Recover Windows XP password (with SystemRescueCD)

If you’ve forgotten your Windows XP password, there are a few things you can try to gain access to the system:

  1. Log in as another user and use system tools to change your user’s password.
  2. Boot in to safe mode (hold F8 on boot) and log in as ‘administrator’ no password, then use system tools to change your password.
  3. Use your password reset disk.
  4. Log in to another computer and use the network system tools to change your computer’s password.

I’m not going to document these things, because they either didn’t work for me or weren’t an option. For more info about them, just google it.

If you can’t log in via any account and you don’t have a password reset disk, then you’ll have to use a third party tool to recover your password.

SystemRescueCD does nicely.

  1. Install SystemRescueCD on a CD or USB key.
  2. Boot in to it.

  3. Mount the Windows disk:

    ntfs-3g /dev/sdb1 /mnt/windows

    Note that I mounted /dev/sdb1 instead of /dev/sda1, because sda was my recovery partition so only contained a blank copy of Windows and none of the user files we’re interested in.

    If mounting fails with ‘’, then you can remove the hibernate file and mount. Be warned: You will lose anything unsaved that you were working on when Windows hibernated.

    ntfs-3g -o remove_hiberfile /dev/sdb1 /mnt/windows
  4. At this point you could mount an external drive and back up your files.

  5. Change into the directory that contains your password file (a file called ‘SAM’):

    cd /mnt/windows/WINDOWS/system32/config

  6. Inspect your users. This should output a list of available user accounts.

    chntpw -l SAM

  7. Change your password. In the following example ‘my user’ is your username.

    chntpw -u "my user" SAM

    You’ll be presented with a set of options. At the time of writing it was 1 for blanking out a password and 2 for changing the password. I used option 1, which worked, because there was a warning about option 2 on Windows XP.

    Note that if you blank the password, you won’t later be able to change it via chntpw. Don’t ask me why.

  8. Unmount windows:

    cd
umount /mnt/windows

  9. Reboot your machine into Windows and log in.

    reboot

References

Last modified: 27/02/2016 Tags:

This website is a personal resource. Nothing here is guaranteed correct or complete, so use at your own risk and try not to delete the Internet. -Stephan

Site Info

mindspill.net © Stephan Dale.

Privacy policy

Go to top