How to Reset Passwords With Offline NT Password
Overview
Offline NT Password is a handy utility that is run from a boot disk. It's most common use is to reset a password you've forgotten but this ability will also allow you to logon to any machine you can get physical access to. You can download the ISO at
http://pogostick.net/~pnh/ntpasswd/.
Once you have burned this iso to a CD you can then boot to it. This article presumes you already know how to burn an ISO and boot to a CD and will focus on using the utility.
1) The first task is to tell NT Password where Windows is located on the hard drive. This is pretty critical. Most people can click through and accept the defaults but what if your machine doesn't match the defaults. Look at the pic below.
The default is 1 but I selected option 2. Here's why. I know that the BOOT partition is just too small (199 MB) to have my Windows folder on it. Also, option 3 is also too small (13GB) so its probably a recovery partition. That leaves option 2 as the one to choose in this case. At 292GB its clearly where Windows is located.
2) The program checks that it is an NTFS partition and then ask what the path is to the registry files. You can press enter here as it is unlikely that the path to the registry is anything but the default.
3) Next we tell the program that we are going to reset a password so we want the SAM file. Select 1 and press enter.
4) After the SAM hive is loaded we need to tell the program what we want to do with it. We want to edit user data so we select 1 and press enter.
5) Now we need to select the user account we want to change. For this article I typed in our "test" username and clicked enter.
6) Next we are asked what to do with the account. We want to blank out the password so I selected 1 and pressed enter. NOTE*** There are other options here that should NOT be used. Most notably is the "Promote user" option which purports to elevate a standard user account to an admin one. I can't warn you enough not to do this. It does not work and will cause you to end up with a zombie account that you will never be able to fully delete. You will eventually be able to get into the account but only as a standard user so this option is useless.
7) You will receive confirmation that the password has been cleared. From here you enter an ! and then a q. Then you will asked if you want to write the changes back to the registry. Type a y and press enter.
8) The program will write the changes to the registry and confirm that the editing is done. Next it will ask if you want to run again. Enter "n". We're almost done.
Success
At this point you can remove the disk. Then press ctrl+alt+delete to reboot the machine. If all has gone well then you should be able to get back into your pc and give it a new password.
All for now,
- Romes IT Guy