How to reset the password for the local Administrator account (or enable it) using Linux

If you have a personal computer maybe this is nothing you encounter very often.

If you have a computer in a network, in a domain maybe, you will definitely need at some point the local Administrator password. This occurs with various issues like the computer going out of the domain or user accounts problems.

There are 2 common situations:

  1. You know the Administrator password but the account is disabled.
  2. You don’t know/forgot the Administrator password.

The method below will help on both problems.

The Linux command used is chntpw.

Note: HirenBootCD uses the same application.

chntpw is not installed by default on Linux distros so you have to install it from your Package Manager.

I have it on a bootable USB flash with Puppy Linux. Here is my presentation of Puppy Linux.

DISCLAIMER!!! Resetting the Administrator password with this method is considered brute force cracking and not permitted in networks. It might be illegal in your area. The method below is only for educational purposes and you should never do that. System Administrators will detect that. If you can’t access a computer, always ask help from the System Administrator.

How to use it (i assume we use Windows XP but the method is use for other version of Windows):

  1. Boot the machine with the Puppy Linux USB flash.
  2. Make sure the Windows partition where the Windows folder is mounted.
  3. Open a Terminal and navigate to the location of your SAM file (in Windows XP is here: C:\WINDOWS\system32\config). For other versions of Windows find the SAM file location first.
  4. Type this at the prompt, without quotes: “sudo chntpw -u Administrator SAM“.
  5. Here you will be given some options. The 1st one is to reset the Administrator with a blank password and the 4th is to enable the Administrator account.
  6. Depending of your situation, enter a number and press [Enter].
  7. When the app asks you to write the SAM file, choose [y] and press [Enter].
  8. Reboot and login. If you enabled the Account, login with the password you knew. If you reset the account, use a blank password.
  9. Always remember your local Administrator password and disable the account after you did your job.

Happy day!

Advertisements