howto reset NT password using Knoppix
amol kesare
Resetting Lost Windows NT
Passwords with KNOPPIX Linux
Situation:
You have forgotten a local user password on a Microsoft Windows NT, 2000,
XP, 2003 computer. This is especially useful if the forgotten password if
for the 'Administrator' account.
What you'll need:
A copy of KNOPPIX Linux. Any version should do fine, in my example I am
using KNOPPIX 3.4 which is actually slightly outdated, but we don't need any
of the newer KNOPPIX features for this example.
User accounts have an interesting history in Windows. The Windows 9x series
did offer usernames and passwords, but every user could overwrite every
other user's files, and the system did not offer any real security, If you
forgot your password in Windows 9x, resetting it is as simple as deleting a
.pwd file with a DOS disk. With Windows NT, 2000, and XP, Microsoft has
increased its user security by creating different user accounts on the same
system and password that protect them. However, unlike in Windows 9x, if you
forget your Administrator password, your only resource is to purchase a tool
to reset your Windows password or to reinstall Windows to create a new
administrator account. If you have a Knoppix disc, you can download and use
the 'chntpw' tool, which is a small program that lets you eset the local
passwords on a Windows system, and return to your system.
First step is, obviously, to boot the computer with Knoppix. There are
multiple ways to get chntpw, but luckily for us, it's now part of Debian's
'unstable' repositories. Since Knoppix is Debian based, we can get the
latest .deb file from http://packages.debian.org/unstable/admin/chntpw.
Download the file to your /home/Knoppix folder. Since most of the Knoppix
system is read-only, we can't directly install the .deb package. Instead,
you must convert it to a tar file, and then extract out the chntpw utility.
Open up a terminal and run the following commands:
code:Knoppix@ttyp1[knoppix]$ alien –to-tgz chntpw_<version>.deb
Knoppix@ttyp1[knoppix]$ tar xvzf chntpw<version>.tgz ./usr/sbin/chntpw
Knoppix@ttyp1[knoppix]$ mv ./usr/sbin/chntpw ./
Once you have finished with these commands, the chntpw utility is in
/home/Knoppix and ready to use. Now let's reset the password!
To reset the password, you must have write permissions on the Windows
partition. If you have a FAT or FAT32 Windows partition, this is easy.
However, the standard and common file system for Windows NT, 2000, and XP is
NTFS. So now I will explain how to mount your Windows partition using
'captive-ntfs'. As of Knoppix 3.4, Captive NTFS is included on the CD.
Captive NTFS is actually a process that uses the NTFS drivers that Windows
itself uses.
Though it has worked for many people, it is still considered somewhat
experimental, and anything of great importance should be backed up prior to
use.
Knoppix includes an easy-to-use Captive NTFS wizard which will scan the
hardrives for the necessary NTFS .dlls. Access the wizard by K-Menu ->
KNOPPIX -> Utilities -> Captive NTFS. Click forward to see a list of the
system files that Captive NTFS has already located on your Knoppix system.
Click forward again, and the wizard mounts and scans your hard drives for
the essential files it needs.
Once Captive NTFS has the module it needs, it activates the OK button even
though it continues to scan other directories and partitions for drivers. If
you are in a hurry, you can click OK to immediately mount the NTFS
partitions. If you wait for the scan to finish, you are prompted with an
option to specify locations for drivers, such as a USB flash drive, or click
forward to download the drivers from the Windows XP service Pack 1.
Once you are finished with the wizard, you are ready to mount an NTFS
partition. Open up a terminal and use the following command:
code: Knoppix@ttyp1[knoppix]$ sudo mount –t captive-ntfs –o
uid=Knoppix,gid=Knoppix /dev/hda1 /mnt/hda1
Obviously, replace the name of the partition, if it is not correct. The –t
option is used to specify file-system type, use captive-ntfs to use the NTFS
drivers that the captive ntfs wizard previously found. The –o argument tell
mount to make user and group 'knoppix' the owner of this drive. Now that
this drive is mounted, you have full read/write access to the drive and the
possibly to do unlimited good and evil to your drive.
Make sure to unmount the drive after you're done to be sure that changes are
synced!!!!
code:Knoppix@ttyp1[knoppix]$ sudo umount /mnt/hda1
Now to continue resetting the password. Once the partition is mounted, we
must find the directory containing the SAM file. For Windows 2000 and XP
systems, this should be under /winnt/system32/config and
/windows/system32/config, respectively. In this example, navigate to
/mnt/hda1/windows/system32/config directory. You should see a number of
files, including SAM, SYSTEM, and SECURITY that may or may not be in all
caps. Now, to reset the 'Administrator' password, do the following:
code:Knoppix@ttyp1[config]$ /home/Knoppix/chntpw SAM
You will see a few messages, and at the end should be prompted with an
option to enter the new password. It is my strong recommendation that you
simple reset(blank) the password by using the asterisk(*). I have not had
good luck changing the password to something new, but blanking it works all
the time from my experience. So, do the following:
code:Please enter new password: *
Hit [Enter]
There you go! You should now have a blank password on the local
Administrator account of that Windows installation. If you want to reset the
password for any account other than 'Administrator' you can use the
following commands:
code:Knoppix@ttyp1[config]$ /home/knoppix/chntpw –l SAM
To view all user accounts on the system
code:Knoppix@ttyp1[config]$ /home/knoppix/chntpw/ -u username SAM
To reset the account password for the username of your choice.
Once you have changed the password and saved your changes, unmount the
filestem and reboot:
code:Knoppix@ttyp1[config]$ cd
Knoppix@ttyp1[knoppix]$ sudo umount /dev/hda1
Knoppix@ttyp1[knoppix]$ sudo reboot
Cheers.....................
AmOl
9890645720
_________________________________________________________________
Find your dream machine. Click here Now
http://www.sulekha.com/classifieds/cllist.aspx?catid=280&nma=IN&c=Autos&ref=msn&ref2=atx9