How to get administrator access to Windows without a password
Get around password protection in Windows XP, Vista and 7
By Lincoln Spector | PC World | Published: 15:45, 12 October 2010
There are a number of ways to gain access to a password-protected administrator account. I'll offer two. The first one is quick and easy, but only works in XP. If the used PC runs Vista or Windows 7, skip the next three paragraphs.
XP contains a backdoor entrance to administrator control. The following will only work if the previous owner didn't know enough to close the backdoor.
First, boot into Safe Mode: Start your PC and press F8 before the Windows logo appears. (It may take a few tries to get the timing right.) From the resulting Boot menu, select Safe Mode. When the logon screen appears, it will probably contain a user you've never seen before, Administrator, that does not have a password. Thus, you can enter Windows as an administrator-level user.
Related Articles on Techworld
Once inside Windows, you can use Control Panel's User Accounts applet to change the password on the other administrator account or create a new one for yourself. And while you're there, you might also want to add a password to the Administrator account in order to close the backdoor. But that's probably the case.
If you're using Vista or Windows 7, or if someone closed that backdoor already, you can remove the administrator password with Ubuntu Linux. This gets a little complicated, so follow it closely.
If you don't already have a live Ubuntu Linux CD, download the current version. Double click the just-downloaded .iso file. Windows might start a program that burns your Ubuntu CD. If it doesn't, download and install IMGburn, then try again. Simply copying the .iso file to a CD won't work.
The instructions below are based on Ubuntu version 10.04.1 LTS, the most current version as I write this. Once you've created the disc, boot off the CD. When asked, click the Try Ubuntu button.
You'll first need to install the software: From the menus in the top right corner of the screen, select System, Administration, Software Sources. In the resulting window, check the two options not yet checked: Community-maintained Open Source software (universe) and Softrware restricted by copyright or legal issues (multiverse). Click Close, then Reload.
After the program is done processing, select System, Administration, and Synaptic Package Manager from the top right corner menus.
In the resulting window's Search field, enter chntpw. A program with that name should appear in the list of packages below. Click it and select Mark for installation. Click the Apply toolbar icon. Click Apply and wait until the installation is complete.
Now mount your drive: From the top menus, select Places, then your internal hard drive or Windows partition. When it's mounted, a File Browser window (much like Windows Explorer) will appear. By double clicking the folder icons, go to the Windows drive's Windows\system32\config folder. Leave this window up.
Now you can remove the password.
From the top menus, select Applications, Accessories, Terminal. This brings up a black window similar to Windows' command line (or the DOS box for you old-timers). Arrange these two windows so that you can see the top section of the File Browser window behind the Terminal window.
In the Terminal command line window, type cd /media/ (note the SPACE after cd) and the path to your config folder, using the folder names at the top as a guide. I wish I could simply tell you to type "cd /media/windows/system32/config", but unlike the Windows command line, Ubuntu's Terminal is case sensitive. Depending on what version of Windows you're trying to reclaim, it may be windows/system32 or Windows/System32, and Ubuntu won't see it if you get the case wrong.
When it's typed, press ENTER.
Now type sudo chntpw -u logon SAM, where logon is the logon name for the administrator account. For instance, if you're trying to take over my account, you'd enter sudo chntpw -u Lincoln SAM. Remember, everything here is case sensitive, including the logon name.
After you hit ENTER, a lot of text will scroll up very quickly. If you entered the text correctly, the last section will begin ". . . . User Edit Menu:"
Now press 1 (the number, not lower-case L), then ENTER. At the resulting question, press y.
When the program is done, click the power button logo in the upper right corner and reboot into Windows. The account in question will no longer require a password.