What is the Security Accounts Manager (SAM)?

May 31st, 2013 by Admin Leave a reply »

The Security Accounts Manager (SAM) is a registry file in Windows NT and later versions until the most recent Windows 8. It stores users’ passwords in a hashed format (in LM hash and NTLM hash). Since a hash function is one-way, this provides some measure of security for the storage of the passwords.

The SAM registry file is located on your system at C:\WINDOWS\system32\config, but it is locked and cannot be moved or copied while Windows is running. The main function of the Security Accounts Manager is holding onto the passwords used to log into Windows accounts. When you try to log in to a user account, Windows will use a series of hash algorithms to calculate a hash for the password you just typed in. If the hash is equal to the password hash inside the SAM registry file, Windows will allow you to log in. Otherwise you’ll get the error message that user name or password is incorrect.

The SAM registry file is not accessible while the operating system is booted up, this is why most of Windows password cracking software comes as an bootable ISO image. You need to boot up with another operating system like DOS, Linux or Ubuntu. When you copied the SAM file to external media, you can crack the passwords stored in the SAM file with a program like LC5 or Ophcrack. But it usually takes a very long time to crack a password, especially if your password is long and complicated.

If you don’t want to go through the trouble of recovering the original password, then you can instantly remove / delete your forgotten Windows password using a boot CD like Reset Windows Password utility, which works with pretty much every edition of Windows out there, including XP, Vista, 7, and Windows 8. To use it, boot your PC using the program on a CD or on a USB thumb drive. Just follow the simple instructions on the screen to reset Windows admin/user password, and then reboot and log in.