Offline NT Password & Registry Editor, Bootdisk / CD

I've put together a single floppy or CD which contains things needed to edit the passwords on most systems. The CD can also be installed on a USB drive, see readme.txt on the CD.

The bootdisk should support most of the more usual disk controllers, and it should auto-load most of them. Both PS/2 and USB keyboard supported.

Tested on: NT 3.51, NT 4 (all versions and SPs), Windows 2000 (all versions & SPs), Windows XP (all versions, also SP2 and SP3), Windows Server 2003 (all SPs), Vindows Vista 32 and 64 bit, and some say it works on Server 2008 (32 & 64 bit)

DANGER WILL ROBINSON!
If used on users that have EFS encrypted files, and the system is XP or Vista, all encrypted files for that user will be UNREADABLE! and cannot be recovered unless you remember the old password again If you don't know if you have encrypted files or not, you most likely don't have them. (except maybe on corporate systems)

Please see the Frequently Asked Questions and the version history below before emailing questions to me. Thanks!

How to use?

Please read the walthrough and the FAQ before mailing me questions

If you have the CD, all drivers are included.
If you use the floppy, you need one or more of the driver floppies, too.

Overview

Get the machine to boot from CD (or floppy)
Floppy version need to swap floppy to load drivers.
Load drivers (usually automatic, but possible to run manual select)
Disk select, tell which disk contains the Windows system. Optionally you will have to load drivers.
PATH select, where on the disk is the system?
File select, which parts of registry to load, based on what you want to do.
Password reset or other registry edit.
Write back to disk (you will be asked)

DON'T PANIC!! - Most questions can usually be answered with the default answer which is given in [brackets]. Just press enter/return to accept the default answer.

The walkthrough and instructions is now on its own page!

What can go wrong?

Lots of things can go wrong, but most faults won't damage your system.

The most critical moment is when writing back the registry files to NTFS.

The most common problem is that the computer was not cleanly shut down, and my disk won't write correctly back. (it says: read only filesystem). If so, boot into Windows Safe Mode (F8 before windows logo appears) and shut down from the login window. You may have to do that twice in a row.

Also, see the FAQ for help with other common problems.

For linux-knowledged people, you may do things manually if the scripts fail, you have shells on tty1-tty4 (ALT F1 - ALT F4).

Bootdisk history

2008-08-02

Now uses NTFS-3g as NTFS filesystem driver.
This hopefully removes some problems regarding dirty and "bad flags" NTFS volumes.
You will be asked if you like to force your way and continue anyway if the disk has been uncleanly shut down.
There exists a small chance of problems with the very latest written files before the unclean shutdown if you select to force it.
Safest is still to boot into windows and shut down properly if that is possible with an unclean volume.
Path select now hopefully better at detecting default suggestion and to actually find it...
Newer kernel, and probably newer and better drivers.
No changes to the passord/registry edit program (chntpw) since last release.
Sorry, did not have the time to finish the floppy version yet.

2008-05-26

Newer kernel, and probably newer and better drivers.
Windows Dynamic Disks now supported, but maybe not all combinations of mirrors etc. It recognizes the partition layout at least.
Should now be possible to load extra drivers (drivers?.zip) from USB the same way as with floppy. Or maybe not. Did not test it that much.
Fixed a lot of bugs in the registry handling, did not affect password reset much, but did affect larger registry edits.
You still may experience hangs when the NTFS disk is mounted, it will hang after saying "NTFS version x.xx" or such. If there is disc activity, just wait, it may take a while.

2007-09-27

Patched up NTFS driver to get rid of hang on mount in many cases (after selecting disk). Got many problem reports on this. At the same time someone on the NTFS-for-linux mailinglist mentioned it, and Anton Altaparmakov made a patch very quick. Thank you Anton!
Nice if people experiencing the hang in 2007-09-23 can mail me and tell if the fix worked or not. Thanks!
NOTE: It may still take up to a minute or two to select the disk.
Floppy version had a script bug making it crash in the first menu. Fixed.
CCISS driver (HP/Compaq DLxxx etc) had different device paths. Hacked in support for it, may not be 100% still.

2007-09-23

Floppy version is back! (requires 3 floppies to get all drivers, but you can compose your own driver set so you only need 2)
Yes, VISTA is supported (even more)
Disk select now indicates which disks are removable, ie are USB keys for instance.
Check for "read-only" NTFS mount, you get instructions on what to do if there are problems with the disk so changes won't be saved.
Missed out on some IDE/ATA and SATA drivers last time, better now.. I hope.
User can be added to the administraror group, making them administrators.
Stupid typo in readme.txt on CD fixed, on how to make USB bootable.

2007-04-09

Now with Vista support!
Newer drivers, better probe/loader. Should be able to auto-load all relevant drivers for PCI based disk hardware.
Better manual selection of drivers (if you need to load ISA drivers for example)
CD only release at this time. If anyone need me to continue floppy releases, please mail me.
USB drive can be made out of the files on the CD, see readme.txt on the CD.

2005-03-03

New CD release (sorry, when yet again rewiring the driver stuff, I did not have time to make floppy stuff work)
Contains disk driver updates (SATA maybe more working now)?
New driver auto-probe and load. Better now?
NTFS updates, writes should be more safe, I hope, working more often.
No changes to the password routines themselves.

2005-03-03

Driver update only, with a few fixes to the autoprobe, too.
Some popular drivers like aacraid, megaraid and some SATA-drivers were problematic or missing, now hopefully here.
Note that most SATA-drivers also need the libata.ko.gz file, autprobe loads it if needed.
The driver archive are too big to include all drivers on a floppy so remove some you're sure you don't need. Remember to always keep pcitable.gz and moddep.gz if you want autoprobe to work.
The CD of course includes all drivers.
The manual try-all-drivers load is buggy, and won't try to load all drivers, it will stop after each that has not been tried before. But specifying a single driver directly still works.
No changes to password edit routines

(earlier history removed)
9705xx

First public release.

Download

Note: Some links may be offsite.

CD release, see below on how to use

cd080802.zip (~3MB) - Bootable CD image. (md5sum: 33ecd38263f935b82e7b2e3e9f5de563)
cd080526.zip (~3MB) - Previous release, Bootable CD image. (md5sum: 1c6f5af7c682b7ee5d01935bc11f37f6)

Bootable USB drive may be made from the files on the CD. See readme.txt on the CD.

Floppy release, see below on how to use them

bd080526.zip (~1.4M) - Bootdisk image (md5sum: 37889e4c540504e59132bdcdfe7f9bb7)
drivers1-080526.zip (~310K) - Disk drivers (mostly PATA/SATA) (md5sum: 72ac1731c6ba735d0ac2746a30dbc3ee)
drivers2-080526.zip (~1.2M) - Disk drivers (mostly SCSI) (md5sum: 30172bec657c85a5f1a0b43601452fb7)

Previous versions may sometimes be found here (also my site)
NOTE: Versions before 0704xx will corrupt the disk on VISTA!

NOTE THAT THE BOOTDISK CONTAINS CRYPTHOGRAPHIC CODE, and that it may be ILLEGAL to RE-EXPORT it from your country.

How to make the CD

Unzipped, there should be an ISO image file (cd??????.iso). This can be burned to CD using whatever burner program you like, most support writing ISO-images. Often double-clikcing on it in explorer will pop up the program offering to write the image to CD. Once written the CD should only contain some files like "initrd.gz", "vmlinuz" and some others. If it contains the image file "cd??????.iso" you didn't burn the image but instead added the file to a CD. I cannot help with this, please consult you CD-software manual or friends.

The CD will boot with most BIOSes, see your manual on how to set it to boot from CD. Some will auto-boot when a CD is in the drive, some others will show a boot-menu when you press ESC or F10/F12 when it probes the disks, some may need to have the boot order adjusted in setup.

How to make the floppy

The unzipped image (bdxxxxxx.bin) is a block-to-block representation of the actual floppy, and the file cannot simply be copied to the floppy. Special tools must be used to write it block by block.

Unzip the bd zip file to a folder of your choice.
There should be 3 files: bdxxxxxx.bin (the floppy image) and rawrite2.exe (the image writing program), and install.bat which uses rawrite2 to write the .bin file to floppy.
Insert a floppy in drive A: NOTE: It will lose all previous data!
Run (doubleclick) install.bat and follow the on-screen instructions.
Thanks to Christopher Geoghegan for the install.bat file (some of it ripped from memtest86 however)

Or from unix:

dd if=bd??????.bin of=/dev/fd0 bs=18k

How to make and use the drivers floppy

Simply copy the zip file onto an empty floppy.
You MUST NOT UNZIP THE ZIP FILE!
Depending on your hardware you may only need one of the driver sets or the other, or maybe both.
To use, insert one of the driver floppies when asked for it after booting, the zip file will be unzipped to memory.
If no drivers matched (no harddisk found), you can select 'f' from the main menu to load the other driver set.
Then select 'd' to auto-start the new drivers (if it matches your hardware)
Sometimes it fails detecting the floppy change and you get an error, just select 'f' again, it works the second time.
For more advanced users that uses this often, it is possible to unzip just the drivers you need and zip them up into a new zip archive. The zip file name must start with "drivers", the rest is ignored. (it unzips drivers*.zip)

Other places to go for password and disk recovery

Grenier's old DOS port + other recovery items
How to fix it if you lost your admin password for your ActiveDirectory. Thanks to John Simpson.
Other ways to recover lost password etc at MCSE World

Bootdisk credits and license

Most of the stuff on the bootdisk is either GPL, BSD or similar license, you can basically do whatever you want with all of it, the sourcecode and licenses can be found at their sites, I did not change/patch anything.

The "chntpw" program (password changer, registry editor) is licensed under GNU GPL v2. COPYING.txt

Stuff I used, big thanks:

Linux kernel
NTFS-3g
NTFS for linux project
BusyBox - Lots of commands in one binary :)
uClibc - A reduced size / embedded libc.
OpenSSL Project - Crypto library
Some bootdisk ideas and layout from floppyfw thanks to ThomasEZ for that (and his great firewall..)

080802, pnordahl@eunet.no