<<< NTFS Encrypting File System (EFS) | Index | CHNTPW Boot Example >>> |
Bootdisk-borne utility known as chntpw is a Linux utility to reset the password of any user that has a valid local account on a Windows system
Thus, chntpw allows a user with physical access to a system to change any user's (including the administrator's) password.
chntpw modifies encrypted password in the registry's SAM file.
chntpw does not need the knowledge of the old password to reset it.
chntpw works after booting from a linux floppy or CD disk, etc.
The bootdisk includes built-in access to NTFS partitions
However,
The normal Windows "change password" process updates the EFS encryption keys,
the chntpw backdoor method does not.
After chntpw, the user can log into the newly acquired account; but if NTFS drive is using EFS, the encrypted files remain encrypted and no automatic conversion to plaintext takes place.
<<< NTFS Encrypting File System (EFS) | Index | CHNTPW Boot Example >>> |