How To Reset A Windows Password Using SystemRescueCD

Resetting Password on Windows Using SystemRescueCD

Guide Overview:

This guide walks you through resetting a Windows local account password using SystemRescueCD. You'll boot into a live Linux environment, mount the Windows disk, and clear the user password using chntpw. This method is useful when access to a Windows system is lost and you need to regain control without reinstalling.

Boot Into SystemRescueCD

Download the SystemRescueCD ISO.
Burn the ISO to a USB or mount it as a virtual CD-ROM via your hypervisor (e.g., VirtualBox, Proxmox).
Boot the system from the CD-ROM or USB.
When prompted, choose the default boot or press Enter.

Identify Your Windows Disk

Use the lsblk command to list all block devices and identify the Windows partition (usually NTFS):

lsblk

Sample Output:

NAME   MAJ:MIN RM   SIZE RO TYPE MOUNTPOINTS
sda      8:0    0    50G  0 disk
├─vda1   8:1    0   100M  0 part
├─vda2   8:2    0    49G  0 part
└─vda3   8:3    0   900M  0 part

Look for the NTFS partition (commonly sda2 or vda2) with the largest size.

Mount the Windows Partition

Create a mount point and mount the partition using ntfs-3g,

mkdir /mnt/windows
ntfs-3g /dev/sda2 /mnt/windows -o force

Note: Replace /dev/sda2 with your actual Windows partition found using lsblk

Navigate to the SAM Database

Switch to the Windows configuration directory where the SAM file resides,

cd /mnt/windows/Windows/System32/config

Use chntpw to Reset the Password

Run the following to start the password editor:

chntpw -i SAM

Sample Output:

Chntpw version 1.00  (offline NT Password & Registry Editor)
SAM file: SAM

===== USER ACCOUNTS =====
RID - Username
----------------------------------------
01f4 - Administrator
01f5 - Guest
03e8 - JohnDoe

Select: ! - Quit, q - Quit, h - Help
>

Step-by-step Instructions:

When prompted, press 1 to Edit user data and passwords.
Enter the RID (e.g., 03e8) for the user account (e.g., JohnDoe).
You’ll see a menu like this:

User Edit Menu:
 1 - Clear (blank) user password
 2 - Edit (set new) user password
 3 - Promote user (make admin)
 4 - Unlock and enable user account
 q - Quit editing user

Press 1 to clear the password.
Press q to quit the menu.
Save changes when prompted:

Hives that have changed:
 # Name
 0 <sam>

Write hive files? (y/n) [n] : y

Type y and press Enter.

Reboot Into Windows

Unmount the disk,

umount /mnt/windows

Reboot the system,

reboot

Windows should now log you in without a password.
Go to Control Panel > User Accounts and set a new password.

Notes

This method only works for local user accounts, not Microsoft-linked online accounts.
Use with caution; editing registry hives can potentially corrupt your Windows installation if done improperly.
Always ensure a backup of critical data if possible.

In this guide,

CrownCloud

Get a SSD powered KVM VPS at $4.5/month!

1 GB RAM / 25 GB SSD / 1 CPU Core / 1 TB Bandwidth per month

Use Code:

WELCOME

for 10% off!

Get Started Now!

CrownCloud - Get a SSD powered KVM VPS at $4.5/month!

Use the code `WELCOME` for 10% off!

1 GB RAM / 25 GB SSD / 1 CPU Core / 1 TB Bandwidth per month

Available Locations: LAX | MIA | ATL | FRA | AMS

Get Started Now!

In this guide,

CrownCloud

Get a SSD powered KVM VPS at $4.5/month!

Use Code: WELCOME for 10% off!

CrownCloud - Get a SSD powered KVM VPS at $4.5/month!

Use the code WELCOME for 10% off!

Use Code:

WELCOME
for 10% off!

Use the code `WELCOME` for 10% off!