Join Us!

How to know if ther...
Clear all

How to know if there is User Password in Windows  

New Member

Hello, I was wondering if there is a way to discover if a PC with Windows has the User password or not.
Obviously I mean searching this information through an image file of the hard drive of the PC.

Posted : 20/02/2020 2:18 pm
Community Legend

At least for local accounts you need to check the SAM and other Registry files

If you are looking for an automated tool


Posted : 20/02/2020 2:36 pm
Active Member

If you are looking for an automated tool

I haven't played with Mark's tool but it hasn't been updated in 4 years, so won't deal with the new location for the NTLM hash.

Microsoft moved the location in Win10 anniversary update (wrote about it here), so tools that haven't been updated will erroneously report that a password is blank.
You can pull the hashes with some tools, and I think it's reasonable to say that if there's a hash that isn't blank then a password is currently set. Caveats here are I don't know what happens if someone has a password and then removes it, or has a standard account and then changes it to a Microsoft online account (edge cases so havent tested).

The guaranteed way to check the password settings is to boot a VM/restored copy of the drive. GetData Forensic Explorer, VFC, and Arsenal Image Mounter (current tool of choice) have the capability of booting a VM. That will tell you pretty quickly that there's a password set or not.

Do not rely on the output of a registry parser that says password not required

Posted : 22/02/2020 12:58 pm
New Member

Thank you for your infor.

Posted : 09/03/2020 8:44 am