How You can Reset Your Windows Login Password with Hiren's BootCD - (Depreciated)

[Windows7ge]

NOTICE: This guide has become depreciated as an updated guide has been created. The updated guide can be found here:

The old guide will continue to exist below:

 

If you think anything is missing from the guide let me know and I'll update it.

 

DISCLAIMER: These instructions are only to be used for your personal computers. Misuse of this guide could get you in trouble and I won't be held responsible.
DISCLAIMER: These instructions will only work on local accounts. They will not change domain accounts.

 

In the event you've forgotten your Windows login password you can reset it relatively easily.
This method will work with Windows XP, Vista, 7, 8, 8.1, & 10.

For the method I'm using you'll need four things:

 

A thumb drive at least 1GB in size.
Hiren's BootCD which can be downloaded here: Hiren's BootCD (current version is 15.2, the download is labeled as "Hirens.BootCD.15.2.zip")

Rufus which can be downloaded here: Rufus (current version is 2.15, the download link is labeled as "Rufus 2.15")

7ZIP which can be downloaded here: 7ZIP (current version is 16.04, both 32-bit and 64-bit versions are available)

 

First, install 7ZIP.
Using 7ZIP unzip Hirens.BootCD.15.2.zip and extract only the Hiren's.BootCD.15.2.iso file to the desktop.
(The file can be unzipped by right-clicking the file, then going to 7ZIP > Open archive

 

Next plug your thumb drive into your computer and open Rufus. In Rufus look down the menu options until you see "Create a bootable disk using [ISO Image]"
To the right of that is a button with the logo of a CD drive with a disk over top of it:  Click this and browse to your desktop where you dropped the "Hiren's.BootCD.15.2.iso" file. Click on the file, then click Open at the bottom of the window.

 

Now make sure the menu settings are set as follows:

 

Device: (your thumb drive)
Partition scheme and target system type: MBR partition scheme for BIOS or UEFI
File system: FAT32 (Default)
Cluster size: 8192 bytes (Default)
New volume label: (Name this what you like)

 

Format Options:
[No Check] Check device for bad blocks [1 Pass]
[Check] Quick Format
[Check] Create a bootable disk using [ISO Image]
[Check] Create extended label and icon files

 

After you verify all these settings click "Start" at the bottom of the screen. The installation is finished when it says "READY" at the bottom:

 

Remove the thumb drive and plug it into the computer that you're locked out of.
Things become more complicated here and there's a few methods on how you can go about it.
You need to boot the computer to the thumb drive which can be achieved a few ways.
When you first start your computer mash either F10 or F11. From my experience one of these will take you to the Boot Menu. From their select the thumb drive you're using and hit ENTER. If this works and you're greeted by a black screen with grey text move onto the next step.

 

If not greeted and you boot into Windows then try the following:
Restart the computer if necessary and mash delete to enter your BIOS and locate the Boot Menu. Make sure in the Boot Order than booting to the USB comes before booting to the HDD/SSHD/SSD/NVMe (M.2 or PCI_e) drive. After that save settings and reboot. You should then get the same results as above.

 

Next Step:
From the black and grey menu that you are presented with using the arrow keys select "Mini Windows Xp" and hit ENTER

 

You'll be ready to begin once you're greeted by a desktop.
On the desktop click on "HBCD Menu".
Now click on Programs in the window that pops up and follow the path "Programs > Passwords / Keys > Windows Login > NTPWEdit (Reset XP/Vista/7 User Password)" (Despite what it says it will work with versions of Windows later than 7 ie. 8, 8.1, & 10)

 

Next you'll be shown this menu:

 

Where it says "Path to SAM file" you need to click on the  to the right and browse to the following directory and open the file SAM: "D:\Windows\System32\config\SAM" (D may not be your Windows drive if not choose the one that is.)
When you open the SAM file you'll be shown something along the lines of this:

 

For this example I created an account named User but yours will undoubtedly be named something else. If there are multiple accounts on one computer they should all show up here.
Select the account you're locked out of and click "Change password".
A small window will pop up where you will chose and confirm your new password. After this press "OK" and then then press "Save Changes"

 

After this power down the computer and remove the thumb drive. Power on the computer, get to the Windows Login screen and input your new password. It should let you in.

 

RECOMMENDATION: If the thumb drive isn't needed for anything else I'd recommend keeping Hiren's BootCD installed in case this occurs again. Hiren's BootCD also has a plethora of other tools and functions to modify or repair your system.

[Tsuki]

hirens is so old and out of date, and ive personally rarely seen that particular program work. ntpassremover on the same disk tends to work a lot better in my experience. and theres other tools that are so much better than that.

 

in fact, its actually stupid easy to do without any kind of rescue media or boot disk at all.

 

nice write up, just very outdated

[Windows7ge]

24 minutes ago, Tsuki said:

hirens is so old and out of date, and ive personally rarely seen that particular program work. ntpassremover on the same disk tends to work a lot better in my experience. and theres other tools that are so much better than that.

 

in fact, its actually stupid easy to do without any kind of rescue media or boot disk at all.

 

nice write up, just very outdated

It is old but so is DOS and using FreeDOS has gotten me out of pinches when I couldn't find any alternative methods of accomplishing certain tasks.

 

The one function in NTPass using this method I cannot say works is "unlock" which is suppose to just remove the password but it never worked for me ever. Changing the password has yet to not work for me in any version of windows I've used it on.

 

What are some up to date methods for bypassing or changing a windows password?

[vanished]

-moved to guides-

[George032]

1 hour ago, Windows7ge said:

It is old but so is DOS and using FreeDOS has gotten me out of pinches when I couldn't find any alternative methods of accomplishing certain tasks.

 

The one function in NTPass using this method I cannot say works is "unlock" which is suppose to just remove the password but it never worked for me ever. Changing the password has yet to not work for me in any version of windows I've used it on.

 

What are some up to date methods for bypassing or changing a windows password?

You can try the sticky keys backdoor. It works from Windows Vista to Windows 10. It seems that Windows 10 creators update has changed its hash encryption and NTPass might no longer work.

https://www.passcape.com/index.php?section=blog&cmd=details&id=35

[Windows7ge]

7 hours ago, Ryan_Vickers said:

-moved to guides-

Yeah sorry, I wasn't sure which category to put it under.

[Windows7ge]

7 hours ago, George032 said:

You can try the sticky keys backdoor. It works from Windows Vista to Windows 10. It seems that Windows 10 creators update has changed its hash encryption and NTPass might no longer work.

https://www.passcape.com/index.php?section=blog&cmd=details&id=35

This guide is another option but it seems similarly as complicated. If you're working with a very unfamiliar with PC's user they may be intimidated with CMD or they may not have a copy of the original install media which would require them to go to the Microsoft website and install it on a USB anyways. Also this method requires you to identify which drives you want to view the directories in via CMD which could be complicated for some individuals.

 

I did most of this testing in a virtual machine which made the whole guide easier to make although I did test to make sure that I could boot the drive in both a BIOS and UEFI BIOS environment (not extensive testing, just tried it on my UEFI BIOS desktop and my almost garbage old BIOS HP G62-220US laptop). The Windows install that was used was an old ISO. Windows build 10240. I can try running it in the VM past the anniversary update and creators update then try running the guide again. If it fails I can add to the intro of the guide that it won't work with windows 10 if it's post-creators update.

[Tsuki]

11 hours ago, George032 said:

You can try the sticky keys backdoor. It works from Windows Vista to Windows 10. It seems that Windows 10 creators update has changed its hash encryption and NTPass might no longer work.

https://www.passcape.com/index.php?section=blog&cmd=details&id=35

that backdoor as actually worked all the way back to windows NT.

ntpass wont work if their using their microsoft account to login, but it SHOULD work with a local account (i can test this later to confirm)

4 hours ago, Windows7ge said:

This guide is another option but it seems similarly as complicated. If you're working with a very unfamiliar with PC's user they may be intimidated with CMD or they may not have a copy of the original install media which would require them to go to the Microsoft website and install it on a USB anyways. Also this method requires you to identify which drives you want to view the directories in via CMD which could be complicated for some individuals.

 

windows 10 you can do it with no installation media at all. and theres even a microsoft tool designed to break passwords that works amazingly, i just cant remember what its called >.<

 

and dont get me wrong, you did a fantastic job on the guide!! extremely well written and easy to follow, theres just better ways

[Windows7ge]

2 minutes ago, Tsuki said:

windows 10 you can do it with no installation media at all. and theres even a microsoft tool designed to break passwords that works amazingly, i just cant remember what its called >.<

 

and dont get me wrong, you did a fantastic job on the guide!! extremely well written and easy to follow, theres just better ways

In windows 10 I did see on the login page "Forgot Password?" I have no idea how it works and for Microsoft to have their own password cracking tool assuming it's available to the general public seems not intelligent. It'd mean Microsoft would be providing the tools necessary to break into their own machines. I'd expect most consumers wouldn't like to hear that.

 

7 minutes ago, Tsuki said:

and dont get me wrong, you did a fantastic job on the guide!! extremely well written and easy to follow, theres just better ways

I think regardless of what objective it is you are trying to achieve there is always going to be "A better way.". Could have been worse. If I had the knowledge I could have written a guide on how to edit the SAM file directly via code. At least I used a GUI application. Plus we have to consider with different computers with different Windows software versions using different applications with different people with different levels of intelligence. An "easier way" may not seem easier depending on the individual and their configuration. So simply having an alternative option available can mean the difference between giving up and reinstalling the OS or successfully getting back into the system without that additional hassle.

[Windows7ge]

13 hours ago, George032 said:

It seems that Windows 10 creators update has changed its hash encryption and NTPass might no longer work.

I don't know about disk encryption or any other form of base stock installed password protection but I decided to test what you stated above:

I downloaded the Windows English x64 Creators Update from Microsoft and updated it as far as I can.

Windows version/build is now Version 1703 Build 15063.332 w/ Creators update and I assume the anniversary update is included.

 

I ran the exact same test again and it worked without any hick-ups I was able to change the password on the local account.

During the Windows installation it wanted me to use a Microsoft account and if Windows used that for login like a domain then this probably wouldn't work.

Also if any kind of disk encryption is enabled this probably would not work.

[Tsuki]

8 hours ago, Windows7ge said:

In windows 10 I did see on the login page "Forgot Password?" I have no idea how it works and for Microsoft to have their own password cracking tool assuming it's available to the general public seems not intelligent. It'd mean Microsoft would be providing the tools necessary to break into their own machines. I'd expect most consumers wouldn't like to hear that

while yes it seems unintellegent, they also have the Microsoft Toolkit, a free tool provided by microsoft,  which lets you activate windows, and office products, without a key. while also providing the iso for windows completely free.  which makes no sense.

 

EDIT: im an idiot sometimes

[Windows7ge]

5 hours ago, Tsuki said:

while yes it seems unintellegent, they also have the Microsoft Toolkit, a free tool provided by microsoft,  which lets you activate windows, and office products, without a key. while also providing the iso for windows completely free.  which makes no sense.

I'm familiar with a tool that does those things but I'm not sure if it was written by Microsoft.

[Tsuki]

1 minute ago, Windows7ge said:

I'm familiar with a tool that does those things but I'm not sure if it was written by Microsoft.

actually you're right about that one, its totally not. my bad!

[Windows7ge]

34 minutes ago, Tsuki said:

actually you're right about that one, its totally not. my bad!

It's fine but I wouldn't put it past Microsoft to make tools to bypass their own product keys. I'd doubt public availability though.

[Tsuki]

Just now, Windows7ge said:

It's fine but I wouldn't put it past Microsoft to make tools to bypass their own product keys. I'd doubt public availability though.

more than likely.  i am positive about the password one though.. and its driving me crazy that i cant remember the name of it..

[Vitas]

Hiren's Boot CD is a good way for resetting Windows password, but it is not easy enough for newbies.

Usually, using command prompt to reset Windows 10 password is easier than this, but you must firstly have an official Windows installation disk. Here is how:

1. Boot computer from Windows intstallation disk.

2. Open command prompt and then run commmands to replace "utilman.exe" with "cmd.exe".

3. Reboot computer and allow Windows to load normally. Then click "Ease of access" to launch Command Prompt. Now run net user command to reset your Windows user password. Restart again and log on.

For more details, refer to Tip 4: https://www.wimware.com/how-to/unlock-windows-10-password.html

In Windows 7: Reset Windows 7 password using command prompt

[Windows7ge]

1 minute ago, Vitas said:

Hiren's Boot CD is a good way for resetting Windows password, but it is not easy enough for newbies.

Perhaps. It's a good thing then I created the updated guide with more options and more clarity on how to perform each method.