Man Linux: Main Page and Category List


       chntpw - utility to overwrite Windows NT/2000 SAM passwords


       chntpw  [options]  <samfile> [systemfile] [securityfile] [otherreghive]


       This manual page documents briefly the  chntpw  command.   This  manual
       page  was  written  for  the  Debian  distribution because the original
       program does not have a manual page.

       chntpw is a utility to view some information and change user  passwords
       in  a  Windows  NT/2000  SAM  userdatabase  file,  usually  located  at
       \WINDOWS\system32\config\SAM on the Windows  file  system.  It  is  not
       necessary  to  know  the  old  passwords to reset them.  In addition it
       contains a simple registry editor (same  size  data  writes)  and  hex-
       editor  with  which the information contained in a registry file can be
       browsed and modified.


       -h     Show summary of options.

       -u username
              Username to change. Default is Administrator

       -l     List all users in the SAM database.

       -i     Interactive: list all users (as per -l) and  then  ask  for  the
              user to change.

       -e     Registry editor with limited capabilities.

       -d     Use buffer debugger.

       -t     Show hexdumps of structs/segments (deprecated debug function).


       ntfs-3g /dev/sda1 /media/win ; cd /media/win/WINDOWS/system32/config/
              Mount   the   Windows  file  system  and  enters  the  directory
              \WINDOWS\system32\config where Windows stores the SAM  database.

       chntpw SAM system
              Opens  registry  hives  SAM  and system and change administrator
              account. This will work even if the name has been changed or  it
              has  been localized (since different language versions of NT use
              different administrator names).

       chntpw -l SAM
              Lists the users defined in the SAM registry file.

       chntpw -u jabbathehutt SAM
              Prompts for password for jabbathehutt and changes it in the  SAM
              registry file, if found (otherwise do nothing).


       If  you  are  looking for an automated procedure for password recovery,
       you might look at the bootdisks provided  by  the  upstream  author  at
       There  is  more  information  on  how  this  program works available at
       /usr/share/doc/chntpw registry works.


       This   manual   page   was   written   by   Javier   Fernandez-Sanguino
       <>, for the Debian GNU/Linux system (but may be used by

                                13th March 2010