Secure boot and UEFI BIOS is something that has been introduced with windows 8 and 8.1.
Secure boot stops you from accessing the hard drive when booting to CD or USB and therefore stops you using traditional tools to reset your windows password.
To bypass this you need to remove your hard drive and connect it to another computer. I use a USB dock to do this, using a USB docking station allows you direct access to hard drives and gives you plug and play functionality.
You will need a computer with Linux installed, preferably Kali Linux as this comes the the packages pre installed. If you are using a different distro(if you are not sure what a distro is have a look at our Introduction to Linux)
I have used a Virtual Machine and attached the hard drive to it and then booted to Kali Linux.
Once you have booted up the Linux VM you will need to open a terminal.
Then navigate to the Media folder by typing the command:
cd /Media
Then run the ls command to see what drives you have attached. Identify which drive has is your windows c: drive.
Change the working directory to the c:/windows/system32/config by running the command:
cd Windows/System32/config
Once in the directory you will need to make sure that the SAM database is in this folder. To do that run the command:
ls -l SAM*
Now you will need to view what users are in the SAM database you do that by running the command:
chntpw -l SAM
Now you want to reset the password for the Administrator user and also enable the user by running the command
chntpw -u Administrator SAM
Then select option 1 to clear the password
Run the command again
chntpw – Administrator SAM
and select option 4 to enable the account
Now install the hard drive in the original computer and boot to Windows. If you had secure boot on your computer you will need to make sure that it is still enabled in BIOS.
You should now be able to log in as the built in Administrator account, then you just need to reset the original user accounts password.
To do this open run a command prompt as administrator and type the command(make sure to replace <username> with your username:
net user <username> *
Now log out of the administrator user and log in as your user, using the password that you have just set.
Now run a command prompt as administrator and type the command:
net user administrator /active:no
Now your password has been reset.