Microsoft in their infinite wisdom has introduced "FastStartup", which essentially means the system always goes into a sort of hibernation. So when you "shut down" your computer, it's not actually shutting down, but creates a hibernation state file so when it starts back up, it resumes part of that hibernation.
The problem with this is that NTPasswd cannot work correctly when the system creates the hiberfil.sys:
AskUbuntu wrote:When you turn off Windows by hibernating it, you are essentially pausing the system and saving all of that information (into a big file called hiberfil.sys) This way when you resume from hibernation all of your applications and files will be exactly how you left them. It also sets a flag in hiberfil.sys to let other Operating Systems know that Windows is hibernated.
Making changes to your Windows (ntfs) partition while it is hibernated could be dangerous--it could cause Windows to not resume from hibernation or to crash after resuming. Because of this, the tool (ntfs-3g) that mounts (opens) the partition will not mount it in read-write mode if it sees a hibernation flag. As such, Nautilus, the default file browser, will not be able to automatically open this partition--hence the error message that you see--because it is trying to open it in read-write mode.
Source: http://askubuntu.com/questions/145902/u ... ibernation
Therefore NTPasswd in most circumstances will fail to force write changes to the SAM database due to FastStartup hibernating the system EVEN THOUGH you're telling it to "shut down". What you have to do is then boot into your Windows 10 computer, tell it to "restart" and then crash it during the restart process by holding your power button immediately after. If you try to crash it at the log on screen it'll just go into sleep.
Under normal circumstances we could disable "FastStartup" by editing the registry HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Power, Going to: HiberbootEnabled DWORD, and setting it to value 0. But since we CAN'T LOG INTO the computer in the first place, the restart & crash workaround is necessary.
***I work in I.T., so sometimes it's necessary when a client forgets a password or needs access to something to remove or reset passwords in Windows, has nothing to do with illegal practices but common sense and an aspect of my job***