Anyone who has forgotten the admin password for a Windows system will tell you that its a pain to get back into. Unless you have a bit of know-how, some might say impossible.

One way of doing it for example would be to use the free program NTFS4DOS, which allows you to access the files and folders of NTFS partitions from a DOS boot disk (without loading up Windows itself). This means you can access the SAM file without logging in, copy it to another working system and use a brute-force attempt to crack the local admin password. This can take a long time however, typically at least an hour or two, and depending on the strength of the password may take considerably longer.

Perhaps a much better way to do this would be to edit to the password directly in the SAM file and change it to one you know. That way you avoid the brute-force attack. Let me share with you a very clever program that somebody has written called the Offline NT Password & Registry Editor which can do just that.

Simply go to the website below, download the CD ISO image and burn to a blank CD. Boot up your Windows PC with this CD in the drive and you’ll get into a Linux OS with the required bits and pieces included to read in the SAM from your Windows partition, and through a number of questions that you’ll be hand-held through, you can reset the local admin password in a matter of a couple of minutes (less once you are familiar with the procedure).

This has saved me a lot of work plenty of times, and in fact I now carry the ISO around with me on the USB flash stick on my key ring.

One thing to note is that you must shut down the PC cleanly before you use this utility, otherwise it can’t write back to the SAM file succefully. If you get an error saying it failed to do this, simply reboot into windows and then click the shutdown option on the login screen before trying again.

Here’s the link… enjoy.

http://home.eunet.no/%7Epnordahl/ntpasswd/