Login or Sign Up
Add a Fix
How to Reset a Windows Password on a Virtual Machine (VMWare)
How Do I...How do I reset the Window's password on my virtual machine?
Summary: This how-to is part of a tutorial about DIY Computer Forensic Investigation.
This tutorial will take you step by step through reseting a Windows login password inside a VMWare virtual machine. This is an important step for computer forensic investigators who have created a bit by bit image of a hard drive and wish to boot it up in a virtual machine.
This tutorial assumes you have VMWare workstation installed and the virtual machine up and running. You will also need to download a chntpw live cd which you can get from here:
Just scroll down to the download section (about the middle of the page) and download a cd release. For this how-to I downloaded cd100627.zip. Extract the zip file to somewhere easy to find.
First you need to "put" the chntpw live in your virtual machine's cd-rom. To do so select your virtual machine, (it must be off) click Edit Virtual Machine Settings, click CD/DVD (IDE), on the right side of the window select Use ISO image file, and click Browse. Now find the chntpw file you extracted and click Open.
Now click on the the Options tab and then select Linux under Guest operating system. You will be running chntpw as a boot cd. Chntpw is a Linux based live cd so you should change your virtual machines operating system to Linux.
Now click OK and then click Power on this virtual machine.
If your virtual machine tries to boot into Windows restart it, while the VMWare bios screen is being displayed press F2 and then configure the boot order so that the cd-rom boots before the hard drive.
When Chntpw boots it will pause at a screen and say Please hit enter to boot, if you wait a few seconds it will proceed, or you can hit enter.
Chntpw will load and display a list of Candidate Windows partitions found. (Image 1) Type in the number that corresponds to the partition where Windows is installed and hit enter.
Next it will ask What is the path to the registry directory? If you do not know, just hit enter. That will tell it to use the default directory. (Image 2)
Now you will be prompted to Select which part of the registry to load. (Image 3) Type 1 and hit enter
Now you will arrive at the Main Interactive Menu. (Image 1) Type 1 and hit enter to Edit user data and passwords.
Now you should see a list of users. (Image 2) Type in the name of the user whose password you would like to change and hit enter. Remember, the name is case sensitive.
You will now see the User Edit Menu. (Image 3) Type 1 and hit enter to clear the user's password. Chntpw should now alert you that the password was cleared. Now type in a "!" (without quotes) and hit enter, then type in "q" (without quotes) and hit enter.
Now it will ask you if you want to write file(s) back. Type "y" (without quotes) and hit enter to write your changes. Hit enter again to shut down Chntpw.
You can now power off your virtual machine.
BE SURE to go back to and edit the virtual machine's settings. Change the OS back to Microsoft Windows and change the cd-rom to Use Physical Drive.
There are no resources.
CommentsAdd a Comment
There are no comments.