II. Understanding the process:
- You'll use the bootdisk created from the above steps to bootup your computer, which you want to reset your administrator password.
- You'll be asked for things like: which drive is the boot drive, which path to the SAM file, etc.. but don't worry, details will be provided.
- Once you have selected an account to reset the password, you'll need to type in a new password; however, it is highly recommended to use a BLANK password at this point, then you can change your password later in Windows.
- Follow the prompts to the end. You'll need to save the changes at the end!
III. OK! Enough talking. Here are the steps: - Startup your computer with the bootdisk created above. You should see a welcome screen following with a prompt:
boot:
- Just wait, the bootup process will continute automatically. Then you should see a screen similar to this:
=========================================================
. Step ONE: Select disk where the Windows installation is
=========================================================
....
NT partitions found:
1 : /dev/sda1 4001MB Boot
2 : /dev/sda5 2148MB
Please select partition by number or
a = show all partitions, d = automatically load new disk drivers
m = manually load new disk drivers
l = relist NTFS/FAT partitions, q = quit
Select: [1]
- Notice the last line "Select: [1]" which shows the [1] as default selection because the tool detected the bootup partition is [1]. This might be different on your own machine, so you should review the list shown under "NT partitions found:". The partition with the word "Boot" should be selected.
- Hit Enter once you confirm the selection. You should see a similar screen as follows:
=========================================================
. Step TWO: Select PATH and registry files
=========================================================
....
What is the path to the registry directory? (relative to windows disk)
[windows/system32/config] :
- Notice the last line "[windows/system32/config]" which shows the default path. This was also detected by the tool. If the path is correct, hit Enter, or if you wish to enter a different path, enter it now then hit Enter.
Here are the paths for different versions of Windows:
- Windows NT 3.51: winnt35/system32/config
- Windows NT 4 and Windows 2000: winnt/system32/config
- Windows XP/2003 (and often Windows 2000 upgraded from Windows 98 or earlier): windows/system32/config
- Once you hit "Enter", you should see the next screen similar to the following:
-r-------- 1 0 0 262144 Jan 12 18:01 SAM
-r-------- 1 0 0 262144 Jan 12 18:01 SECURITY
-r-------- 1 0 0 262144 Jan 12 18:01 default
-r-------- 1 0 0 8912896 Jan 12 18:01 software
-r-------- 1 0 0 2359296 Jan 12 18:01 system
dr-x------ 1 0 0 4096 Sep 8 11:37 systemprofile
-r-------- 1 0 0 262144 Sep 8 11:53 userdiff
Select which part of registry to load, use predefined choices
or list the files with space as delimiter
1 - Password reset [sam system security]
2 - RecoveryConsole parameters [software]
q - quit - return to previous
[1]
- Hit "Enter" with the default option selected "[1]". Then ...:
=========================================================
. Step THREE: Password or registry edit
=========================================================
Loaded hives:
1 - Edit user data and passwords
2 - Syskey status & change
3 - RecoveryConsole settings
- - -
9 - Registry editor, now with full write support!
q - Quit (you will be asked if there is something to save)
What to do? [1] -> 1
- Hit "Enter" with the default option selected "[1]". Then ...:
===== chntpw Edit User Info & Passwords ====
RID: 01f4, Username: <Administrator>
RID: 01f5, Username: <Guest>, *disabled or locked*
RID: 03e8, Username: <HelpAssistant>, *disabled or locked*
RID: 03eb, Username: <pnh>, *disabled or locked*
RID: 03ea, Username: <SUPPORT_388945a0>, *disabled or locked*
Select: ! - quit, . - list users, 0x<RID> - User with RID (hex)
or simply enter the username to change: [Administrator]
- Hit "Enter" with the default option selected "[Administrator]", or select another user account. Here you can enter the full user account surrounded by < and >, CASE-SENSITIVE, or enter the RID number (i.e. 0x1f4). Assuming you select the Administrator account, you should see the following screen:
RID : 0500 [01f4]
Username: Administrator
fullname:
comment : Built-in account for administering the computer/domain
homedir :
Account bits: 0x0210 =
[ ] Disabled | [ ] Homedir req. | [ ] Passwd not req. |
[ ] Temp. duplicate | [X] Normal account | [ ] NMS account |
[ ] Domain trust ac | [ ] Wks trust act. | [ ] Srv trust act |
[X] Pwd don't expir | [ ] Auto lockout | [ ] (unknown 0x08) |
[ ] (unknown 0x10) | [ ] (unknown 0x20) | [ ] (unknown 0x40) |
Failed login count: 0, while max tries is: 0
Total login count: 3
* = blank the password (This may work better than setting a new password!)
Enter nothing to leave it unchanged
Please enter new password: *
- At the prompt "Please enter new password", Enter the * for a blank password (HIGHLY RECOMMENDED!) then press Enter
Please enter new password: *
Blanking password!
Do you really wish to change it? (y/n) [n] y
- At the prompt, type in "y", then press Enter. Note that the default option is "n".
Do you really wish to change it? (y/n) [n] y
Changed!
Select: ! - quit, . - list users, 0x - User with RID (hex)
or simply enter the username to change: [Administrator] !
- Enter the "!" to go back to the main menu. Then select "q" at the following menu to quit:
<>========<> chntpw Main Interactive Menu <>========<>
Loaded hives:
1 - Edit user data and passwords
2 - Syskey status & change
3 - RecoveryConsole settings
- - -
9 - Registry editor, now with full write support!
q - Quit (you will be asked if there is something to save)
What to do? [1] -> q
- A prompt to save changes displays, enter "y" to save:
=========================================================
. Step FOUR: Writing back changes
=========================================================
About to write file(s) back! Do it? [n] : y
- The changes are saved! You should see the following screen, press Enter, and reboot your computer.
Writing sam
***** EDIT COMPLETE *****
You can try again if it somehow failed, or you selected wrong
New run? [n] : n
|
No comments:
Post a Comment