Sometimes, it is neccessary, to reset a unknown password in windows. In these sample, we talk about a uncrypted windows volume. At first, start your system with e.g. kali or an other linux live system. Open the shell.

Then, create a folder for mounting the system volume, e.g.

mkdir /media/tmp

After this, mount your system volume to the tmp-folder, you created.

sudo mount -t ntfs-3g -o rw /dev/sda2 /media/tmp

The -t is type ntfs. The -o means as option add read-write. It is important, because per default, you only can read the volume. This is not enough, because we edit the SAM database by a write command. Now, whats for mounting: the /dev/sda2-volume. Mount this in /media/tmp. So that is it.

Maybe, you have to fix some dirty bits or prepare the volume, mount will say, that you have to use ntfsfix at first:

sudo ntfsfix /dev/sda2

Then, try above mount again. Then, change to the target directory:

cd /media/tmp/Windows/System32/config

List the users in the SAM database:

sudo chntpw -l SAM

Then, choose as parameter the users, you want to repair:

sudo chntpw -u Administrator SAM

Then, the chntpw will open a user interface. I recommend to set the password to clear. It means, that you must not type in a password at the next start, so choose from the menue:

1 – Clear (blank) user password.

After this, end program by menue point „q“ for quit and save the SAM back to the disk. Remove the live system and try a restart. Thats it.