SEARCH

How-To Geek

Change Your Forgotten Windows Password with the Linux System Rescue CD

So far in our series we’ve covered how to reset your Windows password with the Ultimate Boot CD, but if you are a little more technical you might want to simply use the excellent System Rescue CD, which is based on Linux.

Note that if you are using standard Windows encryption for your files, resetting the password will permanently disable access to those files. In that case you should crack the password, which is something we’ll cover in an upcoming article.

image

If you are an Ubuntu user and forgot your password, we’ve covered how to do that as well, either the easy way with the grub menu or alternately with the live cd.

Creating the System Rescue CD

Before you can do anything else, you’ll need to download a copy of the System Rescue CD and burn the ISO image to disc. For this task, I prefer the simple ImgBurn utility, but you are free to use whatever burning application you prefer instead.

If you are using ImgBurn, click the Write image file to disc button…

image

Click the File button near Source and then pick the ISO file, then click the Burn button near the bottom. That’s about all there is to it.

image 

Download the System Rescue CD from sysresccd.org

Resetting Your Password

Now that you have your boot CD, you’ll want to boot from it, which will take you to this very informative prompt, with some basic instructions on how to use the CD.

image

The first thing we’ll want to do is mount the hard drive, using this command. (Note that you might not need to use the –o force argument, it’s only really for when the system didn’t shut down correctly)

ntfs-3g /dev/sda1 /mnt/windows –o force

You can use the df –m command to verify that the drive has been mounted and that it’s the right drive. Note that it’s mounted on /mnt/windows at this point.

image

Now you’ll want to change directory into the Windows/System32/config directory inside of your windows installation. For mine, the full path was something like this, but it might be different on yours:

cd /mnt/windows/Windows/System32/config

Once you are in that directory, you should see that there is a SAM file, which is where we’ll want to change the passwords.

image

To change the password we’ll use the chntpw command, and it’s most useful to use the –l argument first to list out all the usernames in the file.

chntpw –l SAM

image

Now you can add the –u argument with your username, which will end up being something like this command, except you’ll want to replace geek with your username:

chntpw –u geek SAM

This will present you with a wizard type screen:

image

I’m going to assume that you want to set a new password, so just type “2″ at the prompt, add in your password, and remember to use the “y” key when prompted to save.

image

At this point your password has been changed, so you can issue the reboot command to restart the computer (should take the disc out of the drive)

image

And now you should be able to login with the new password:

image

Note that I tested this technique on both XP, Vista and Windows 7 with good results.

Lowell Heddings, better known online as the How-To Geek, spends all his free time bringing you fresh geekery on a daily basis. You can follow him on if you'd like.

  • Published 09/30/08

Comments (71)

  1. Mark

    Great tip, I use Ophcrack and it always works. Seems no one who I’ve helped with it uses very difficult passwords. If they did this would be a nice option.

  2. bassmadrigal

    Great info.

    But one thing I noticed in your article is that in your commands all the dashes showed weird characters (if it shows up here, – ). Not sure what caused it, but just figured I would give you a heads up.

  3. sul2005tan

    that is not work with me see photo

    http://i37.tinypic.com/2qc2vxi.gif

    my directory is

    C:\Windows\System32\config

    http://i34.tinypic.com/1z5i0zt.png

    please help me

  4. hdfghdfghdfgh

    try changing your directory to mnt/windows/WINDOWS/system32/config

    Trust me .. the case matters

  5. Night

    i am trying to do what you said i am haveing the same prob as that with the pics i tryed what the guy said under him with the caps but its still not working. i tryed that Ophcrack and it said could not found. its my girls computer she was mad and changed her pass and dose not know what it is now. any help would be good. thanx Night

  6. cindy

    I can’t find my windows config directory. I’ve tried every possible combination. Is there a way to search for this?

  7. fingerlicker

    For those who can’t find it, first make sure that you have correctly mounted the windows partition. This is quite likely where you’ve gone wrong. Your df command output should be similar to that shown in the article. Then, to search for the SAM file, or any other file, use these commands:
    cd /mnt/windows
    find . -iname ‘sam*’ -print

  8. nick

    Than you for sharing such a solution, i don’t understand why they create operating systems that make your life difficult. I had stored the password by mistake in greek, and in the login screen i couldn’t change language to login!!! I tried everything but this straight forward method was really helpfull..

  9. Boris Bolgradov

    Thanks!

  10. SUREN

    hi i need help…my college gave me a acer laptop..with linux istalled of partially installed..i dont know…when i on the laptop its on dos promt..and i dont know how to load in to the system…and i wish to install xp on lt…it runs the cd…..and give me an error msg blue screen apear check ur harddisk or hdd controller…maybe damage or so on…and ask me to checkdisk/f…i cant run this too ad no c: apears on the dos promt…help me…im confused

    suren

  11. trobe

    Not working for me, XP pro don’t want the new password too, i think it’sn’t changed, i use the “-o force” switch too, maybe it’s because i use sp2 ?
    I try to unlock the account too, it works, but the password seem to don’t be changed when i reboot
    So i try blank password and then it’s work ! Maybe it’s because i use fr keyboard ?

    Thanks

  12. Jimbo

    Thanks for this walk through. I tried this and everything worked except the user is not listed. Two users have admin privileges, one is the “Administrator” the other is some random person’s name which is not the name of the only user listed. I successfully changed the password of this random account in case it would work, but still couldn’t log in. Any help would be greatly appreciated.

    I don’t know why people keep posting these other “easier,” “free” solutions; they all cost $20-30 and system rescue is free.

  13. Brett

    Hey i have a custom built desktop computer with Vista and burned the recovery file to a cd with NERO and placed the boot cd into the drive and changed the bios settings to boot the cd first yet nothing happens after booting and booting over again. All i have quickly is the brand INTEL screen that says press for BIOS and thats it. No “press any key to boot cd” or anything.

    Do I have to do anything to the ISO image file?

    Does it matter if I use a CD or DVD rewritable disc?

  14. Anil

    I have the same problem – does not boot off CD though CD is the 1st boot option.

  15. Lisa

    I only get to the part “root@sysresccd /root %” and I type in “ntfs-3g /dev/sda1 /mnt/win” and it doesn’t work. am i typing in the wrong thing or should i type in something else?

  16. Richard

    Humm. Interesting to see how secure windows logins are really…

  17. Geoffrey collins Mwambu

    Thanks a lot,
    This is one of the greatest online success.
    A colleague had his laptop password lost, i did not want to disappoint him, n there4 took up the task…
    it was challenging at first especially with the path n right way to wright but i overcame…
    thank big

  18. mwambu G collins

    hi, did everything but when i restarted my pc, it asks for the same old password yet i can not access the control panel…
    it simply does not open the user manager option…
    my DOS too works not..
    any other option?

  19. StoneCut

    Please note that if you use Windows’ encryption methods then you won’t be able to access encrypted data anymore after changing your password this way.

  20. premsoni4u

    Hi All,

    Today someone hacked my Windows 2003 server and changed its Administrator password….
    Now I am able to login with one user account but that account have limited rights…

    I want to knw does this CD reset windows 2003 server password as well?

    Pls help me on this……

    Thanks,
    PS

  21. Fiona

     I have met the same problem a few days ago!

    The login screen rejected my passwords. I was frustrated because there was very important data on my disk and I couldn’t reinstall the OS. ………….
    However, I fortunately got to know the Windows Password Unlocker, which is a professional windows 7 password recovery tool for us to reset windows password instantly yet no data loss.

  22. davi

    Forgot windows password?Lost admin password? Have been locked out of computer?
    Lost computer login passwords, which is a common problem for the computer users. So there are many solutions. One of the popular solutions is as following,

    1.log on a computer that is linked to internet.
    2. Free download windows password Recovery Tool 3.0
    3.Burn the downloaded .ISO file onto a blank CD
    4.Insert newly created CD into the locked computer and then reboot it
    5.select the account you wanna reset the password.

  23. Edson

    If you are not able to chage directory to “mnt/windows/Windows/System32/config” the problem might be in the first command.

    Try to change it from “ntfs-3g /dev/sda1 /mnt/windows –o force”

    to

    “ntfs-3g /dev/sda2 /mnt/windows –o force”

    replacing ‘sda1′ to ‘sda2′ or to the number of your system’s partition in the hard disk.

    That worked for me!

  24. Mike

    I had to user /dev/hda1 instead of /dev/sda1 on a Win2000 box.

  25. tannpopo

    The first thing which you check if you forget login password. When we install Windows, it automatically creates an account “Administrator” and sets its password to blank. So if you have forget Your user account password then try this:
    Start system and when you See Windows Welcome screen / Login screen, press ctrl+alt+del keys Twice and it’ll show Classic Login box. Now type “Administrator” (without quotes) in Username and leave Password field blank. Now press Enter and you should be able to log in Windows.
    Now you can reset your account password from “Control Panel -> User Accounts”.
    Same thing can be done using Safe Mode. In Safe Mode Windows will show this in-built Administrator account in Login screen.

    If above method didn’t work,then you have to find some recovery tool like windows password reset 7.0 to reset it.

  26. Ami

    I uauslly used the cheapest and easy to use tools, especialy free trial: like Windows Password Recovery tool 3.0 to reset Windows XP password.
    Or you can try hacker. O(∩_∩)O ~

  27. Jeff

    Your documented procedure worked PERFECTLY. Saved me a ton of time reinstalling. (Anyone with a Dell – my Dell has a recovery partition as partition 1, so I needed to use /dev/sda2). THANK YOU!!!

  28. JON

    Can anybody do another simple guide? im so confused. I kept on trying and i had luck once but then i lost it :(.

    Few thing i have seen is that its not 1 its ” l ” (small “L”)

  29. Mike

    great !
    with sda2

  30. Dave B

    If you think you knew the pw in the first place and then tried this tool and still no joy it may be a corrupt user account.

    I just experienced that on Server 2008 and using this tool was able to unlock and promote the guest account giving me a way in to fix it.

  31. Rick

    This worked great on Vista! I had to adjust slightly to mount /dev/sda2. I really dislike Vista and would prefer to run anything else.. Linux Ubuntu, WinXP, anything, but this was for my son, so I needed to keep his files intact while I fixed his PC. This tool works great for that.

    Thanks!

  32. Marlon

    Thanks!

  33. BuzekHost

    Working for other windows version suck as xp & 7?

  34. Vergule

    Thanks for this post. I had problems resetting an administrator account on an XP workstation that appeared to be missing a slew of patches. Instead, I cleared the password for the account with option 1 in the User Edit Menu of chntpw. Also, make sure you check the disable/lock status of the account (option 4 to enable a locked account). Then I was in like flint.

    When you clear the password (make it blank), you then login with just the username, and nothing in the password field.

    Also, this chntpw tool appears to be on several Linux live CDs (I happened to have BT4), so have fun playing with your favorite flave!

  35. rcmichelle

    you can try to google Password Genius

  36. abc

    I want to use this software on a Server with SATA Drives. I think the software will not have drivers to read its RAID controller.
    Can i add the drivers for the RAID controller to the software so that it can read the HDD ?
    Anyone can guide me on this please ?
    Thanks in advance
    ABC

  37. Mackorony

    Everyone who is having trouble with their config directory…
    Do the:

    cd /mnt/windows

    and then type in:

    cd ./WINDOWS/system32/config
    ^
    That simple period fixed it for me

  38. rcmichelle

    Can it work for the latest Windows 7? Thank you. :)

  39. Dave

    On XP pro SP3 changing the password of the admin account did not work… blanking it did!

    Extra tip: i was on a system without CD-drive so i booted from a usb stick created with pendrivelinux

  40. JD

    The linux boot disk blanks the password quite quickly. Although if the system wants to logon to a server, you need to select logon to this computer. Blank the password, write back to the sam, and you are golden..

  41. mark

    I would like to introduce Windows Password Recovery Tool 3.0 . it not only supports XP, 2000, and NT, I have personally tested it with Vista Home Premium and Ultimate. It works perfectly to reset any local user account to a blank password. I Wrote it to an old 128mb USB flash drive do this. Booting up and clearing a password takes a minute or two works like a charm.

  42. Barry

    Followed instructions exactly and it seemed to work. However now when I boot into Windows the user icon for the password I changed is no longer appearing. Great!

  43. Ben

    Have a hp elitebook 8440p w/xp pro. The laptop was a workstation chntpw cannot fine the user on the logon screen and using administrator does not work either. Any suggestions?

  44. Hamayun

    Is there any way to Crack or Bypass Windows Server 2008 Standered? Win XP, Vista, Window7, Windows 2003,these are easy to crak the Password. Let me know if someone knows How to do the same with Window Server 2008. I am in Trouble plz someone help me.

  45. Nas

    Hey good document, thanks! For whatever reason, the ntfs-3g command looked like ‘ntfs- 3g’ in my browser, it was throwing me for a loop. I’m good now though, thanks again!

  46. huuf

    What if you are on Vista and deleted the SAM file in the first place? The system makes a new one, but doesn”t boot anymore. Copied a SAM from different machine, doesn’t help either…

  47. Ryan

    Very good, detailed instructions. Thanks!

  48. Adi

    Just downloaded this and followed the instructions on a Windows 7 64 bit machine.
    Follow the instructions to the tee, when you mount the hard drive “most important step” make sure you’re mounting the right drive or the utility will not work
    Last but not least make sure to “Clear” the users password instead of doing the Edit.

    That was the only way I was able to get it to work.

  49. Rune K. Svendsen

    This is very strange. It’s not working for me at all in Windows XP. I’ve only tried blanking the password, not it them (since this is said to be risky).
    It changes the SAM file, I can see that when I list the files in the folder: the SAM file has changed on the disk. But when I boot into Windows it still asks for passwords – entering nothing and pressing enter doesn’t work – for both the accounts, even though I blanked both the accounts!
    Any ideas?
    When I open the SYSTEM file with chntpw it says that “Syskey” is enabled. I’ve tried disabling it, but it doesn’t work either.

  50. Anna

    Okay, I don’t know if I’ll get any help here, but it’s worth a try. I booted to the cd, then ran: “fdisk -l” to list the disks, “ntfs-3g /dev/sda3 /mnt/windows -o force” . I then ran “cd /mnt/windows/Windows/System32/config” and I was able , then I get: “openHive(SAM) failed: No such file or directory, trying read only //next line// openHive(SAM)in fallback RO-mode failed: No such file or directory” underneath that: “closing hive SAM //next line// Unable to open/read a hive, exiting”

    I am trying to fix my sister’s computer so she can at least pull out her files if it was a virus that locked her out. She had the password written down, I knew the password, and it says it is incorrect. I’m just trying to gain access to get her photos and school assignments off, then maybe take it to get fixed…

  51. ArtemZ

    I hate you and this damn tool, it damaged my register

  52. gabriel

    it almost worked as show en !!! two discrepancies:
    Worked: ntfs-3g /dev/sda2 /mnt/windows #versus the instruction ntfs-3g /dev/sda1 /mnt/windows –o force
    Worked:chntpw –l sam #versus the instruction chntpw –l SAM

  53. Michael

    I’ve used this method before and it worked just fine with Windows 7. Beats trying to crack the password with Ophcrack.

  54. Blind_Biker

    dont know if mentioned above but in any *nix environment drive you are mount could be hda1, hda2, hda3 etc for IDE type drives and sda1, sda2, sda3 etc for SATA drives the number is the physical discs connected to that computer.

    if previous mentioned please disregard.

  55. Michael

    RE:Blind_Biker-

    It would be hd for IDE and sd for SATA drives, yes. However, I believe that sda1 would be drive 1, partition 1, sda2 would be drive 1, partition 2, etc. sdb1 would be drive 2, partition 1. The letter refers to the physical disk number (a=1, b=2, c=3, etc), and the number refers to the partition number.

  56. rinzo

    Omg… I think I love you :D Thanks, I am amazed how easy it is to bypass Windows “security”. Only a few months ago I was convinced that by setting a password my files will be safe… lol Now I use TrueCrypt.

  57. Breakfast Pie

    Thanks very much – great tutorial. Managed to get back into an old computer that had been lying in my garage for years. You deserve a medal *****

  58. STEVEf

    at SAM policy limits, typing chntpw -u Rebecca ****** SAM, open hive failed, what am i doing wrong, I had to do lower case to get the sam to work.

  59. William

    I typed the new password as “newpassword”. I followed all the above instructions that you posted. Now I am not able to login in with my password : “newpassword”. It says “The username or password is incorrect”

  60. Gentlebright

    It works on every window 7

  61. ghoti

    Thanks for the instructions. This worked well after a little bit of tinkering. For my wife’s laptop WINDOWS32 and CONFIG had to be capitalized. Also because her username was made up of two words separated by a space I experienced something similar described by Stevef above. So I went with the interactive mode instead:

    chntpw -i SAM

    I followed the instructions on the screen and when prompted to enter the username there was no issues with the space. I opted to leave the password blank for now. Saved the changes to the SAM file and everything worked fine. Back to XP.

  62. AAJ

    hey i tried to change the password but i can only remove passwords it doesnt help to change passwords wanna know how to change password

  63. mar

    this works on windows 7 ultimate?

  64. KBear

    worked like a charm tonight on win 7 64bit Home Premium just had to change to /dev/sda2 as toshiba satellites have /dev/sda1 as the recovery partition.

    Thanks a million, gonna turn this into a bootable flash for future use!

  65. Charlie

    The auto execute of the password changer did not work for me, even with the going the last part of saving the temp SAM file and copying it back then rebooting.

    Instead I tried it again but I entered the commands manually, instead of changing the password this time,I chose “clear the password” so Window7 would not need the user’s password. On the reboot it worked.

    Ophcrack didn’t work for this password due to it being a complex one. So this System Rescue CD did it’s job for me.

  66. Charlie

    The auto execute of the password changer did not work for me, even with getting thru the last part of saving the temp SAM file and copying it back then rebooting.

    Instead I tried it again but I entered the commands manually, instead of changing the password this time,I chose “clear the password” so Window7 would not need the user’s password. On the reboot it worked.

    Ophcrack didn’t work for this password due to it being a complex one. So this System Rescue CD did it’s job for me.

  67. Bobby

    I tried it but it did some mess in the SAM :
    - changing the password didnt work : I couldn’t enter in the system with the password I gave. But blanking the password worked.
    - promoting a user works, but it is messy : there are some inconsitensies in the SAM and you just can’t fix them : promoted user is in the “Users” group but you don’t see it in the user properties, but in the “Users” group properties you’ll see it. promoted user is in the “Administrators” group, you see it in the user properties but not in the “Administrators” group propertie. And finally you can’t remove this user.

  68. Bht7

    Thanks a bunch!! blank the password work for me on a win7 machine. However, changing the password didn’t work for me. Exactly as what Charlie & ghoti mentioned in this thread. how can i get it to change the local administrator password?

  69. Lighteringit

    Thank You!!!! This procedure worked great!

  70. Bill

    How do you mount a fat32 partition in system restore? I can’t find anything helpful on their websight. the ntfs-g command doesn’t work on the old laptop I’m trying to fix.

  71. Hannah

    If you have issues with this working, there’s a few things you can try. First of all, Windows is not always installed on /sda1. You can try using the fdisk -l command to determine which is the biggest partition (typically the Windows partition, unless you’re using a partition for data.) Substitute /sda1 with the correct partition name (usually /sda2 or /sda3.) The other common issue I’ve noticed is that there can be differences in capitalization of Windows, System32 and SAM. Change directories one by one if you’re having issues with the cd command. So cd to /mnt/windows and then ls. Make sure the capitalization of windows, and then proceed mounting directory by directory, using the ls (list) command to check the capitalization. Hope this helps. :)

Enter Your Email Here to Get Access for Free:

Go check your email!