Brief chntpw Tutorial: Resetting Windows Passwords and Editing the Registry in Linux

January 28, 2010

This tutorial describes the basics of using chntpw, which is included on the SystemRescue CD.

SystemRescueCd is a Linux Live CD that is based off of Knoppix Linux. It includes a number of extremely useful utilities for recovering data and fixing a broken machine that is running Windows or Linux. In addition to a number of useful command line tools, the SystemRescue CD also includes an X environment, where you can use graphical tools such as Firefox and gparted.

For those not familiar with it, chntpw is a Linux tool that can be used to edit the windows registry, reset a users password, and promote a user to administrator, as well as several other useful options. Using chntpw is a great way to reset a Windows Password or otherwise gain access to a Windows machine when you don’t know what the password it.

Using chntpw is pretty straightforward, especially if you use interactive mode.

Mounting the Windows Hard-Drive

First, boot the SystemRescue CD, or other Linux Live CD.

Click on any of the images in this chntpw guide to see them full size.

1. Mount the windows partition. If you don’t know what device it is on, you can use the cfdisk command and it will tell you the device. The device should look something like “/dev/sda1.”

Mount the partition using the ntfs-3g or mount command:

ntfs-3g /dev/sda1 /mnt/windows
mount -t ntfs-3g /dev/sda1 /mnt/windows

Locate the Windows SAM File

2. Now, to make it a little easier, go ahead and switch to the location of the Windows Sam file and other hive files.

cd /mnt/WINDOWS/system32/config

*Note that in Windows Vista or Windows 7, the physical registry location is in "System32," with a capital "S"

To blank out or change the Windows password:

3. Type chntpw -h to familiarize yourself with the different options and usage of chntpw. If you like, you can actually use chntpw by giving it the appropriate option, but I like to use interactive mode, which makes it a little easier.

In addition to any options, you also have to give chntpw the location of the windows sam file, which stores the passwords, or the registry hives that you want to edit, which should all be in the config folder(Instead of WINDOWS, NT uses WINNT.)

4. Use the -i option to start chntpw in interactive mode and make sure to specify the name of the Windows sam file, as well as any other registry hive files you want to edit.

chntpw -i sam

Press “1” to edit the user password and then type the name of the user that you wish to edit and press enter.

You will now be given the option to blank out the password by pressing “1”, as well as several other ways to change the user, such as upgrading their account to an administrator.

Press “!” to exit the Edit User Screen and then press “q” to exit chntpw and you will be prompted to save any changes.

Editing the Windows Registry

In interactive mode, you can also edit the registry by loading the correct hive files. These are in the system32 config folder described above in the “Locate the Windows SAM File”

Press “9” to edit the registry and then you can use commands like “cd” and “ls” to navigate the registry. For more options, press “?.”

Saving Changes and Rebooting

5. Once you are done making changes, you need to exit from the main chntpw menu and press “Y” to write the changes or “N” to ignore the changes.

Finally, unmount the drive and reboot:

umount /mnt/windows


3 Responses to “Brief chntpw Tutorial: Resetting Windows Passwords and Editing the Registry in Linux”

  1. Matt Says:

    This worked with Windows 8, but I had to try multiple times. I received an error stating that the kernel needed to be loaded first. I removed the CD at this error, reinserted, and then it worked. This was on a HP Pavilion 26.

  2. Kurt Schroeder Says:

    For a Windows KVM, I had to launch the GUi and find the disk using xparted. It was /dev/vda2. Also I used chntpw -i for interactive mode. Worked great!

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s