A user came the other day with a notebook running Windows7 Home edition. He asked me if we could recover the login password. The first thing (as I normally did) is to google for “recover windows 7 password”. Among the first page entries, was this website: http://pcsupport.about.com/od/toolsofthetrade/tp/passrecovery.htm – a list of “Top 6 Free Windows Password Recovery Tools”, then I remember I did used one of the tools last time to recover windows2000 login password, which is “Offline NT Password & Registry Editor, Bootdisk / CD” – http://www.pogostick.net/~pnh/ntpasswd/bootdisk.html

Disclaimer by the author of the tool – and also by me:
THIS SOFTWARE COMES WITH NO WARRANTY WHATSOEVER. THE AUTHOR IS NOT RESPONSIBLE FOR ANY DAMAGE CAUSED BY THE (MIS)USE OF THIS SOFTWARE!

I downloaded the latest version of the Bootdisk version (2010-06-27), and burn the “.iso” image into a CD – use your favorite CD/DVD burner software, choose the “burn image to disk” to burn the “.iso” image.

After the successful burn process, insert the CD into the notebook CDROM drive, then restart the notebook. since the notebook is DELL, I pressed the F12 button during startup to choose the boot source, then select the CDROM – to boot from the CDROM instead of harddisk.

I followed the walk through process as published on “http://www.pogostick.net/~pnh/ntpasswd/walkthrough.html

at the “boot:” prompt, I just pressed [enter] key, then the typical linux booting process scrolling on the screen. Then the screen displayed the Disks found and wait for the user input.

I realize for windows7, if you only have a standard one partition disk style, you will see 2 partition here, the first one with the “BOOT” label at the end of the line is actually the Windows7 boot loader – Don’t pick this one. I choose the second one, which is actually the windows7 installation disk. To know for sure that the first “BOOT” disk is the boot loader, the size of the partition is around 100MB only.

The sample of disk list might look like below:
1 : /dev/sda1 40958MB BOOT
2 : /dev/sda2 xxxxxxxx

Then at the “Please select partition by number or“, I choose “1” to “show probable Windows (NTFS) partitions only“, this will bring to this question:

What is the path to the registry directory? (relative to windows disk)
[WINDOWS/system32/config] :

I just press [enter] key to accept the default value, and this menu appeared:

Select which part of registry to load, use predefined choices
or list the files with space as delimiter
1 – Password reset [sam system security]
2 – RecoveryConsole parameters [software]
q – quit – return to previous
[1] :

I selected the “1“, since the main purpose is to clear/reset the login password – not to set a password. This will bring out the menu below:

======== chntpw Main Interactive Menu ========

Loaded hives:

1 – Edit user data and passwords
2 – Syskey status & change
3 – RecoveryConsole settings
– – –
9 – Registry editor, now with full write support!
q – Quit (you will be asked if there is something to save)

What to do? [1] ->

Again, I selected the “1” option, which will then list all the available user on the Windows:

===== chntpw Edit User Info & Passwords ====

| RID -|———- Username ————| Admin? |- Lock? –|
| 03e8 | admin | ADMIN | |
| 01f4 | Administrator | ADMIN | dis/lock |
| 03ec | User01 | ADMIN | |

Then I select the “User01” user, as this is the user’s login account. then from the User edit menu:

– – – – User Edit Menu:
1 – Clear (blank) user password
2 – Edit (set new) user password (careful with this on XP or Vista)
3 – Promote user (make user an administrator)
(4 – Unlock and enable user account) [seems unlocked already]
q – Quit editing user, back to user select
Select: [q] > 1
Password cleared!

I select the “1” option to clear the user password. Then select “!” to go back to the previous menu.

======== chntpw Main Interactive Menu ========

Loaded hives:

1 – Edit user data and passwords
2 – Syskey status & change
3 – RecoveryConsole settings
– – –
9 – Registry editor, now with full write support!
q – Quit (you will be asked if there is something to save)

What to do? [1] -> q

Hives that have changed:
# Name
0 – OK

I choose “q” to quit, then this question asking to save the changes apeeared:

About to write file(s) back! Do it? [n] : y

No choice, I have to say “y“, if not the password reset will not be saved into the actual disk on the notebook. This message will appear after the [enter] key pressed.

Writing sam

After that, I just eject the CDROM from the drive, and pressed the Ctrl-Alt-Del to restart the notebook.

Windows7 start up as usual (in this case), and straight away go to the Windows7 screen – skipping the login screen as this notebook only has one login user account.

Thanks to this GREAT Tool !

Tags: , , ,

One Response to “Recover Windows7 login password”

  1. digitalpunk says:

    Firefox 15.0 Windows XP

    The following Problem please help

    STEP TWO
    mine shows
    [winnt/system32/config] :
    when I press enter nothing happens
    what i know I need to change to [windows/system32/config]
    how do i change to that path

    pLs help need to erase the password to recover has important files!!

    Thanks

Leave a Reply

You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>