- Poll: How reliable are ChatGPT and Bing Chat? - Tue, May 23 2023
- Pip install Boto3 - Thu, Mar 24 2022
- Install Boto3 (AWS SDK for Python) in Visual Studio Code (VS Code) on Windows - Wed, Feb 23 2022
Update: TRK 3.4 doesn't allow you to change the password on Windows 8 and Windows Server 2012. Follow this guide, to reset a password on Windows 8 or Windows 8.1.
Last year, I wrote a short article that explains what you can do if you forgot your password. Some of those who commented on the article recommended the Trinity Rescue Kit (TRK), a free Linux-based recovery solution. However, TRK can do much more than just reset passwords. Like MSDaRT, which I reviewed some days ago, it can be helpful to recover a Windows installation in offline mode.
TRK comes as an ISO file which you have to burn to a CD. It is also possible to boot from a USB stick. After booting, you have several options for how to start TRK. Most of them are related to possible driver problems you might experience once you start TRK. You can also test the system memory here before TRK starts.
In most cases, the default settings are the best choice. I tried TRK under VMware Workstation 6, and encountered only one minor driver issue. TRK didn’t support my German keyboard. This is not a big deal if you are familiar with the English keyboard mapping. However, I think, this indicates that driver problems might be one of TRK’s weaknesses.
Once TRK has been loaded, you will find yourself on a Linux prompt. Hence, you have no other choice than to consult the documentation. You can do that by entering “trkhelp”. Most of the commands are quite easy to handle; you don’t have to be a Linux expert. However, basic Linux knowledge is sometimes required.
These are the main tools of TRK:
This tool scans all local storage devices and mounts their filesystems. Once you have access to your Windows installation’s filesystem, you can work with Linux commands like cp or rm to make changes. You can also use the text editor vi, but Windows users will probably prefer pico.
The tool behind Fileserver is Samba, the famous Linux implementation of Microsoft’s SMB/CIFS networking protocol. Fileserver allows you to access the filesystem remotely from a Windows box. This way you can change the files of your patient remotely with your familiar Windows tools.
Some viruses can only be removed when the operating system isn’t running, because they replicate faster than the antivirus software can kill them. TRK comes with four different scan engines: Clamav, F-prot, Grisoft AVG, and BitDefender Scanner. This is certainly a nice feature because it increases your chances of coping with new malware. All scanners can be updated online, directly from the TRK command prompt.
This tool allows you to reset any user’s password without knowing the administrator password. Note that if you didn’t export private keys, you won’t be able to access EFS encrypted files anymore. This is always the case with tools that reset the password while Windows is offline. You should also be careful when you disable syskey, because all local passwords will become invalid. Read the manual carefully!
TRK comes with a command-line based registry editor. For example, the ls command lists all keys, and with the cd command, you can navigate to a subkey. This is certainly a very inconvenient way to edit the registry.
Clonexp can create an image of an NTFS partition and copy it to another computer. This can be useful if you want to create a backup of your disk before you start messing with it.
The name of this tool speaks for itself. Undelete only works if the files haven’t been overwritten yet by Windows. If you have ever accidentally deleted important files which you can’t recover via the Windows Recycle Bin, I recommend pulling the power plug of your computer immediately, and then trying to undelete them with a tool like TRK while Windows is offline.
TRK is certainly a useful tool if you are not afraid of Linux. However, it is not really a match for MSDaRT. Microsoft’s solution is not only easier to use, it also offers more tools to recover a Windows installation. But the Trinity Rescue Kit has one essential feature that MSDaRT lacks. It is free!
Subscribe to 4sysops newsletter!
Trinity Rescue Kit
Want to write for 4sysops? We are looking for new authors.
Does it reset password for a Windows 2008 server (64 bit).
Windows 7 – Home Premium – 64bit
Password reset required
Petter Nordhal-Hagen’s free ntpasswd – don´t work
TRK – worked at the first try
Had to use trk twice – first time picked drive no joy – second picked user – worked second time. TY
Worked first time to enable a disabled local administrator account. Everything I did was menu based and very easy. Excellent distro.
Window 7 Pro
Worked on win 7 admin accounts. I had to explicitly select the usernames that I wanted to set blank. The default method did not work for me.
Purchased a password locked display computer from a local retailer. Ran this and was into the machine in less than 5 minutes.
Worked like a treat, simple and SO POWERFUL
Even though you wrote this quite some time ago, I just wanted to say thanks. Your article, leading me to Trinity, saved my daughter’s PC. I had tried one other password reset program, but Trinity worked while the other one did not. Thanks again. She will be excited to be on her computer again.
I was trying to resset the password for Windows 2008 Server Administrator with the trinity rescue disk and when I chose password resset it tells me No valid windowsistallation found.
John, maybe the system partition is encrypted with BitLocker? You can also try this procedure. But if the system drive is encrypted you have no chance.
no it says this because its rate 5 when I it doesn’t see the C Drive let me know what can I do pleaseI have done a lot of things but none of them are workingthey tell me it cannot find the C Drive
If the drive is encrypted, Trinity won’t see the drive. You can also check if Windows is installed on another drive. Drive D: is quite common. I would boot from a Windows DVD, launch a command prompt, and check if you can access the system drive there (C or D).
No the drives are not encrypted I install the server myself. The Drives are raid 5 when I start in a Windows DVD it doesn’t show me a C: drive it shows me nothing. I have tried but I think because is raid 5
Just tried the password reset functions on a Windows 10 system. Everything looked like it worked, but nothing actually worked. Didn’t upgrade user to admin, didn’t clear passwords, didn’t change password. Ran it in default mode, selected “windows password resetting”, interactive winpass.
I just downloaded and ran Trinity on a Windows 7 64bit PC. Although I had to follow a Utube vidio step by step to keep on track, It worked when Konboot and Ophcrack would not.