How to reset a Windows password

Table of contents

1. What to do if forgot Windows password

2. How to boot from a flash drive

3. How to burn LIVE Kali Linux image

4. Password Reset Program for Windows

5. How to reset Windows 10 user password

6. How to activate admin user in Windows 10

Conclusion


What to do if forgot Windows password

In this article, you will learn how to reset a forgotten Windows password.

Forgotten Windows password brings a lot of trouble, first of all, you cannot log in Windows. In addition, if the files on the disks are encrypted with a Windows password, then it is impossible to access (extract or copy) them even if you boot from the LIVE system – in this case there is only one way out – to reset the Windows password.

In this tutorial you will learn:

  • how to reset Windows user password
  • how to unlock a locked (disabled) Windows user account
  • how to escalate user privileges, how to make any Windows user an administrator
  • how to add users to group
  • how to remove users from group
  • how to edit registry of switched off Windows

The algorithm of actions is as follows:

  • burn LIVE distribution Kali Linux on a USB flash drive
  • disable Secure boot and Fast boot in BIOS
  • boot from LIVE system
  • reset a forgotten Windows password. Alternative: Activate an Administrator Account
  • (if the Administrator was activated) boot as Administrator and change the user password

Each step is described as detailed as possible – you will definitely succeed. We need a USB flash drive with 3 or more Gigabytes, or an external (USB) drive.

The instruction may seem quite voluminous, but it is a 100% working way to log into Windows if you forget the password.

How to burn LIVE Kali Linux image

Go to the official Kali Linux page: https://www.kali.org/downloads/

Find Kali Linux 64-Bit (Live) there and download the torrent.

Now go to the Etcher program website https://www.balena.io/etcher/ and download it:

Plug in your USB flash drive, launch Etcher, select the downloaded Kali Linux LIVE ISO image, then just click the Flash! button and wait for the completion.

How to boot from a flash drive

Now we need the following:

1) disable Secure boot and Fast boot in EFI (BIOS)

2) select a USB flash drive with Kali Linux as the boot disk

Secure boot and Fast boot are only present in EFI – this is such a new BIOS. If you have an ancient computer, then these settings may be missing and you do not need to disable them.

Go into the BIOS – on different laptops and motherboards this can be done in different ways, as a rule, for this at the very beginning of the boot process you need to press the ESC button, or the Delete button, or one of the F* function keys many times. If all else fails, then google to find out how to enter BIOS for your laptop/motherboard model.

Disabling Secure boot and Fast boot is only necessary to boot from a USB flash drive, that is, after resetting the Windows password, these settings can be returned to their original state.

Then, when loading, or in the same place, in BIOS, select the USB flash drive or external drive as the boot disk:

If you see the Kali Linux boot menu, then you have succeeded:

Password Reset Program for Windows

The program we need is called chntpw, it allows ones to change the Windows password, as well as unlock users. This is an open source program, that is, there is no need to fear that it will infect a computer with viruses or something like that. In addition, this Windows password reset program is free.

Modern Linux distributions automatically mount (that is, connect to the system) all disks. But in some cases, the drive is mounted read-only, and the mount points for different drives are different. Therefore, we will do the following:

  • we will find a disk with Windows
  • unmount (disconnect) it from the system
  • run the command to fix possible file system problems
  • re-mount it

The advantage of this approach is that:

  • the drive will definitely be mounted with write permissions and there will be no other problems
  • since we ourselves will choose the mount point, the commands for changing the Windows password can simply be copied – you do not need to change anything in them and substitute your path to the disk.

First run the command:

sudo fdisk -l

All disks that are plugged to the computer will be displayed:

Information about disks and their partitions is divided into blocks. Each block begins with the word “Disk:”, in each block the Disk model and the size of the disk are indicated – based on these data, find the disk on which the Windows operating system is installed.

Also, if it is Windows 10, then the “Windows recovery environment”, “EFI System”, “Microsoft reserved”, “Microsoft basic data ” partitions are present.

The arrow on the screenshot points to my Windows drive. We needed to find out the name of the drive and the name of the section “Microsoft basic data”, in my case it is /dev/sdb4. This is the largest partition. Older versions of Windows may have fewer partitions.

Now you need to run a command of the form in which PARTITION replace with your value:

sudo umount /dev/PARTITION

My partition is /dev/sdb4 then the command is as follows:

sudo umount /dev/sdb4

Now you need to run a command of the form:

sudo ntfsfix /dev/PARTITION

My partition is /dev/sdb4 then the command is as follows:

sudo ntfsfix /dev/sdb4

There is no need to change anything in this command:

sudo mkdir /mnt/windows

In the following command, again use your PARTITION value:

sudo mount /dev/PARTITION /mnt/windows

My command is:

sudo mount /dev/sdb4 /mnt/windows

Now the most important phase in this tutorial is to make a backup copy of the SAM file in case something goes wrong.

sudo cp /mnt/windows/Windows/System32/config/SAM /mnt/windows/Windows/System32/config/SAM.bak
sudo cp /mnt/windows/Windows/System32/config/SAM /mnt/windows/SAM.bak

Two backup copies of this file will be located in C:/Windows/System32/config/SAM.bak and C:/SAM.bak.

Then run this command:

/usr/sbin/chntpw /mnt/windows/Windows/System32/config/SAM -l

The command is long, so use auto-completion, press the TAB key.

This command displayed a list of users:

We will slightly correct the skewed table:

| RID -|---------- Username ------------| Admin? |- Lock? --|
| 01f7 | DefaultAccount                 |        | dis/lock |
| 03e9 | MiAl                           | ADMIN  |          |
| 03ea | ShareOverlord                  | ADMIN  |          |
| 03eb | Test_User                      |        |          |
| 01f8 | WDAGUtilityAccount             |        | dis/lock |
| 01f4 | Администратор                  | ADMIN  | dis/lock |
| 01f5 | Гость                          |        | dis/lock |

I want to recover the password of a Windows user named ShareOverlord. Also note that in the system there is an Administrator user, but he is disabled/locked (dis/lock).

The main thing we need to know about the Administrator user:

  • he can reset the password of any user
  • no password is set for it by default!
  • we can activate this user!!!

So, we have two options: 1) reset the password for any user. Unfortunately, this option does not always work at present – sometimes it turns out to reset the password, and sometimes not. If you do as written here using ntfsfix to prepare the disk, you usually get to reset the password on Windows 10. From Windows to version 8.1 there should not be any problems at all. 2) Activate the Administrator and delete the password of any user through Administrator account.

How to reset Windows 10 user password

To reset the user password, run a command of the form:

sudo /usr/sbin/chntpw /mnt/windows/Windows/System32/config/SAM -u USER_NAME

For example, I want to reset the password for the user ShareOverlord:

sudo /usr/sbin/chntpw /mnt/windows/Windows/System32/config/SAM -u ShareOverlord

We received the following information about this user:

The following menu is available for selection:

- - - - User Edit Menu:

1 - Clear (blank) user password

(2 - Unlock and enable user account) [seems unlocked already]

3 - Promote user (make user an administrator)

4 - Add user to a group

5 - Remove user from a group

q - Quit editing user, back to user select

Choose 1.

If everything went fine, then the inscription “Password cleared!” Should appear.

Now to save the changes, type

q

and then press to confirm:

y

Everything is ready – you can reboot into Windows and try to log in without a password.

If this method fails (Windows user password is still required), then activate the Administrator user account. This can be done immediately, before rebooting. If you do not need this account, you can turn it off again.

How to activate admin user in Windows 10

To unlock the Administrator, run the following command:

sudo /usr/sbin/chntpw /mnt/windows/Windows/System32/config/SAM -u  Administrator

Please note that the username may not necessarily be “Administrator”, in different OS languages, the username is different.

Now we select menu item 2:

If everything went well, the message “Unlocked!” will appear.

In addition the second menu item is changed to:

(2 - Unlock and enable user account) [seems unlocked already]

To exit, do not forget to confirm the saving of the changes made:

q
y

Let’s check user information again:

Now the Administrator user is unlocked:

| RID -|---------- Username ------------| Admin? |- Lock? --|
| 01f7 | DefaultAccount                 |        | dis/lock |
| 03e9 | MiAl                           | ADMIN  |          |
| 03ea | ShareOverlord                  | ADMIN  | *BLANK*  |
| 03eb | Test_User                      |        |          |
| 01f8 | WDAGUtilityAccount             |        | dis/lock |
| 01f4 | Администратор                  | ADMIN  |          |
| 01f5 | Гость                          |        | dis/lock |

I managed to remove the user password:

Even if something went wrong, now the Administrator is in the list of users, we use this account to log in:

Since this account is logged in for the first time, we are waiting a bit:

This is normal for the first launch of any user:

After you have logged in as Administrator, use the next command to list all user accounts:

net user

Enter the following command to change the user account password. Replace “MiAl” with the name of Windows account, and “123” with the new password:

net user MiAl 123

Conclusion

The working methods of password reset for Windows 10 are considered. All programs are free.

In the next part, we will analyze the advanced abilities of chntpw and get acquainted with the SAM (Security Account Manager) file, which stores the registry branch of Windows with information about User accounts, Passwords, Groups, and so on.

Recommended for you:

Leave a Reply

Your email address will not be published. Required fields are marked *