Skip to main content

Windows Password Reset using chntpw

This guide explains how to reset a Windows password from a Linux system using the chntpw tool. It covers both standard unencrypted drives and BitLocker-encrypted drives.

Prerequisites

  • Linux system or Live USB/CD
  • Access to the Windows drive
  • Administrative privileges on the Linux system

Steps

Method A: Standard Windows Drive (Unencrypted)

Step 1: Boot into Linux

Boot your system using a Linux distribution (either installed system or Live USB/CD).

Step 2: Install chntpw

Update your package manager and install the chntpw utility:

sudo apt update
sudo apt install chntpw

Step 3: Mount the Windows Partition

Create a mount point and mount the Windows partition:

sudo mkdir /mnt/windows
sudo mount /dev/sdX1 /mnt/windows

Note: Replace X with the correct drive letter. For NVMe SSDs, the naming convention is different and typically follows the pattern /dev/nvme0n1p1 (where 0 is the drive number, n1 is the namespace, and p1 is the partition number). You can find the correct partition using lsblk or fdisk -l.

Examples:

  • Traditional SATA drives: /dev/sda1, /dev/sdb2
  • NVMe drives: /dev/nvme0n1p1, /dev/nvme1n1p2

Step 4: Navigate to SAM Directory

Change to the Windows system configuration directory:

cd /mnt/windows/Windows/System32/config

Step 5: List Users

Display all available user accounts:

sudo chntpw -l SAM

Step 6: Reset Password

Reset the password for the specific user:

sudo chntpw -u Username SAM

Note: Replace Username with the actual username you want to reset.

Step 7: Follow Interactive Prompts

The tool will present you with options:

  • Choose option 1 to clear the password (recommended)
  • Choose option 2 to edit the user account
  • Type q to quit and save changes

Step 8: Unmount and Reboot

Unmount the Windows partition and reboot:

cd /
sudo umount /mnt/windows
sudo reboot

Method B: BitLocker-Encrypted Windows Drive

Step 1: Boot into Linux

Boot your system using a Linux distribution (either installed system or Live USB/CD).

Step 2: Install Required Tools

Update your package manager and install both dislocker and chntpw:

sudo apt update
sudo apt install dislocker chntpw

Step 3: Create Mount Points

Create directories for both the encrypted and decrypted drives:

sudo mkdir /mnt/dislocker
sudo mkdir /mnt/windows

Step 4: Unlock BitLocker Drive

Decrypt the BitLocker-encrypted partition using your password or recovery key:

Using Password:

sudo dislocker -v -V /dev/sdX1 -u -- /mnt/dislocker

Using Recovery Key:

sudo dislocker -v -V /dev/sdX1 -p RECOVERY-KEY-HERE -- /mnt/dislocker

Note: Replace X with the correct drive letter and RECOVERY-KEY-HERE with your actual recovery key.

Step 5: Mount the Decrypted Drive

Mount the decrypted file system:

sudo mount -o loop /mnt/dislocker/dislocker-file /mnt/windows

Step 6: Navigate to SAM Directory

Change to the Windows system configuration directory:

cd /mnt/windows/Windows/System32/config

Step 7: List Users

Display all available user accounts:

sudo chntpw -l SAM

Step 8: Reset Password

Reset the password for the specific user:

sudo chntpw -u Username SAM

Note: Replace Username with the actual username you want to reset.

Step 9: Follow Interactive Prompts

The tool will present you with options:

  • Choose option 1 to clear the password (recommended)
  • Choose option 2 to edit the user account
  • Type q to quit and save changes

Step 10: Unmount Everything and Reboot

Unmount both the Windows partition and the dislocker, then reboot:

cd /
sudo umount /mnt/windows
sudo umount /mnt/dislocker
sudo reboot

Important Notes

  • Always backup important data before performing password resets
  • This method works with local Windows accounts, not Microsoft accounts
  • Some Windows versions may have additional security measures
  • The cleared password will be empty, allowing login without entering a password
  • For BitLocker drives, you need either the password or recovery key
  • BitLocker recovery keys are typically 48 digits long and formatted as: XXXXXX-XXXXXX-XXXXXX-XXXXXX-XXXXXX-XXXXXX-XXXXXX-XXXXXX

Troubleshooting

General Issues

  • Verify the correct partition is mounted
  • Check if Windows was properly shut down (disable Fast Startup if needed)
  • Ensure you have the correct permissions to modify system files

BitLocker-Specific Issues

  • If dislocker fails, verify you're using the correct password or recovery key
  • Some newer BitLocker versions may not be supported by older dislocker versions
  • Check if TPM is involved in the encryption (may require additional steps)
  • NVMe drives with BitLocker: Use the correct device path (e.g., /dev/nvme0n1p2 for the encrypted partition)

No comments to display

Back to top