Reset Windows Password

 
 
  • Gérald Barré

Sometimes you get a computer without the user password or the administrator password. For example, when you get a colleague's former computer. Without a proper username and password, you cannot log in. Instead of reinstalling Windows, you can just add a new user or reset the administrator password.

The idea is to be able to run a command prompt as an administrator. You can do better and run it as System. The easiest way is to run Windows in recovery mode (before Windows runs), so you get a command prompt and you can change everything in the system. In this case, you'll replace the accessibility tool (utilman.exe) with a command prompt. Why? Because you can run this tool from the login screen by pressing 5 times the key shift, and the user that runs the tool is System. Another way is to replace replace EaseOfAccessDialog.exe. This one is more convenient as you can just press the accessibility button 😃

First, you need to restart the computer in recovery mode. One way is to start on the Windows10 setup (usb key or dvd-rom). Another way is to stop the machine during the boot (maybe twice). At the next boot, Windows will automatically start the recovery mode.

  1. Select you language

  2. Click "Repair your computer"

  3. Click "Troubleshoot"

  4. Click "Command Prompt"

  5. Run the following commands to backup Utilman.exe and replace it with cmd.exe

    Shell
    REM change disk
    c:
    
    REM Backup Utilman.exe (should be restored later)
    xcopy \Windows\System32\Utilman.exe \
    
    REM Replace Utilman.exe by cmd.exe
    xcopy \Windows\System32\cmd.exe \Windows\System32\Utilman.exe /y
    
    REM Reboot
    wpeutil reboot

  6. Click the Ease of access button. Instead of starting the actual exe, it runs cmd.exe. You can run the following commands:

    Shell
    REM check the current user. Should be `NT Authority\System`
    whoami
    
    REM list users
    net user
    
    REM Set the administrator password to "toto"
    net user Administrator toto
    
    REM Enable the administrator account
    net user Administrator /active:yes

  7. You can now log in using the username Administrator and the password toto.

  8. Finally, you should restore Utilman.exe. Redo steps 1 to 4. Then, execute the following commands:

    Shell
    REM change disk
    c:
    
    REM Restore Utilman.exe
    xcopy \Utilman.exe \Windows\System32\Utilman.exe /y
    
    REM Reboot
    wpeutil reboot

You can now log in as an administrator using the password toto.

#Security

  1. If you care about security and you don't want this technique to work on your computer, you should harden your computer. The main step is to encrypt the disk using BitLocker or similar.

  2. I use the verb "reset" and not "change". These 2 mechanisms are different. When you change a password, you need to provide the current password. This allows decrypting and re-encrypting the sensible information stored by the user such as the passwords stored in the credential manager. When you reset a password, the sensitive information is not decryptable.

#Comparison with other solutions

Hiren's BootCD or its competitors are good alternatives. However, I prefer the above method for 2 reasons:

  • You don't need to create a bootable USB key with another computer. Indeed, the current computer is locked 😉
  • It uses the Windows built-in user/password manager. This means you are sure the password is set the right way for the current version of Windows.

Do you have a question or a suggestion about this post? Contact me!

Follow me:
Enjoy this blog?Buy Me A Coffee💖 Sponsor on GitHub