var img = document.createElement('img'); img.src = "https://easystat.de/piwik.php?idsite=13&rec=1&url=https://docs.servinga.cloud" + location.pathname; img.style = "border:0"; img.alt = "tracker"; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(img,s);
Skip to main content

How to reset your Windows Administrator password

In case you lost access to your Windows Server operating system due to a forgotten Administrator password, you can use our rescue system to reset it.

Prerequisites

Your server must be in rescue mode. That means that a live Linux has been booted on your server, and you have already mounted your server's boot disk in a temporary path to be able to access the disk to read from and write to it.

tip

Follow our tutorial on how to access your server's data in rescue mode to get to that point.

Also, you need to have the tool chntpw installed. To be sure that this tool is present and ready to use, run the following command:

apt-get update && apt-get install -y chntpw

Resetting your Administrator password

In order to reset your Administrator's account password, first navigate into the system32/config directory of your Windows installation partition.

cd /target/Windows/System32/config
info

If you've followed the tutorial mentioned above, the command will work out of the box. In case you have mounted your operating system somewhere else, you might need to replace /target with the path you mounted your server's boot disk to.

Within that directory, you can use the following command to get a list of all user accounts that are registered in your Windows Server operating system:

chntpw -l SAM

The output should now resemble that. You need to identify the admin user, in my case it's Administrator.

chntpw version 1.00 140201, (c) Petter N Hagen
Hive <SAM> name (from header): <\SystemRoot\System32\Config\SAM>
ROOT KEY at offset: 0x001020 * Subkey indexing type is: 686c <lh>
File size 65536 [10000] bytes, containing 8 pages (+ 1 headerpage)
Used for data: 357/38424 blocks/bytes, unused: 35/14568 blocks/bytes.

| RID -|---------- Username ------------| Admin? |- Lock? --|
| 01f4 | Administrator                  | ADMIN  |          |
| 01f7 | DefaultAccount                 |        | dis/lock |
| 01f5 | Guest                          |        | dis/lock |
| 01f8 | WDAGUtilityAccount             |        | dis/lock |

Resetting the user's password is now as easy as running the following command. Instead of using the Administrator account, you can also replace that with any other username you found when you ran the command above to reset their account password.

chntpw -u Administrator SAM

The output should look like this:

chntpw version 1.00 140201, (c) Petter N Hagen
Hive <SAM> name (from header): <\SystemRoot\System32\Config\SAM>
ROOT KEY at offset: 0x001020 * Subkey indexing type is: 686c <lh>
File size 65536 [10000] bytes, containing 8 pages (+ 1 headerpage)
Used for data: 357/38424 blocks/bytes, unused: 35/14568 blocks/bytes.

================= USER EDIT ====================

RID     : 0500 [01f4]
Username: Administrator
fullname:
comment : Built-in account for administering the computer/domain
homedir :

00000220 = Administrators (which has 1 members)

Account bits: 0x0010 =
[ ] Disabled        | [ ] Homedir req.    | [ ] Passwd not req. |
[ ] Temp. duplicate | [X] Normal account  | [ ] NMS account     |
[ ] Domain trust ac | [ ] Wks trust act.  | [ ] Srv trust act   |
[ ] Pwd don't expir | [ ] Auto lockout    | [ ] (unknown 0x08)  |
[ ] (unknown 0x10)  | [ ] (unknown 0x20)  | [ ] (unknown 0x40)  |

Failed login count: 0, while max tries is: 0
Total  login count: 20

- - - - User Edit Menu:
 1 - Clear (blank) user password
(2 - Unlock and enable user account) [seems unlocked already]
 3 - Promote user (make user an administrator)
 4 - Add user to a group
 5 - Remove user from a group
 q - Quit editing user, back to user select
Select: [q] >

The way that tool works is by making changes to the selected user account and then saving the changes once you're done editing the account.

info

In case the account is indicated to be disabled, you need to select option 2 to unlock and enable the user account. Otherwise, it's not possible to log in with that user account afterward.

In order to reset the password, select option 1 and press Enter. To save the changes you've made to the user account, select option q and press Enter again. This will write the changes you made to the user to the disk.

Unmount your operating system

As you have made changes to the underlying disk of your server, it's highly recommended that you gracefully unmount the disk after you have exited the chroot environment.

To do so, please follow our tutorial on how to access your server's data in rescue mode where the unmounting process is explained in detail.