(The application that we are going to use is chntpw. In this example, we will be using fedora/ ubuntu livecd.)
2. Once booted, open the terminal and check for tool named "chntpw". If not there, you can install it using:
$ yum install chntpw (if your using ubuntu live cd $ sudo apt-get install chntpw)
3. After the tool is ready, mount the windows partition. Use "fdisk -lu" to check which partition should be mounted. To mount /dev/sda1 (assuming your windows partition is on /dev/sda1), use below command:
$ su mount /dev/sda1 /mnt
4. Find SAM file on the windows partition. Usually it is located in Windows/System32/config. Run the chntpw on the SAM file.
$ cd /mnt/Windows/System32/configList all user in the SAM record
$ chntpw -l SAMInteractively edit user credential
$ chntpw -i SAM
5. Follow the wizard of chntpw and clear administrator or any user's password that you want to access.
6. Save changes and restart machine. You can access the windows without password for administrator and users that you have cleared their password. Make sure you take out the livecd, otherwise the machine will boot into it instead of windows.
chntpw version 0.99.6 080526 (sixtyfour), (c) Petter N Hagen
chntpw: change password of a user in a NT/2k/XP/2k3/Vista SAM file, or invoke registry editor.
-h This message
-l list all users in SAM file
-i Interactive. List users (as -l) then ask for username to change
-e Registry editor. Now with full write support!
-d Enter buffer debugger instead (hex editor),
-t Trace. Show hexdump of structs/segments. (deprecated debug function)
-v Be a little more verbose (for debuging)
-L Write names of changed files to /tmp/changed
-N No allocation mode. Only (old style) same length overwrites possible