Linux下去除windows密码

转自：http://linux.cn/thread/10723/1/1/

今天遇到一件囧事，长时间不进Windows环境结果把自己设置的密码给忘记了，于是便发了一条微博。热心朋友一大堆，给我推荐各种各样的方法，自己也到网上搜了一搜，原来在Linux下去除Windows的密码是那么简单。方法步骤如下：

一、安装工具chntpw

这个工具应该在各大发行版的官源里都存在（Linux对Windows的安全环境考虑真是没得说。==！）。直接用你的发行版里最常用的安装方式安装即可。

比如Archlinux– sudo pacman -S chntpw

二、使用工具

挂载windows系统分区盘，进入到 windows/system32/config中，就地打开终端，运行如下命令：

sudo chntpw SAM

会得到如下提示：

    chntpw version 0.99.6 110511 , (c) Petter N Hagen
    Hive <SAM> name (from header): <SystemRootSystem32ConfigSAM>
    ROOT KEY at offset: 0×001020 * Subkey indexing type is: 666c <lf>
    File size 262144 [40000] bytes, containing 5 pages (+ 1 headerpage)
    Used for data: 233/17736 blocks/bytes, unused: 16/2584 blocks/bytes.
    * SAM policy limits:
    Failed logins before lockout is: 0
    Minimum password length : 0
    Password history count : 0
    | RID -|———- Username ————| Admin? |- Lock? –|
    | 01f4 | Administrator | ADMIN | *BLANK* |
    | 01f5 | Guest | | dis/lock |

    ———————> SYSKEY CHECK <———————–
    SYSTEM SecureBoot : -1 -> Not Set (not installed, good!)
    SAM AccountF : 0 -> off
    SECURITY PolSecretEncryptionKey: -1 -> Not Set (OK if this is NT4)
    Syskey not installed!

    RID : 0500 [01f4]
    Username: Administrator
    fullname:
    comment : ���:(�)��n7
    homedir :

    User is member of 1 groups:
    00000220 = Administrators (which has 1 members)

    Account bits: 0×0210 =
    [ ] Disabled | [ ] Homedir req. | [ ] Passwd not req. |
    [ ] Temp. duplicate | [X] Normal account | [ ] NMS account |
    [ ] Domain trust ac | [ ] Wks trust act. | [ ] Srv trust act |
    [X] Pwd don’t expir | [ ] Auto lockout | [ ] (unknown 0×08) |
    [ ] (unknown 0×10) | [ ] (unknown 0×20) | [ ] (unknown 0×40) |

    Failed login count: 0, while max tries is: 0
    Total login count: 81
    ** No NT MD4 hash found. This user probably has a BLANK password!
    ** No LANMAN hash found either. Sorry, cannot change. Try login with no password!

    - – - – User Edit Menu:
    1 – Clear (blank) user password
    2 – Edit (set new) user password (careful with this on XP or Vista)
    3 – Promote user (make user an administrator)
    (4 – Unlock and enable user account) [seems unlocked already]
    q – Quit editing user, back to user select
    Select: [q] >

很显然，选1清除密码;选2重设密码;选3不知不觉提升用户权限，哈哈;选4启用或者关闭某个用户。我果然选1，重启进入Windows一路无阻！