Windows Password Reset using chntpw

This guide explains how to reset a Windows password from a Linux system using the chntpw tool. It covers both standard unencrypted drives and BitLocker-encrypted drives.

Prerequisites

Linux system or Live USB/CD
Access to the Windows drive
Administrative privileges on the Linux system

Steps

Method A: Standard Windows Drive (Unencrypted)

Step 1: Boot into Linux

Boot your system using a Linux distribution (either installed system or Live USB/CD).

Step 2: Install chntpw

Update your package manager and install the chntpw utility:

sudo apt update
sudo apt install chntpw

Step 3: Mount the Windows Partition

Create a mount point and mount the Windows partition:

sudo mkdir /mnt/windows
sudo mount /dev/sdX1 /mnt/windows

Note: Replace X with the correct drive letter. For NVMe SSDs, the naming convention is different and typically follows the pattern /dev/nvme0n1p1 (where 0 is the drive number, n1 is the namespace, and p1 is the partition number). You can find the correct partition using lsblk or fdisk -l.

Examples:

Traditional SATA drives: /dev/sda1, /dev/sdb2
NVMe drives: /dev/nvme0n1p1, /dev/nvme1n1p2

Step 4: Navigate to SAM Directory

Change to the Windows system configuration directory:

cd /mnt/windows/Windows/System32/config

Step 5: List Users

Display all available user accounts:

sudo chntpw -l SAM

Step 6: Reset Password

Reset the password for the specific user:

sudo chntpw -u Username SAM

Note: Replace Username with the actual username you want to reset.

Step 7: Follow Interactive Prompts

The tool will present you with options:

Choose option 1 to clear the password (recommended)
Choose option 2 to edit the user account
Type q to quit and save changes

Step 8: Unmount and Reboot

Unmount the Windows partition and reboot:

cd /
sudo umount /mnt/windows
sudo reboot

Method B: BitLocker-Encrypted Windows Drive

Step 1: Boot into Linux

Boot your system using a Linux distribution (either installed system or Live USB/CD).

Step 2: Install Required Tools

Update your package manager and install both dislocker and chntpw:

sudo apt update
sudo apt install dislocker chntpw

Step 3: Create Mount Points

Create directories for both the encrypted and decrypted drives:

sudo mkdir /mnt/dislocker
sudo mkdir /mnt/windows

Step 4: Unlock BitLocker Drive

Decrypt the BitLocker-encrypted partition using your password or recovery key:

Using Password:

sudo dislocker -v -V /dev/sdX1 -u -- /mnt/dislocker

Using Recovery Key:

sudo dislocker -v -V /dev/sdX1 -p RECOVERY-KEY-HERE -- /mnt/dislocker

Note: Replace X with the correct drive letter and RECOVERY-KEY-HERE with your actual recovery key.

Step 5: Mount the Decrypted Drive

Mount the decrypted file system:

sudo mount -o loop /mnt/dislocker/dislocker-file /mnt/windows

Step 6: Navigate to SAM Directory

Change to the Windows system configuration directory:

cd /mnt/windows/Windows/System32/config

Step 7: List Users

Display all available user accounts:

sudo chntpw -l SAM

Step 8: Reset Password

Reset the password for the specific user:

sudo chntpw -u Username SAM

Note: Replace Username with the actual username you want to reset.

Step 9: Follow Interactive Prompts

The tool will present you with options:

Choose option 1 to clear the password (recommended)

Choose option 2 to edit the user account

Type q to quit and save changes

Step 10: Unmount Everything and Reboot

Unmount both the Windows partition and the dislocker, then reboot:

cd /
sudo umount /mnt/windows
sudo umount /mnt/dislocker
sudo reboot

Important Notes

Always backup important data before performing password resets
This method works with local Windows accounts, not Microsoft accounts
Some Windows versions may have additional security measures
The cleared password will be empty, allowing login without entering a password
For BitLocker drives, you need either the password or recovery key

BitLocker recovery keys are typically 48 digits long and formatted as: XXXXXX-XXXXXX-XXXXXX-XXXXXX-XXXXXX-XXXXXX-XXXXXX-XXXXXX

Troubleshooting

General you encounter issues:
Issues

Verify the correct partition is mounted
Check if Windows was properly shut down (disable Fast Startup if needed)
Ensure you have the correct permissions to modify system files

BitLocker-Specific Issues

If dislocker fails, verify you're using the correct password or recovery key

Some newer BitLocker versions may not be supported by older dislocker versions

Check if TPM is involved in the encryption (may require additional steps)

NVMe drives with BitLocker: Use the correct device path (e.g., /dev/nvme0n1p2 for the encrypted partition)

Windows Password Reset using chntpw

Prerequisites

Steps

Method A: Standard Windows Drive (Unencrypted)

Step 1: Boot into Linux

Step 2: Install chntpw

Step 3: Mount the Windows Partition

Step 4: Navigate to SAM Directory

Step 5: List Users

Step 6: Reset Password

Step 7: Follow Interactive Prompts

Step 8: Unmount and Reboot

Method B: BitLocker-Encrypted Windows Drive

Step 1: Boot into Linux

Step 2: Install Required Tools

Step 3: Create Mount Points

Step 4: Unlock BitLocker Drive

Step 5: Mount the Decrypted Drive

Step 6: Navigate to SAM Directory

Step 7: List Users

Step 8: Reset Password

Step 9: Follow Interactive Prompts

Step 10: Unmount Everything and Reboot

Important Notes

Troubleshooting

General you encounter issues:Issues

BitLocker-Specific Issues

General you encounter issues:
Issues