Recovering a Forgotten Administrator Password

by Barry Dysert
(last updated October 2, 2017)

You may be relieved to know that there is no built-in utility that will help you recover a forgotten administrator password. After all, if there were then anyone with access to your system could effect a security breach. But what if it's your system, and you're the one who can't remember a forgotten password?

As you may have guessed, there are some third-party tools that are designed to help in such a situation. I have personally tried some, and the two I'm recommending in this tip worked flawlessly on my Windows 7 PC. If you don't want to use a third-party tool, then your only real choices are to keep guessing what your password is or take the draconian step of re-installing Windows. Personally, I'd choose the third-party route.

Both options require that you create a boot disk with the appropriate software on it. Therefore, you need to procure a couple of empty CDs that you'll write to. Then you can download the tools. The first is called 'ophcrack' and can be downloaded from this site:

http://ophcrack.sourceforge.net/download.php

Go to the website and scroll down until you see the download for "ophcrack Vista/7 LiveCD". This will download an .iso file which you need to burn to one of your CDs; label the CD "ophcrack." We'll go over using 'ophcrack' shortly, but let's go get the second tool first.

The second password tool is called 'chntpw' and can be downloaded from here:

http://pogostick.net/~pnh/ntpasswd/

Go to the website and scroll down until you see the "Download" section. Under there you'll find a link to 'cd140201.zip', which is the file you want to download. When you unpack the zip file you'll see that it contains a file called 'cd140201.iso'. Burn that file to your second CD and label it "chntpw."

Now that we're done with the preliminaries, load your ophcrack CD into the drive and (re)start your computer. Depending on your system configuration, you may need to press a special function key to tell your computer to boot from the CD instead of the hard drive. (This is what you want to do: boot from the CD that contains opbcrack.)

You'll see a lot of text scroll by as ophcrack loads, but shortly it will display a GUI screen that responds to the mouse. The first thing to do is to click the Tables button to install the password configuration tables. Select what tables to install from the path "/media/hda/tables", then click the Crack button. The rest is now automatic. It will load the tables into memory and then it tries to discover the passwords for all enabled accounts. It took ophcrack 5 minutes and 12 seconds to find an administrative password on my system. I let it continue for another 10 minutes to see if would find any more, but I eventually clicked Stop and Exit (after all, one is all you need). I was then presented with a menu of what to do next. Using the arrow keys I highlighted "Reboot" and pressed Enter. As the computer was restarting I ejected the CD so that the system would come up normally.

The chntpw tool is different from ophcrack in a couple of ways. For one thing, it does not have a GUI interface. And for another, chntpw doesn't try to crack and display the current passwords; instead, it provides the means for you to clear a password so that you can login without one.

It's possible that ophcrack will not come up with any passwords, so it's good to have chntpw as a backup. Load that CD into the drive and restart your system. After it has booted and chntpw has taken control you'll go through several prompts. The first prompt asks you to select the partition where the Windows installation is located. Press Enter to accept the default. Next you're prompted to specify which part of the registry is to be loaded. Again press Enter to accept the default.

Now you're at the main interactive menu, which lets you select whether to deal with user data and passwords or registry data. Press Enter to accept the default. You're then presented with a table of usernames and whether they have administrator rights. Type the RID of an administrator username that isn't locked, and press Enter.

You've finally reached the Edit User menu. type "1" (without the quotes) to clear the selected username's password and press Enter. That clears the password. Eject the CD and restart the system. After Windows comes up you'll be able to login under the username whose password you cleared without having to specify its (now-cleared) password. Once logged in, you can, of course, use the normal Windows tools to set the password to whatever you wish.

 This tip (13088) applies to Windows 7, 8, and 10.

Author Bio

Barry Dysert

Barry has been a computer professional for over 30 years, working in different positions such as technical team leader, project manager, and software developer.  He is currently a senior software engineer with an emphasis on developing custom applications under Microsoft Windows. ...

MORE FROM BARRY

Understanding File Types and Extensions

File types (or extensions) are key to using Windows effectively. When you double-click a file in Windows Explorer or File ...

Discover More

Using a Dvorak Keyboard with Windows

Dvorak keyboards can provide more efficient typing as well as make the keyboard characters more accessible to those who type ...

Discover More

Using the Event Viewer to Examine Remote Event Logs

Assuming you have proper access to remote computers, you can examine their event logs from your system without much trouble. ...

Discover More
More WindowsTips

Easily Running a Program as the Administrator

In order to run some programs properly in the Windows environment, you'll need to do so using administrator privileges. This ...

Discover More

Understanding Data Execution Prevention

Windows has many malware-prevention features. One of these is Data Execution Prevention. This tip provides an explanation of ...

Discover More

Logging In with Local vs. Microsoft Credentials

In Windows 10, you can choose to login using your local account or by using your Microsoft credentials. How to switch back ...

Discover More
Subscribe

FREE SERVICE: Get tips like this every week in WindowsTips, a free productivity newsletter. Enter your address and click "Subscribe."

View most recent newsletter.

Comments

If you would like to add an image to your comment (not an avatar, but an image to help in making the point of your comment), include the characters [{fig}] in your comment text. You’ll be prompted to upload your image when you submit the comment. Maximum image size is 6Mpixels. Images larger than 600px wide or 1000px tall will be reduced. Up to three images may be included in a comment. All images are subject to review. Commenting privileges may be curtailed if inappropriate images are posted.

What is nine minus 3?

There are currently no comments for this tip. (Be the first to leave your comment—just use the simple form above!)


Newest Tips
Subscribe

FREE SERVICE: Get tips like this every week in WindowsTips, a free productivity newsletter. Enter your address and click "Subscribe."

(Your e-mail address is not shared with anyone, ever.)

View the most recent newsletter.