Linux下去除windows密码

今天遇到一件囧事，长时间不进Windows环境结果把自己设置的密码给忘记了，于是便发了一条微博。热心朋友一大堆，给我推荐各种各样的方法，自己也到网上搜了一搜，原来在Linux下去除Windows的密码是那么简单。方法步骤如下：

一、安装工具chntpw

这个工具应该在各大发行版的官源里都存在（Linux对Windows的安全环境考虑真是没得说。==！）。直接用你的发行版里最常用的安装方式安装即可。

比如Archlinux– sudo pacman -S chntpw

二、使用工具

挂载windows系统分区盘，进入到 windows/system32/config中，就地打开终端，运行如下命令：

sudo chntpw SAM

会得到如下提示：

chntpw version 0.99.6 110511 , (c) Petter N Hagen
Hive name (from header): 
ROOT KEY at offset: 0×001020 * Subkey indexing type is: 666c 
File size 262144 [40000] bytes, containing 5 pages (+ 1 headerpage)
Used for data: 233/17736 blocks/bytes, unused: 16/2584 blocks/bytes.
* SAM policy limits:
Failed logins before lockout is: 0
Minimum password length : 0
Password history count : 0
| RID -|———- Username ————| Admin? |- Lock? –|
| 01f4 | Administrator | ADMIN | *BLANK* |
| 01f5 | Guest | | dis/lock |

———————> SYSKEY CHECK <———————–
SYSTEM SecureBoot : -1 -> Not Set (not installed, good!)
SAM AccountF : 0 -> off
SECURITY PolSecretEncryptionKey: -1 -> Not Set (OK if this is NT4)
Syskey not installed!

RID : 0500 [01f4]
Username: Administrator
fullname:
comment : ���:(�)��n7
homedir :

User is member of 1 groups:
00000220 = Administrators (which has 1 members)

Account bits: 0×0210 =
[ ] Disabled | [ ] Homedir req. | [ ] Passwd not req. |
[ ] Temp. duplicate | [X] Normal account | [ ] NMS account |
[ ] Domain trust ac | [ ] Wks trust act. | [ ] Srv trust act |
[X] Pwd don’t expir | [ ] Auto lockout | [ ] (unknown 0×08) |
[ ] (unknown 0×10) | [ ] (unknown 0×20) | [ ] (unknown 0×40) |

Failed login count: 0, while max tries is: 0
Total login count: 81
** No NT MD4 hash found. This user probably has a BLANK password!
** No LANMAN hash found either. Sorry, cannot change. Try login with no password!

- – - – User Edit Menu:
1 – Clear (blank) user password
2 – Edit (set new) user password (careful with this on XP or Vista)
3 – Promote user (make user an administrator)
(4 – Unlock and enable user account) [seems unlocked already]
q – Quit editing user, back to user select
Select: [q] >

很显然，选1清除密码;选2重设密码;选3不知不觉提升用户权限，哈哈;选4启用或者关闭某个用户。我果然选1，重启进入Windows一路无阻！

 原文发布时间为：2013-05-29

本文来自云栖社区合作伙伴“Linux中国”