Use this only on computers you own or are explicitly authorized to service. Password bypass and account recovery techniques can cause data loss, account access issues, or legal problems when used without permission.

This older technical note is preserved for archive value. It applies to local Windows accounts in specific circumstances and may not apply to modern Microsoft account, BitLocker, enterprise-managed, or encrypted systems.

  1. Live boot to your Linux OS of choice. Kali and Parrot OS were recommended at the time because they had the tools preloaded.

  2. Secure Boot may need to be disabled to live boot.

  3. Open the file or folder explorer and navigate to the Windows drive of the host machine, then navigate to:

    C:/Windows/System32/Config

  4. Right click and choose “Open In Terminal.”

  5. Enter:

    chntpw -i SAM

  6. Follow the prompts. Select 1 to list and view users you can edit.

  7. View the list and find the ID corresponding to the user you would like to make an administrator or remove the password from outright. The ID will look similar to 0f5.

  8. When finished making the changes needed, press q to quit. You will probably need to press q twice before you are asked to save changes to the SAM hive.

  9. Press y to save changes made.

  10. Restart the computer into Windows to verify changes were successful.

Read-only file system note

If you get a read-only file system error when executing the original command, boot to the Windows login screen, select Restart, and live boot into Linux on that reboot. This may prevent the file system from being read-only.