│   │   │   │   │   │   │   │   │ 

Administrator Password in Windows XP: how to reset it if you forget (Part 3)

Linux boot disks: (1) Offline NT Password and Registry Editor 040116

An updated version of this article illustrating Offline NT Password and Registry Editor 050303 can be found in Part 3a.


Topics on this page:

Methods to reset the Administrator or administrative user password: individual methods in detail (continued from Part 2)

[5] Linux boot disks




Methods to reset the Administrator or administrative user password: individual methods in detail

(continued from Part 2)


5. Linux boot disks

5.1. Offline NT Password and Registry Editor 040116

This is a downloadable free Linux boot floppy or CD by Petter Nordahl-Hagen (homepage). It can reset the Administrator and the other administrative user account passwords. It also can edit some settings with regard to the passwords like: failed logon before lockout, minimum password length and password history count. Note that various versions are still available on the internet, sometimes under different names and disguise. Use the latest version from the author's homepage.

One unconfirmed report on the internet mentioned that it can overcome the Recovery Console password bug (KB 308402) but I've not verified this. Some basic instructions are provided. I've only tried blanking the password (the instructions advised doing this rather than resetting another password) and that is sufficient for the purpose of being able to login. Read the instructions and FAQ carefully.

I assume you know how to burn the floppy image to CD (if you use the CD option) and set the BIOS to boot from CD or floppy. The instructions page has details for these and SCSI discs. The install.bat file will use rawrite2.exe to write the bin file to a blank floppy. You need to know that the registry SAM file is where the password is stored as you will see SAM mentioned. I only tried the floppy method which is simpler.


First attempt

It caused a fault in VMWare (where I tested it first) after loading (fig. 1-3). It may be entirely VMWare's fault but it means I can't test it in a safe environment or capture more screenshots.

Initial screen

Fig. 1. Initial loading screen.


The second screen

Fig. 2. The second screen.


Screen showing stage at which it caused a fault.

Fig. 3. Screen showing stage at which it caused a fault.


Second attempt

When I tested it in a non-virtual set up it did load all the way. I chose the registry editing option. It detected all the NTFS partitions and boot partitions on both hard discs and the SAM but further along it came up with error messages:

ERROR: SAM registry file is not loaded!

When I chose q (quit) it did quit with the message:

Hives that have changed
# Name

Registry files not changed, no point in writing it back.

Then several more lines and (... indicates text omitted here):

Busy Box v. 1.00...
sh: can't access tty; job turned off


Third and fourth attempts

When I tried it again (and one more time after this) the boot up hanged after the line about USB.


Fifth attempt

I reformatted the floppy disk and made the programme afresh and this time it loaded all the way. I chose the option to change the password to a blank one. It correctly detected all the partitions (as before) and identified the SAM in one of the Windows XP partitions I selected to process. Initially it said the Administrator account had no password policies set (not disabled or locked) but later when I chose to blank the password it came up with different error messages including:

<Administrator>, *disabled or locked*

It offered to reset the failed count, unset disabled and lockout, which I consented and it seemed to do it.

After choosing to blank the password, some error messages came up:

NTFS-fs error (device 03:42) ntfs_prepare_nonresident_write(). Writing beyond initialized size is not supported yet. Sorry.

sh: can't access tty; job turned off

After reboot, ran chkdsk (no errors in files, indexes and security descriptors) and it worked and I could logon with a blank password to the Administrator account. The other administrative user account is intact.



It works despite some error messages. You don't need to type any Linux commands to use it but the screen is full of text and can be a little hard to know what's going on at first. The messages about account lockout and minimum password length can be confusing if you don't know what they are. The error messages may put you off proceeding further; some are bugs mentioned in the FAQ page.



To be continued in other parts.

Go to TOP.

Go to Part 3a.

Go to Part 4.



Copyright 2003-2005 by Kilian. All my articles including graphics are provided "as is" without warranties of any kind. I hereby disclaim all warranties with regard to the information provided. In no event shall I be liable for any damage of any kind whatsoever resulting from the information. The articles are provided in good faith and after some degree of verification but they may contain technical or typographical errors. Links to other web resources may be changed at any time and are beyond the control of the author. Articles may be added, removed, edited or improved at any time. No support is provided by the author.

This is not an official support page for any products mentioned. All the products mentioned are trademarks of their companies.

Created 2 Mar 2004; last updated 25 Mar 2005