http://rhadimas.wordpress.com/2006/10/15/reset-windows-password-w-knoppix/ knoppix@Knoppix:~$ wget http://ftp.au.debian.org/debian/pool/main/c/chntpw/chntpw_0.99.5-0+nmu1_i386.deb Extract only the chntpw binary knoppix@Knoppix:~$ alien --to-tgz chntpw_0.99.5-0+nmu1_i386.deb  knoppix@Knoppix:~$ tar xvzf chntpw-0.99.5.tgz ./usr/sbin/chntpw knoppix@Knoppix:~$ mv ./usr/sbin/chntpw ./ Repair and mount a badly unmounted NTFS volume. knoppix@Knoppix:~$ sudo ntfsfix /dev/hda1  knoppix@Knoppix:~$ sudo mount -o rw /dev/hda1 /media/hda1/ Change the password for the particular user. knoppix@Knoppix:~$ cd /media/hda1/WINNT/system32/config/ knoppix@Knoppix:/media/hda1/WINNT/system32/config$ /home/knoppix/chntpw -u mini SAM chntpw version 0.99.5 070923 (decade), (c) Petter N Hagen Hive <SAM> name (from header): <\SystemRoot\System32\Config\SAM> ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf> File size 24576 [6000] bytes, containing 5 pages (+ 1 headerpage) Used for data: 185/14976 blocks/bytes, unused: 5/5344 blocks/bytes. * SAM policy limits: Failed logins before lockout is: 0 Minimum password length        : 0 Password history count         : 0 | RID -|---------- Username ------------| Admin? |- Lock? --| | 03e8 | ASPNET                         |        |          | | 01f5 | Guest                          |        | dis/lock | | 01f4 | mini                           | ADMIN  | dis/lock | ---------------------> SYSKEY CHECK <----------------------- SYSTEM   SecureBoot            : -1 -> Not Set (not installed, good!) SAM      Account\F             : 1 -> key-in-registry SECURITY PolSecretEncryptionKey: -1 -> Not Set (OK if this is NT4)   ***************** SYSKEY IS ENABLED! ************** This installation very likely has the syskey passwordhash-obfuscator installed It's currently in mode = -1, Unknown-mode SYSTEM (and possibly SECURITY) hives not loaded, unable to disable syskey! Please start the program with at least SAM & SYSTEM-hive filenames as arguments! RID     : 0500 [01f4] Username: mini fullname:  comment : Built-in account for administering the computer/domain homedir :    User is member of 1 groups: 00000220 = Administrators (which has 1 members) Account bits: 0x0210 = [ ] Disabled        | [ ] Homedir req.    | [ ] Passwd not req. |  [ ] Temp. duplicate | [X] Normal account  | [ ] NMS account     |  [ ] Domain trust ac | [ ] Wks trust act.  | [ ] Srv trust act   |  [X] Pwd don't expir | [ ] Auto lockout    | [ ] (unknown 0x08)  |  [ ] (unknown 0x10)  | [ ] (unknown 0x20)  | [ ] (unknown 0x40)  |  Failed login count: 6, while max tries is: 0 Total  login count: 1370 - - - - User Edit Menu:  1 - Clear (blank) user password  2 - Edit (set new) user password (careful with this on XP or Vista)  3 - Promote user (make user an administrator)  4 - Unlock and enable user account [probably locked now]  q - Quit editing user, back to user select Select: [q] > 1 Password cleared! Hives that have changed:  #  Name  0  <SAM> Write hive files? (y/n) [n] : y  0  <SAM> - OK knoppix@Knoppix:~$ cd  knoppix@Knoppix:~$ umount /media/hda1