Resetting Windows password on computer with Secure boot

Resetting Windows password on computer with Secure boot

Secure boot and UEFI BIOS is something that has been introduced with windows 8 and 8.1.
Secure boot stops you from accessing the hard drive when booting to CD or USB and therefore stops you using traditional tools to reset your windows password.

To bypass this you need to remove your hard drive and connect it to another computer. I use a USB dock to do this, using a USB docking station allows you direct access to hard drives and gives you plug and play functionality.
You will need a computer with Linux installed, preferably Kali Linux as this comes the the packages pre installed. If you are using a different distro(if you are not sure what a distro is have a look at our Introduction to Linux)
I have used a Virtual Machine and attached the hard drive to it and then booted to Kali Linux.

Once you have booted up the Linux VM you will need to open a terminal.
Then navigate to the Media folder by typing the command:

cd /Media

Then run the ls command to see what drives you have attached. Identify which drive has is your windows c: drive.
Change the working directory to the c:/windows/system32/config by running the command:

cd Windows/System32/config

Once in the directory you will need to make sure that the SAM database is in this folder. To do that run the command:

ls -l SAM*

ls sam password reset
You should see the SAM database I that directory.

 

Now you will need to view what users are in the SAM database you do that by running the command:

chntpw sam
You will see a list of users that are currently created in the SAM database

chntpw -l SAM

 

Now you want to reset the password for the Administrator user and also enable the user by running the command

chntpw -u Administrator SAM

Then select option 1 to clear the password
resetting windows password kali linux
Run the command again

chntpw – Administrator SAM

and select option 4 to enable the account

Now install the hard drive in the original computer and boot to Windows. If you had secure boot on your computer you will need to make sure that it is still enabled in BIOS.

You should now be able to log in as the built in Administrator account, then you just need to reset the original user accounts password.

To do this open run a command prompt as administrator and type the command(make sure to replace <username> with your username:

net user <username> *

reset user password secure boot
Reset the users password

Now log out of the administrator user and log in as your user, using the password that you have just set.

Now  run a command prompt as administrator and type the command:

net user administrator /active:no

disable admin account
Says that the command has worked successfully and the administrator user is no longer active

Now your password has been reset.

Replies: 3 / Share:

You might also like …

3 thoughts on “Resetting Windows password on computer with Secure boot

  • @herejaken
    Really good tutorial. I’ve been using chntpw (Change NT Password) or Offline NT Password & Registry Editor since it was on Floppy Disk. Well written program and a good article. Keep up the good work and keep the tutorials coming.

    Reply
  • Great tutorial! You can also use PCUnlocker Live CD – a unique Windows password bypass tool that can boot in UEFI mode with the Secure Boot turned on.

    Reply
  • @Hi man , I’ve been trying to reset the password of a pc Windows 10, so I booted Kali Linux on a USB key. When I got into Kali i mounted the Windows, and it openned me the files but when I try to access the Windows file I get an error. So I tryed to access to it with the cd command and that worked but when I try doing the command chntpw -l SAM I can’t see the list of the users, I just get an error and when I do the command to reset the password I get another error.

    Reply

Post Comment

Your email address will not be published. Required fields are marked *