This article reviews Trinity Rescue Kit (TRK) a free tool set that allows you to remove a forgotten administrator password and has many other recovery features for Windows.

Michael Pietroforte

Michael Pietroforte is the founder and editor in chief of 4sysops. He has more than 35 years of experience in IT management and system administration.

Update: TRK 3.4 doesn't allow you to change the password on Windows 8 and Windows Server 2012. Follow this guide, to reset a password on Windows 8 or Windows 8.1.

Last year, I wrote a short article that explains what you can do if you forgot your password. Some of those who commented on the article recommended the Trinity Rescue Kit (TRK), a free Linux-based recovery solution. However, TRK can do much more than just reset passwords. Like MSDaRT, which I reviewed some days ago, it can be helpful to recover a Windows installation in offline mode.

trinity-boot TRK comes as an ISO file which you have to burn to a CD. It is also possible to boot from a USB stick. After booting, you have several options for how to start TRK. Most of them are related to possible driver problems you might experience once you start TRK. You can also test the system memory here before TRK starts.

In most cases, the default settings are the best choice. I tried TRK under VMware Workstation 6, and encountered only one minor driver issue. TRK didn’t support my German keyboard. This is not a big deal if you are familiar with the English keyboard mapping. However, I think, this indicates that driver problems might be one of TRK’s weaknesses.

Once TRK has been loaded, you will find yourself on a Linux prompt. Hence, you have no other choice than to consult the documentation. You can do that by entering “trkhelp”. Most of the commands are quite easy to handle; you don’t have to be a Linux expert. However, basic Linux knowledge is sometimes required.

These are the main tools of TRK:

Mountallfs ^

trinity-mountallfs This tool scans all local storage devices and mounts their filesystems. Once you have access to your Windows installation’s filesystem, you can work with Linux commands like cp or rm to make changes. You can also use the text editor vi, but Windows users will probably prefer pico.

Fileserver ^

The tool behind Fileserver is Samba, the famous Linux implementation of Microsoft’s SMB/CIFS networking protocol. Fileserver allows you to access the filesystem remotely from a Windows box. This way you can change the files of your patient remotely with your familiar Windows tools.

Viruscan ^

Some viruses can only be removed when the operating system isn’t running, because they replicate faster than the antivirus software can kill them. TRK comes with four different scan engines: Clamav, F-prot, Grisoft AVG, and BitDefender Scanner. This is certainly a nice feature because it increases your chances of coping with new malware. All scanners can be updated online, directly from the TRK command prompt.

Winpass ^

This tool allows you to reset any user’s password without knowing the administrator password. Note that if you didn’t export private keys, you won’t be able to access EFS encrypted files anymore. This is always the case with tools that reset the password while Windows is offline. You should also be careful when you disable syskey, because all local passwords will become invalid. Read the manual carefully!

Regedit ^

trinity-registry-editor TRK comes with a command-line based registry editor. For example, the ls command lists all keys, and with the cd command, you can navigate to a subkey. This is certainly a very inconvenient way to edit the registry.

Clonexp ^

Clonexp can create an image of an NTFS partition and copy it to another computer. This can be useful if you want to create a backup of your disk before you start messing with it.

Ntfsundeleteall ^

The name of this tool speaks for itself. Undelete only works if the files haven’t been overwritten yet by Windows. If you have ever accidentally deleted important files which you can’t recover via the Windows Recycle Bin, I recommend pulling the power plug of your computer immediately, and then trying to undelete them with a tool like TRK while Windows is offline.

TRK is certainly a useful tool if you are not afraid of Linux. However, it is not really a match for MSDaRT. Microsoft’s solution is not only easier to use, it also offers more tools to recover a Windows installation. But the Trinity Rescue Kit has one essential feature that MSDaRT lacks. It is free!

Trinity Rescue Kit ^

Are you an IT pro? Apply for membership!

Your question was not answered? Ask in the forum!

3+
Share
40 Comments
  1. LK 8 years ago

    Does it reset password for a Windows 2008 server (64 bit).

    1+

  2. Hankey 8 years ago

    Windows 7 - Home Premium - 64bit
    Password reset required

    Petter Nordhal-Hagen’s free ntpasswd - don´t work
    TRK - worked at the first try

    THX !

    1+

  3. Josy 7 years ago

    Had to use trk twice - first time picked drive no joy - second picked user - worked second time. TY

    1+

  4. wolverrf 7 years ago

    Worked first time to enable a disabled local administrator account. Everything I did was menu based and very easy. Excellent distro.

    Window 7 Pro

    2+

  5. Greg 7 years ago

    Worked on win 7 admin accounts. I had to explicitly select the usernames that I wanted to set blank. The default method did not work for me.

    1+

  6. Dave 7 years ago

    Purchased a password locked display computer from a local retailer. Ran this and was into the machine in less than 5 minutes.

    1+

  7. Awesome Possum 7 years ago

    Worked like a treat, simple and SO POWERFUL

    1+

  8. Happy Dad 7 years ago

    Even though you wrote this quite some time ago, I just wanted to say thanks. Your article, leading me to Trinity, saved my daughter's PC. I had tried one other password reset program, but Trinity worked while the other one did not. Thanks again. She will be excited to be on her computer again.

    1+

  9. John 5 years ago

    I was trying to resset the password for Windows 2008 Server Administrator with the trinity rescue disk and when I chose password resset it tells me No valid windowsistallation found.

    1+

  10. Michael Pietroforte 5 years ago

    John, maybe the system partition is encrypted with BitLocker? You can also try this procedure. But if the system drive is encrypted you have no chance.

    1+

  11. John 5 years ago

    no it says this because its rate 5 when I it doesn't see the C Drive let me know what can I do pleaseI have done a lot of things but none of them are workingthey tell me it cannot find the C Drive

    1+

  12. Michael Pietroforte 5 years ago

    If the drive is encrypted, Trinity won't see the drive. You can also check if Windows is installed on another drive. Drive D: is quite common. I would boot from a Windows DVD, launch a command prompt, and check if you can access the system drive there (C or D).

    1+

  13. John 5 years ago

    No the drives are not encrypted I install the server myself. The Drives are raid 5 when I start in a Windows DVD it doesn't show me a C: drive it shows me nothing. I have tried but I think because is raid 5
    Thanks Michael

    1+

  14. Johann 4 years ago

    Just tried the password reset functions on a Windows 10 system.  Everything looked like it worked, but nothing actually worked.  Didn't upgrade user to admin, didn't clear passwords, didn't change password.  Ran it in default mode, selected "windows password resetting", interactive winpass.

    1+

  15. Earchel 3 years ago

    I just downloaded and ran Trinity on a Windows 7 64bit PC. Although I had to follow a Utube vidio step by step to keep on track, It worked when Konboot and Ophcrack would not.

    1+

Leave a reply

Your email address will not be published. Required fields are marked *

*

© 4sysops 2006 - 2019

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account