How to reset a Windows password with Linux

Lost your Windows login? The chntpw utility can save the day.
573 readers like this.
How to build cross-platform console apps with .NET Core
Image by:

Opensource.com. CC BY-SA 4.0

If you (or someone you know) ever forget your Windows password, you'll be glad to know about chntpw, a neat Linux utility that you can use to reset a Windows password. For this how-to, I created a Windows virtual machine and set the password to pass123 on my user account, Archit-PC. I also created a Live USB with Fedora 27 using the Fedora Media Writer application.

More Linux resources

Here are the steps, along with screenshots, to guide you through the quick and super easy process of resetting your Windows password with chntpw.

1. Attach the Live USB to your PC and restart from the login screen, as shown below:

Windows login screen
Image by:

opensource.com

2. Boot from the Live USB and click on Try Fedora:

Booting into Fedora
Image by:

opensource.com

Fedora install screen
Image by:

opensource.com

3. Log out from live-user and log into root. This step is not necessary, but I prefer to use the root user to bypass any permission issues:

Logging in as root
Image by:

opensource.com

4. Install the chntpw utility with the following command (you'll need a live internet connection for this):

sudo dnf install -y chntpw

Installing chntpw
Image by:

opensource.com

5. Check which partition should be mounted by sfdisk -l ...:

Checking which partition to load with sfdisk
Image by:

opensource.com

and mount that partition (e.g., /dev/sda2) with the following command:

sudo mount /dev/sda2 /mnt/Microsoft/

outpust screenshot: sudo mount /dev/sda2 /mnt/Microsoft/

Change the current directory to the config directory:

cd /mnt/Microsoft/Windows/System32/config/

Changing to config
Image by:

opensource.com

Also, check the user records in the Security Account Manager (SAM) database:

Checking SAM database
Image by:

opensource.com

6. Edit the SAM database with the command:

sudo chntpw -i SAM

Then type 1 (for Edit user data and passwords):

Select 1 for Edit user data and passwords
Image by:

opensource.com

And type your user account name (i.e., Archit-PC in this example) for the username:

Enter your username
Image by:

opensource.com

7. Type 1 to clear the user password or 2 to set a new password for the Archit-PC user, then quit and save the changes:

Edit user menu
Image by:

opensource.com

Confirmation that password was cleared
Image by:

opensource.com

8. Reboot to Windows. If you selected 1 above, you'll see there's no password required to log in. Just click Sign in and you will be logged in:

Windows login screen
Image by:

opensource.com

Logged into Windows
Image by:

opensource.com

That's all there is to it! I hope this will be helpful if you ever need to reset a Windows password.

Tags
Linux
Windows

30 Comments

Avatar
Palak | March 16, 2018
No readers like this yet.

It really worked

Avatar
dogsleg | March 16, 2018
No readers like this yet.

Spotted a small glitch. Looks like the screenshot that supposed to illustrate the execution of a mounting command, sudo mount /dev/sda2 /mnt/Microsoft/, is wrong. For me it shows the result of the execution of a chntpw command, sudo chntpw -i SAM.

Avatar
Jeff Sadowski | March 16, 2018
No readers like this yet.

While I love Fedora clonezillia has chntpw already there.
I have clonezilla on my pxe boot arsenal.

Avatar
Archit Modi | March 16, 2018
No readers like this yet.

Great, I got to give it a try!

Avatar
Don Watkins | March 16, 2018
No readers like this yet.

This is great! Thanks for sharing. I have used Linux to rescue a number of crashed/trashed Windows computers. This is the most complete description I have ever seen of how to use chntpw.

Avatar
IHackPy | March 17, 2018
No readers like this yet.

Superb beginning of the day :) thanks for this post :+1

Avatar
John Smith | March 17, 2018
No readers like this yet.

"3. Log out from live-user and log into root. This step is not necessary, but I prefer to use the root user to bypass any permission issues:

passwordreset_root.png
Logging in as root

4. Install the chntpw utility with the following command (you'll need a live internet connection for this):
sudo dnf install -y chntpw"

You are saying log in as root. You don't need sudo if you are already root.

Avatar
Archit Modi | March 19, 2018
No readers like this yet.

Thanks John, that’s correct. I used this command so that a person using live-user can also execute it without any modifications, hope this makes sense. :)

Avatar
zelial | March 19, 2018
No readers like this yet.

Thanks for the tip, might come handy! BTW you don't need to use sudo if you're already working as root.

Avatar
Athul Joy | March 22, 2018
No readers like this yet.

Nice Work

Avatar
David Colmenares | March 23, 2018
No readers like this yet.

Wow! Didn't know about this. Nice article!

Bookmarked...

Avatar
Oyeyemi1 | March 27, 2018
No readers like this yet.

Thanks for the great tutorial. More grease to your elbows.

Avatar
verdy_p | March 27, 2018
No readers like this yet.

This only works if your Windows drive is not encrypted. If you have encrypted it using the storage option of Windows, you won't even be able to mount the volume correctly and edit its content from an external tool to clear the password stored in the SAM registry file, you first need the password.
It may also not work if the encryption password comes from the TPE module which won't allow you to boot from the external drive which was not first allowed to run as it was not signed.
But anyway it's good to signal users that their Windwos password is not a real protection for their data, and that it can be easily cleared in most cases: suppose your PC is stolen (or seized by the police/justice...), they know what they can do easily to enter your drive and get access to all the contents.
Also clearing a password this way may invalidate all access tokens that allow you to use some remote sites or storage that will need a new authorization, because the SAM database will no longer have the necessary access tokens.Your PC will then be "disconnected" from a secure corporate domain and you'll need to contact the domain admin to reauthorize your PC (and fbefore they accept to reconnect you they'll want to inspect your PC, and may force you to resintall it completely).
So don't do that to bypass the protections that have been set in a corporate domain against such personal use of a PC you don't really own and have no right to adminsiter yourself.

Avatar
Archit Modi | March 27, 2018
No readers like this yet.

Wow, thanks for the very useful info!! Totally agree about the disk encryption and thanks for sharing about TPE, didnt know it! :))

Avatar
Hai Vu | May 14, 2018
No readers like this yet.

I thought we can just rename cmd to sethc and press ctrl alt del when reboot windows...

Avatar
Archit Modi | May 14, 2018
No readers like this yet.

I havent tried this yet, but the article specifies how to reset it with Linux, so keeping the scope limited to Linux :)

Avatar
Ruslanas Gzibovskis | June 13, 2018
No readers like this yet.

Why using sudo, when you are with root?

nice review, and very crystal clear steps! Great JOB!

Avatar
Archit Modi | June 13, 2018
No readers like this yet.

I guess i was looking to provide universal steps irrespective of user, so sudo would be useful for non-root users. Thanks :))

Related Content

Creative Commons LicenseThis work is licensed under a Creative Commons Attribution-Share Alike 4.0 International License.