Recovering a Forgotten Administrator Password

by Barry Dysert
(last updated April 28, 2014)

3

You may be relieved to know that there is no built-in utility that will help you recover a forgotten administrator password. After all, if there were then anyone with access to your system could effect a security breach. But what if it's your system, and you're the one who can't remember a forgotten password?

As you may have guessed, there are some third-party tools that are designed to help in such a situation. I have personally tried some, and the two I'm recommending in this tip worked flawlessly on my Windows 7 PC. If you don't want to use a third-party tool, then your only real choices are to keep guessing what your password is or take the draconian step of re-installing Windows. Personally, I'd choose the third-party route.

Both options require that you create a boot disk with the appropriate software on it. Therefore, you need to procure a couple of empty CDs that you'll write to. Then you can download the tools. The first is called 'ophcrack' and can be downloaded from this site:

http://ophcrack.sourceforge.net/download.php

Go to the website and scroll down until you see the download for "ophcrack Vista/7 LiveCD". This will download an .iso file which you need to burn to one of your CDs; label the CD "ophcrack." We'll go over using 'ophcrack' shortly, but let's go get the second tool first.

The second password tool is called 'chntpw' and can be downloaded from here:

http://pogostick.net/~pnh/ntpasswd/

Go to the website and scroll down until you see the "Download" section. Under there you'll find a link to 'cd140201.zip', which is the file you want to download. When you unpack the zip file you'll see that it contains a file called 'cd140201.iso'. Burn that file to your second CD and label it "chntpw."

Now that we're done with the preliminaries, load your ophcrack CD into the drive and (re)start your computer. Depending on your system configuration, you may need to press a special function key to tell your computer to boot from the CD instead of the hard drive. (This is what you want to do: boot from the CD that contains opbcrack.)

You'll see a lot of text scroll by as ophcrack loads, but shortly it will display a GUI screen that responds to the mouse. The first thing to do is to click the Tables button to install the password configuration tables. Select what tables to install from the path "/media/hda/tables", then click the Crack button. The rest is now automatic. It will load the tables into memory and then it tries to discover the passwords for all enabled accounts. It took ophcrack 5 minutes and 12 seconds to find an administrative password on my system. I let it continue for another 10 minutes to see if would find any more, but I eventually clicked Stop and Exit (after all, one is all you need). I was then presented with a menu of what to do next. Using the arrow keys I highlighted "Reboot" and pressed Enter. As the computer was restarting I ejected the CD so that the system would come up normally.

The chntpw tool is different from ophcrack in a couple of ways. For one thing, it does not have a GUI interface. And for another, chntpw doesn't try to crack and display the current passwords; instead, it provides the means for you to clear a password so that you can login without one.

It's possible that ophcrack will not come up with any passwords, so it's good to have chntpw as a backup. Load that CD into the drive and restart your system. After it has booted and chntpw has taken control you'll go through several prompts. The first prompt asks you to select the partition where the Windows installation is located. Press Enter to accept the default. Next you're prompted to specify which part of the registry is to be loaded. Again press Enter to accept the default.

Now you're at the main interactive menu, which lets you select whether to deal with user data and passwords or registry data. Press Enter to accept the default. You're then presented with a table of usernames and whether they have administrator rights. Type the RID of an administrator username that isn't locked, and press Enter.

You've finally reached the Edit User menu. type "1" (without the quotes) to clear the selected username's password and press Enter. That clears the password. Eject the CD and restart the system. After Windows comes up you'll be able to login under the username whose password you cleared without having to specify its (now-cleared) password. Once logged in, you can, of course, use the normal Windows tools to set the password to whatever you wish.

 This tip (13088) applies to Windows 7.

Author Bio

Barry Dysert

Barry has been a computer professional for over 30 years, working in different positions such as technical team leader, project manager, and software developer.  He is currently a senior software engineer with an emphasis on developing custom applications under Microsoft Windows. ...

MORE FROM BARRY

Changing the Size of the Taskbar

The Taskbar is the "heart" of managing your work in Windows. Fortunately, it can be sized to your heart's content. This tip ...

Discover More

Pin Items to the Taskbar

You can improve your efficiency at managing your applications through effective use of the taskbar. This tip shows you how to ...

Discover More

Using Powercfg to Duplicate an Existing Power Scheme

The Powercfg utility allows you to control how power is used on your system. This tip shows you how to use the command-line ...

Discover More
More WindowsTips

Understanding Action Center

Action Center provides you with a quick overview of security and maintenance issues and allows you to drill down to the ...

Discover More

Limiting the Number of Login Attempts

You probably don't want to allow someone to continually attempt to login to your system until they finally guess your ...

Discover More

Logging In with Local vs. Microsoft Credentials

In Windows 10, you can choose to login using your local account or by using your Microsoft credentials. How to switch back ...

Discover More
Subscribe

FREE SERVICE: Get tips like this every week in WindowsTips, a free productivity newsletter. Enter your address and click "Subscribe."

View most recent newsletter.

Comments

If you would like to add an image to your comment (not an avatar, but an image to help in making the point of your comment), include the characters [{fig}] in your comment text. You’ll be prompted to upload your image when you submit the comment. Images larger than 600px wide or 1000px tall will be reduced. Up to three images may be included in a comment. All images are subject to review. Commenting privileges may be curtailed if inappropriate images are posted.

What is five minus 0?

2016-07-25 19:04:16

Tim

Thanks for this tip.
From what I read these utilities could be run on any Windows computer by anyone.
Am I right to say that the Windows password is for safety but not security? I.e. It's really "security theatre".


2014-12-23 17:22:34

Heather

Ophcrack didn't find the passwords but chntpw did the trick! Instructions were perfect, thank you.


2014-07-18 03:12:05

Louis

Thanks for sharing! I prefer to use PCUnlocker and Ophcrack.


Newest Tips
Subscribe

FREE SERVICE: Get tips like this every week in WindowsTips, a free productivity newsletter. Enter your address and click "Subscribe."

(Your e-mail address is not shared with anyone, ever.)

View the most recent newsletter.