How to Recover a Lost Windows NT/2000/XP Administrator Password

To recover a lost Windows NT/2000/XP administrator password, you will need local access to the machine. The first step is to boot the machine using a bootable floppy or CD that contains NTFS (NT File System) drivers. This will allow you to proceed to the next step, which is to recover or reset the Administrator password.

Boot the system with NTFS drivers

Petter Nordahl-Hagen has created a good set of Linux-based bootdisks with NTFS support. Download this package from Offline NT Password & Registry Editor.

You may also use your own bootable floppies or CD's, as long as they have support for the NTFS file system and can run the utility you intend to use to recover the administrator password.

Note that this step is only required if your system uses NTFS as a filesystem. If your system uses a different filesystem, you must boot with drivers for that filesystem.

Recover the Administrator password

To attempt to recover the Administrator password, use a tool like OpenWall's John the Ripper with Olle Segerdahl's NTLM patch, L0phtCrack, or LCP by . John the Ripper runs on Unix, DOS, or Windows. L0phtCrack runs on Unix or Windows. LCP runs on Microsoft Windows.

To reset the Administrator password, use a tool like `chntpw`, which is included with Petter Nordahl-Hagen's bootdisk package mentioned above.

Resetting the administrator password will gain you access to the system. Recovering the administrator password can gain you access to the system without being obvious to the legitimate sysadmin, and you will also know the sysadmin's administrator password, which may give you access to other machines.