Clearing the Administrator password in Windows

Parted Magic can be used to clear (or change) a user’s password. The tool used to do this is chntpw. This also works in Windows Vista and 7 to my knowledge, although the SAM file may be located in a different place.

To begin, boot Parted Magic on the machine you wish to modify. After you have booted into Parted Magic, mount the partition that Windows is installed on. You can do this by clicking the Parted Magic Mount icon located in the panel. It looks like a hard disk. Mount on the appropriate partition. In my case, it is ”/media/sda1.”

Once the drive is mounted, open a terminal and type the following command. Be sure to replace sda1 with whatever is appropriate in your case.

Windows XP

root@PartedMagic:~# chntpw /media/sda1/WINDOWS/system32/config/SAM

Windows Vista, 7, 8

root@PartedMagic:~# chntpw /media/sda1/Windows/System32/config/SAM

You will then be presented with the menu. Type 1 and press enter to clear the password.

fullname:
comment : Built-in account for administering the computer/domain
homedir :

User is member of 1 groups:
00000220 = Administrators (which has 1 members)

Failed login count: 0, while max tries is: 0
Total login count: 16

– – – – User Edit Menu:
1 – Clear (blank) user password
2 – Edit (set new) user password (careful with this on XP or Vista)
3 – Promote user (make user an administrator)
(4 – Unlock and enable user account) [seems unlocked already]
q – Quit editing user, back to user select
Select: [q] > 1

You will then be asked to write the registry hive to disk. Type y and press enter.

Password cleared!

Hives that have changed:
# Name
0
Write hive files? (y/n) [n] : y

You can now close the terminal window and unmount the partition. The Administrator password is now cleared! Reboot and login as administrator without a password to make sure.