Reset Windows passwords with Offline NT Password & Registry Editor
The Offline NT Password & Registry Editor is a small Linux boot disk that you can use to change or delete Windows passwords outside of the Windows OS environment for local accounts. This can be useful if you forget your Windows password or the password belonging to the Administrator account. This utility can enable you to change or delete passwords, but it cannot tell you what the password for an account actually is. As such it is not appropriate to label Offline NT Password & Registry Editor as a ‘password recovery tool’; it’s a password editor, just like the name says.
It is compatible with Windows 3.x, Windows 95/98/ME, Windows NT, Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows 7, and Windows Server 2008.
Please note that the Offline NT Password & Registry Editor (‘Offline’) home page states: “If password is reset on users that have EFS encrypted files, and the system is XP or newer, all encrypted files for that user will be UNREADABLE and cannot be recovered unless you remember the old password again“.
Also note that Offline cannot be used to change or reset Active Directory passwords.
Offline’s versioning is done using release dates. The version used in this tutorial is 110511 (for 11 May 2011).
How to use it
First, download the installation ‘cd******.zip’ file from the website above and extract it locally. Burn the resulting .iso file to a CD-ROM. If you plan to boot to a USB drive, download the ‘usb********.zip’ file and extract its contents to the drive.
Second, insert the CD or USB drive into the computer and reboot it. Before the Windows OS loads (while the manufacturer’s screen is briefly displayed), hit the appropriate key (usually one of the twelve ‘F’ keys) to enter the boot device manager where you can specify a device to boot to (overriding the default device, which is almost always
C:\ on the internal hard drive).
Your computer will load the contents of the Offline CD or USB drive. When it is finished you will be prompted as follows.
1. You are first given the opportunity to specify any boot parameters that Offline should follow. Your choices are:
Just hit Enter. If you don’t make a choice, Offline will start normally after 15 seconds.
2. Offline will search your PC for physical hard drives and for the partitions on those drives. When it is done you will see something like:
Choose the partition where Windows is installed (usually choice 1) and hit Enter.
3. Now you will see output like this:
Here is where you specify the location of the SAM file which Offline will attempt to edit. By default it is located in
%SystemRoot%\Windows\System32\Config. Hit Enter to choose this default location. If you are not familiar with the Windows SAM file, you should definitely read up on it here and here.
4. Offline will search this location for the SAM and prompt you as follows:
Hit Enter to accept the default option (password reset).
5. The following choices appear:
Hit Enter to accept the default choice (edit user data and passwords).
6. Offline will now display the user accounts it finds like so:
Type the username whose password you wish to edit or hit Enter to choose Administrator. RID refers to the Relative ID.
7. After you select an account, Offline will display some details on that account and then give you options on how to edit its password.
Choose 1, 2, 3, or 4, hit Enter, and follow the prompts.
8. After you make the required changes, type ‘!’ to quit and hit Enter. Now type ‘q’ to quit and hit Enter again. You will now be asked:
Hit Enter to choose no; you do not want to reverse what you just did. Now you are asked:
Hit Enter for no and press Ctrl-Alt-Delete to reboot (you might want to remove your CD-ROM or USB drive first).
Consult the Offline NT Password & Registry Editor’s frequently asked questions.
Yes, it is possible to change the root password on Linux in a similar manner. In fact, you can even use standard Linux distributions to change passwords on Windows.
If you found the content of this article helpful and want to expand your knowledge further, please consider buying a relevant book using the links below. Thanks!