Latest posts by Michael Pietroforte (see all)
- Results of the 4sysops member and author competition in 2018 - Tue, Jan 8 2019
- Why Microsoft is using Windows customers as guinea pigs - Reply to Tim Warner - Tue, Dec 18 2018
- PowerShell remoting with SSH public key authentication - Thu, May 3 2018
I used ntpasswd for the first time on a Windows 2000 computer about 13 years ago, when I tried to crack Microsoft’s new Encrypting File System (EFS) for a review for a German magazine. To my amazement, it took me only a few minutes to reset the administrator password and access the EFS files. Microsoft soon fixed the EFS vulnerability, but resetting the password still works on the latest Microsoft OS Windows 8.1 Update. You can’t really blame Microsoft for this, because anything is doable whenever you can boot from a second OS and access an unencrypted Windows installation.
You can’t set a new password with ntpasswd, but you can easily set a blank password on any account. Most admins will be able to use the tool without any instructions. The step-by-step guide below should work for Windows XP, Windows Vista, Windows 7, Windows 8, and Windows 8.1 with Update.
- After you download ntpasswd, you have to burn it on a DVD by right-clicking the ISO file. If you have an older Windows version that doesn’t support ISO burning, you can use the free ISO Recorder. If you don’t have an optical drive and you want to boot from a flash drive, you can use the free tool Rufus.
- Next, you have to ensure that the DVD or flash drive comes before the system drive in the boot order of your BIOS settings. Most PCs allow you to access the PC setup by pressing F2 right after you turn the PC on.
- After you boot ntpasswd, you should see the following screen. If you have more than one Windows installation on the computer, be sure to choose the correct one.
- On the next screen, you can just press Enter to start the password reset process.
- Press Enter to select “Edit user data and passwords.”
- Choose the user account where you want to reset the password. You can find the RID, which you have to enter now, to the left of the username.
- You can now quit editing the user.
- Next, quit editing the SAM database.
- On the next screen, confirm that you want to write back the changes by typing “y”.
- You are now done editing the SAM database. Just press Enter.
- The password reset process is now completed. Reboot your computer by pressing CTRL-ALT-DEL.
This wasn’t difficult, right? If you are worried that someone might use ntpasswd or a similar tool, such as Trinity Rescue Kit, to get admin access to one of the computers in your network, you should read my next post, where I will explain what you can do to prevent such password reset hacks.