Showing results for 
Search instead for 
Did you mean: 

Using the chntpw utility to reset Windows Vista user passwords

Super Advisor

Using the chntpw utility to reset Windows Vista user passwords

Hi there --

We have a Windows Vista 32-bit workstation that has user accounts with passwords that are in need of a reset.

To that end I have a live distribution called grml, which is Debian based, that has the chntpw utility included in it. I am able to boot the workstation in question with the cd, and I am also able to mount the partition in read/write mode that contains the Windows directory. The location of the files that are the object of this exercise, i.e: sam, security, system, is the following:


I have run the chntpw utility with the following syntax to enable the administrator account as well as provide it once with a blank password or a second time with a simple one:

chntpw sam system

I used the following syntax to change the password to a simple one for the other user account

chntpw -u neil sam system

After making the changes, saving the changes to the hives, and rebooting the workstation into Windows, I tried logging into the system. Unfortunately, the password or blank password that I entered in both cases resulted in an incorrect password message.

Does anyone know what other steps I need to take in order to successfully change the passwords on the Vista workstation and subsequently be able to log into the system?


A Journey In The Quest Of Knowledge
Honored Contributor

Re: Using the chntpw utility to reset Windows Vista user passwords

Note that chntpw can only change the passwords of local accounts. If your workstation is in a Windows domain environment, the domain-based user account is usually used by default: you must specify that you wish to use the local user account to log in.


To specify a local account, you must prefix it with the hostname of the workstation: if your workstation is named WKS1, you should be trying to log in as WKS1\Administrator or WKS1\neil. Just "Administrator" will be synonymous with YOURDOMAIN\Administrator, which is obviously authenticated by the domain controllers.