How to Reset Windows 10 Passwords with NTPasswd [Step-by-Step]

Published:3 August 2021 - 5 min. read

Azure Cloud Labs: these FREE, on‑demand Azure Cloud Labs will get you into a real‑world environment and account, walking you through step‑by‑step how to best protect, secure, and recover Azure data.

Forgot your Windows 10 password? Typically, a user would give up, reinstall the operating system (OS), and start from scratch. But you’re not a typical user. Instead of doing an OS reset, why not try a user account password reset first using the Offline NT Password & Registry Editor (NTPasswd) utility?

In this tutorial, learn how to use the NTPasswd utility as a “break-glass-in-case-of-emergency” response to reset lost or forgotten Windows user or administrator passwords.

Are you now excited to hack your way into a locked computer? Hold on to your black hat, and let’s dive in.

Prerequisites

Since this tutorial is hands-on, you’ll need the following requirements if you plan to follow along.

  • A Windows 10 computer. This tutorial will be using a Windows 10 version 20H2, but earlier versions should work as well.
  • A test or dummy Windows 10 local user account. This user account is optional but recommended if you don’t want to test this tutorial with production or live user account. This tutorial will be trying the password reset on a test account with the name Dummy.
  • Make sure that the computer can boot from a USB drive and supports legacy boot mode. NTPasswd boot disks do not support UEFI boot mode.
  • A USB flash drive with at least 50MB free space where you’ll be installing NTPasswd. This tutorial assumes that you’ve already attached the USB drive to the computer and know its drive letter. In this tutorial, the USB drive letter is E.
  • Download the latest NTPasswd USB zip file. As of this writing, the latest zip file name is usb140201.zip, and the size is approximately 18MB.

Creating a Bootable NTPasswd USB Drive

To boot your computer into the NTPasswd environment, you must first create bootable media containing the NTPasswd files. Don’t worry. Doing so only takes running two lines of command. You don’t need to download any third-party tools, too.

Follow the steps below to create an NTPasswd bootable USB drive.

1. Open PowerShell as admin.

2. Inside the PowerShell window, extract usb140201.zip file contents to the root of the USB drive. To do so, run the Expand-Archive command below. This command assumes that the NTPasswd zip file is in the C:\Downloads folder and the extract destination is the root of drive E.

Expand-Archive -Path C:\Downloads\usb140201.zip -DestinationPath E:

You should see a similar progress indicator as to the image below.

Extracting NTPasswd files to the USB drive
Extracting NTPasswd files to the USB drive

3. After extracting the NTPasswd zip file, run the syslinux.exe command below to make the USB drive bootable. This command assumes that the USB drive letter is E. Change the drive letter if needed.

The NTPasswd zip that you previously extracted to the USB drive already includes the syslinux.exe executable file. You do not need to download the file separately.

# (m) -- Install the master boot record (MBR).
# (a) -- Mark the partition as Active.

E:\syslinux.exe -ma E:

The command should only take approximately one second to complete, and there are no output messages. Once the command completes, you now have a bootable NTPasswd USB drive.

Booting into NTPasswd

Now that you’ve created your password reset disk, it’s time to put it to the test. Before you can start resetting passwords, you first need to boot your computer into the NTPasswd environment. Follow the steps below to do so.

Note: NTPasswd is not capable of accessing encrypted drives, such as Bitlocker-encrypted drives. According to the NTPasswd FAQ, there is no plan to add support for encrypted drives.

1. First, turn off your computer if you haven’t yet.

2. Power on your computer and boot it to the USB drive. Typically, you have to press a key while the computer is starting up (F2, Del, F12…), showing you the boot menu. Consult your computer’s manual if needed to learn how.

3. At the boot prompt, type in boot vga=ask and press Enter. Doing so gives you the option to choose the video mode.

Entering a boot option
Entering a boot option

4. At the following prompt, hit Enter again to list the available video modes.

Press Enter to list available video modes
Press Enter to list available video modes

5. Next, on the list of video modes, type 0 and press Enter. This step ensures that NTPasswd uses the lowest possible resolution to avoid showing disproportionate screen output.

Selecting the lowest display resolution mode
Selecting the lowest display resolution mode

After selecting the video mode, NTPasswd then automatically detects the disk partitions. As you can see below, the utility automatically determines which partition(s) may contain the Windows operating system.

NTPasswd automatically detects possible Windows installation partitions
NTPasswd automatically detects possible Windows installation partitions

Note: If the computer did not shut down properly or in hibernate, NTPasswd would complain that the NTFS partition is unsafe, as you can see below. In which case, you have to boot to Windows and shut down the computer properly before booting into NTPasswd again.

The NTFS partition is in an unsafe state error
The NTFS partition is in an unsafe state error

6. On the list of Possible windows installations, typically, there would only be one Windows installation on a computer, as you can see below. In which case, you only need to press Enter to accept the default selection.

Selecting the Windows installation partition
Selecting the Windows installation partition

7. After selecting the Windows partition, NTPasswd lists files on the screen. Press the SPACEBAR once to exit the files list.

Press the spacebar to exit the files list
Press the spacebar to exit the files list

Resetting a User Password with NTPasswd

Now that you’ve booted your computer into NTPasswd, you’re ready to start resetting passwords. By following a series of prompts, you can reset the password of any Windows 10 local accounts on the computer. To do so, proceed as follows.

1. On the Select which part of registry to load menu, press Enter to accept the default selection, which is 1 – Password reset [sam]. Selecting this option will load the SAM Windows registry hive.

The SAM registry hive contains the local user accounts and passwords data.

Loading the Password reset menu
Loading the Password reset menu

2. On the Main Interactive Menu that follows, press Enter to accept the default option, which is 1 – Edit user data and passwords.

Select edit user data and passwords
Select edit user data and passwords

3. Next, on the list of user accounts, look for the user account whose password you want to reset. Find the user’s number under the RID column. Once you have the user’s RID value, type the value into the prompt to select the user and press Enter.

In the example below, the RID for the user to reset is 03ea, and the username is Dummy.

Entering the user's RID value
Entering the user’s RID value

4. On the User Edit Menu, you’ll notice that there’s no option to reset the password, and that is normal—instead, type 1 to select the option to Clear (blank) user password and press Enter.

Choosing this option will clear the user’s password. Consequently, you can log in to Windows using this user account without entering a password.

Selecting to clear the user password
Selecting to clear the user password

After clearing the password, you should see a confirmation message similar to the screenshot below.

Confirmation message
Confirmation message

5. Now, press Enter to exit the User Edit Menu.

Exiting the User Edit Menu
Exiting the User Edit Menu

6. Back at the Main Interactive Menu, type q, and press Enter to exit.

Exiting the Main Menu
Exiting the Main Menu

7. At the next prompt, type y and press Enter. This action will write the changes you made (clear password) back to the SAM registry hive.

Saving the changes
Saving the changes

After saving the changes, you should see a message saying EDIT COMPLETE. You have now finished resetting the Windows 10 user password.

8. Finally, unplug the USB drive from your computer and press CTRL+ALT+DEL to restart your computer and boot into Windows. You can then log in using the account without entering a password.

Conclusion

This tutorial showed you that a forgotten or lost password does not necessarily mean that you’ve already lost access to your computer. Don’t lose hope yet. You’ve learned that the NTPasswd password reset utility can be a lifesaver in such situations.

Apart from resetting passwords, there are other NTPasswd usage scenarios that you can try. How about enabling the built-in administrator account, promoting a standard user as an administrator, and editing the registry offline?

Hate ads? Want to support the writer? Get many of our tutorials packaged as an ATA Guidebook.

Explore ATA Guidebooks

Looks like you're offline!