Windows 2003/Windows 2000 forgotten Admin Password Changing/Breaking

Purpose of this Post is to explain how we can change/break forgotten Local administrator password for Windows Operating systems.This  method can be followed for Windows 2008/2003/2000/Vista and Windows 7 operating system. 

  By this method we are mounting the Windows hard drive using Linux System Rescue CD and editing the SAM file where all the Windows ID password saved.


Note: Please ensure Proper Backup is in place. If your C Drive is is in mirrored volume make sure one  disk is  removed and kept it as backup.Boot the server from single HDD and ensure its coming up properly


Before we start Click Here to download ISO Image of this CD. If the server have ILO we can directly mount this ISO or else need to write it in a CD.


1)  I am trying to login with local-admin id, Since i am entering wrong password its not allowing me to go through it

2) Power off the server. Mount the downloaded ISO Image  using ILO and boot the server from that.


3) Press enter to Boot from ISO/CD.

4) Select the default boot option and Press enter.

5) it will go through the Boot process and will take few seconds to finish.

6) After the boot process it will reach to root prompt

7) The first thing we’ll want to do is mount the hard drive, using this command. 
 (Note that you might not need to use the –o force argument, it’s only really for when the system didn’t shut down correctly)


 Command Syntax: ntfs-3g /dev/sda1 /mnt/windows –o force

8) Use "df -m" Command to verify its mounted properly. It will list the mounted drives.

9) Now we need to edit the SAM file. The default path of SAM file on windows is c:\windows\system32\config.. Change the root directory to this path.

10) After changing the root directory to the correct path use "ls" command to list down the files inside

11) After Locating this SAM file use command "chntpw –l SAM" to see the content of SAM file. There we can see all the Local ID information.Ensure the required ID is displayed over there


In the demonstration we need to Change/Break the password of local-admin

12) Use command  "chntpw –u local-admin SAM" to break the password of local-admin. Give enter

13)This will present you with below  wizard type screen

14) Select the required option. Always prefer the clear the password by selecting Option 1. After clearing password you can login with blank password and can give the required password.


For this demonstration proceeding with changing the password. Selecting Option 2


15) It will prompt for new password. Type the new password and give enter.
it will ask for save the configuration and give "Y"  . Ensure it shows status OK.

16) Give "reboot"  command to perform restart. Ensure the process completed properly and booting  to normal windows OS.. Dont perform any hard shutdown during this process since it may cause Lock the SAM file.Also unmount the Bootable CD from system


17) Server will boot normally and now you can login with the new password.


Thanks for referring this post. Please leave me a comment if its useful for you