Recovering a Forgotten Administrator Password

Written by Barry Dysert (last updated October 2, 2017)

You may be relieved to know that there is no built-in utility that will help you recover a forgotten administrator password. After all, if there were then anyone with access to your system could effect a security breach. But what if it's your system, and you're the one who can't remember a forgotten password?

As you may have guessed, there are some third-party tools that are designed to help in such a situation. I have personally tried some, and the two I'm recommending in this tip worked flawlessly on my Windows 7 PC. If you don't want to use a third-party tool, then your only real choices are to keep guessing what your password is or take the draconian step of re-installing Windows. Personally, I'd choose the third-party route.

Both options require that you create a boot disk with the appropriate software on it. Therefore, you need to procure a couple of empty CDs that you'll write to. Then you can download the tools. The first is called 'ophcrack' and can be downloaded from this site:

http://ophcrack.sourceforge.net/download.php

Go to the website and scroll down until you see the download for "ophcrack Vista/7 LiveCD". This will download an .iso file which you need to burn to one of your CDs; label the CD "ophcrack." We'll go over using 'ophcrack' shortly, but let's go get the second tool first.

The second password tool is called 'chntpw' and can be downloaded from here:

http://pogostick.net/~pnh/ntpasswd/

Go to the website and scroll down until you see the "Download" section. Under there you'll find a link to 'cd140201.zip', which is the file you want to download. When you unpack the zip file you'll see that it contains a file called 'cd140201.iso'. Burn that file to your second CD and label it "chntpw."

Now that we're done with the preliminaries, load your ophcrack CD into the drive and (re)start your computer. Depending on your system configuration, you may need to press a special function key to tell your computer to boot from the CD instead of the hard drive. (This is what you want to do: boot from the CD that contains opbcrack.)

You'll see a lot of text scroll by as ophcrack loads, but shortly it will display a GUI screen that responds to the mouse. The first thing to do is to click the Tables button to install the password configuration tables. Select what tables to install from the path "/media/hda/tables", then click the Crack button. The rest is now automatic. It will load the tables into memory and then it tries to discover the passwords for all enabled accounts. It took ophcrack 5 minutes and 12 seconds to find an administrative password on my system. I let it continue for another 10 minutes to see if would find any more, but I eventually clicked Stop and Exit (after all, one is all you need). I was then presented with a menu of what to do next. Using the arrow keys I highlighted "Reboot" and pressed Enter. As the computer was restarting I ejected the CD so that the system would come up normally.

The chntpw tool is different from ophcrack in a couple of ways. For one thing, it does not have a GUI interface. And for another, chntpw doesn't try to crack and display the current passwords; instead, it provides the means for you to clear a password so that you can login without one.

It's possible that ophcrack will not come up with any passwords, so it's good to have chntpw as a backup. Load that CD into the drive and restart your system. After it has booted and chntpw has taken control you'll go through several prompts. The first prompt asks you to select the partition where the Windows installation is located. Press Enter to accept the default. Next you're prompted to specify which part of the registry is to be loaded. Again press Enter to accept the default.

Now you're at the main interactive menu, which lets you select whether to deal with user data and passwords or registry data. Press Enter to accept the default. You're then presented with a table of usernames and whether they have administrator rights. Type the RID of an administrator username that isn't locked, and press Enter.

You've finally reached the Edit User menu. type "1" (without the quotes) to clear the selected username's password and press Enter. That clears the password. Eject the CD and restart the system. After Windows comes up you'll be able to login under the username whose password you cleared without having to specify its (now-cleared) password. Once logged in, you can, of course, use the normal Windows tools to set the password to whatever you wish.

 This tip (13088) applies to Windows 7, 8, and 10.

Author Bio

Barry Dysert

Barry has been a computer professional for over 35 years, working in different positions such as technical team leader, project manager, and software developer. He is currently a software engineer with an emphasis on developing custom applications under Microsoft Windows. When not working with Windows or writing Tips, Barry is an amateur writer. His first non-fiction book is titled "A Chronological Commentary of Revelation." ...

MORE FROM BARRY

Changing the Size of the Taskbar

The Taskbar is the "heart" of managing your work in Windows. Fortunately, it can be sized to your heart's content. This ...

Discover More

Breaking a Network Drive Mapping Association

Windows makes it easy to break the association between a network drive and its assigned letter. This tip explains how.

Discover More

DesktopOK

Are you frustrated by your desktop icons moving around whenever you change your screen resolution or use Remote Desktop? ...

Discover More
More WindowsTips

Easily Running a Program as the Administrator

In order to run some programs properly in the Windows environment, you'll need to do so using administrator privileges. ...

Discover More

Understanding Action Center

Action Center provides you with a quick overview of security and maintenance issues and allows you to drill down to the ...

Discover More

Modifying How Windows Notifies You of Impending Changes

Part of the security system built into Windows involves notifying you when changes are about to occur to your system. ...

Discover More
Comments

If you would like to add an image to your comment (not an avatar, but an image to help in making the point of your comment), include the characters [{fig}] (all 7 characters, in the sequence shown) in your comment text. You’ll be prompted to upload your image when you submit the comment. Maximum image size is 6Mpixels. Images larger than 600px wide or 1000px tall will be reduced. Up to three images may be included in a comment. All images are subject to review. Commenting privileges may be curtailed if inappropriate images are posted.

What is two more than 7?

There are currently no comments for this tip. (Be the first to leave your comment—just use the simple form above!)


Newest Tips