enter ‘1’ as choice to clear the password and you are done. We can even change the password or promote another user as an administrator of the system.

Select: [q] > 1
Password cleared!

Hives that have changed:
 #  Name
 0  </media/disk/WINDOWS/system32/config/SAM>
Write hive files? (y/n) [n] : y
 0  </media/disk/WINDOWS/system32/config/SAM> - OK

Now you can reboot the system and happily login in your crapy windows box 😀



About this entry