For Corporate administrator, we sometimes always overlook local administrator as we may use domain admin account to access the system. So, when local windows administrator is forgotten, SystemRescueCD can be used to reset password.
This tutorial is written to use SystemRescueCD to reset local windows administrator.
S1-1. Download SystemRescueCD ISO
Password Recovery Steps:
S2-1. Boot the system using SystemRescueCD
S2-2. Once SystemRescueCD boot menu appear, press Enter key to select default menu
S2-3. SystemRescueCD will ask for keyboard layout, press Enter to accept default keyboard
S2-4. Once the boot is completed, the system will logon with root privilege
S2-5. Execute fdisk -l to list all harddisk
/dev/sda1 (HDD 1: 375 MB) : Windows Bootloader (MSR partition)
/dev/sdb1 (HDD 2:10.7 GB) : Windows System Drive
S2-6. Before mounting Windows System Drive, we need to check the mount folder /mnt/windows
exist by executing the following command:
If the folder does not exist, execute the following command to create mount folder:
S2-7. Mount Windows System Drive using ntfs-3g
#ntfs-3g /dev/sdb1 /mnt/windows
If you encounter error after executing the above command as shown below:
This error is due to new features in Windows 8/2012 called “fast startup”
(refer to NTFS-3G Wiki for details)
The solution is to reboot the system and shutdown.
However, if windows always boot into recovery mode, try using
Windows 8/2012 DVD and shutdown the system.
S2-8. Change directory to SAM database
S2-9. List all Windows Users
#chntpw -l SAM
S2-10. Reset password
#chntpw -u <WINDOWS_ID> SAM
Note: <WINDOWS_ID> is case sensitive as shown in item 9
Option 1 to reset to blank password and Enter “y” to write hive files
Option 2 to change user password with new password and Enter “y” to write hive files
If the password is BLANK, Option 2 cannot be used to change password.
S2-11. To exit SystemRescueCD, Execute with the following command:
- To restart system
- To turn off system