Hex Edit Windows 7 SAM file to enable Administrator Account

It could happen that your were connected to a Windows Domain and that you've decided to leave this domain.
What about if all local users are disabled?

You cannot join anew a Windows Domain as you don't own any local user able to connect in order to join the domain.
You can still start your computer and see the login screen but you will definitely stay a click away from your desktop...

Hopefully, there is a bunch of tools allowing you to enable anew the Administrator account and even reset the password :
link1
link2
link3
...
(Simply search "offline windows password change" on Google)

But in my case, editing the SAM file on another computer simply didn't work and I didn't want to burn a CD or corrupt my multiboot usbkey.

So I've booted on Lubuntu already installed on my usbkey and decided to hex edit the file.

Later on, I've found a linux tool called chntpw that could be installed on my live lubuntu distro and could do the trick, but I went another way :
  1. apt-get install hexedit
  2. Open SAM file (containing local user accounts)
    1. hexedit /media/os/Windows/System32/config/SAM
  3. Find signature "00001F4"
    1. CTRL+S : 3030303030314634
  4. Find signature "2.9.8"
    1. CTRL+S :  3200390038
  5. Being on the char "2" position, calculate 18 hex position on the left (i.e. press 36 times the left arrow key)
  6. The hex char should be 11, replace it by 10
  7. Save by pressing F2
  8. Reboot on Windows
  9. Enjoy your local administrator account enabled with a blank password*
* If the administartor password wasn't changed by a user or a GPO

#1 #2

Comments

bloemkooltje said…
thx for the info!
but i have a question,
what/which line do i have to change if i want to ''downgrade'' a user ( from admin to normal ) because i used a linux cd to give me admin rights and that worked but now i cannot change it back.
Nicolas Jolet said…
Hi bloemkooltje,

The trick I've posted here only allow you to unlock the local Administrator account. It could maybe be used to lock the account if you change 10 to 11 (I didn't try it)
If you want to 'downgrade' a user, simply connect to Windows with the unlocked Administrator account, and change the rights of the user in the User Management Console...
Unknown said…
I could not do it with chntpw and Linux. Your method worked like a breeze and I really appreciate you sharing it.

Popular posts from this blog

Resolve "Cannot download packages whilst offline" issue in Deja-Dup backup software

ubuntu 20.04 / netplan / change mac address and static ip

wireshark ssh remote connect on linux server