Reset Windows Password

Sometimes you get a computer without the user password or the administrator password. For example, when you get a colleague's former computer. Without a proper username and passord, you cannot log in. Instead of reinstalling Windows, you can just add a new user or reset the administrator password.

The idea is to be able to run a command prompt as administrator. In fact, you can do better and run it as System. The easiest way is to run Windows in recovery mode (before Windows actually run), so you get a command prompt and you can change everything in the system. In this case, you'll replace the accessibility tool (utilman.exe) by a command prompt. Why? Because you can run this tool from the log in screen by pressing 5 times the key shift, and the user that runs the tool is System. Another way is to replace replace EaseOfAccessDialog.exe. This one is more convenient as you can just press the accessibility button 😃

First, you need to restart the computer in recovery mode. One way is to start on the Windows10 setup (usb key or dvd-rom). Another way is to stop the machine during the boot (maybe twice). At the next boot, Windows will automatically start the recovery mode.

  1. Select you language

  1. Click "Repair your computer"

  1. Click "Troubleshoot"

  1. Click "Command Prompt"

  1. Run the following commands to backup Utilman.exe and replace it by cmd.exe
REM change disk
c:

REM Backup Utilman.exe (should be restored later)
xcopy \Windows\System32\Utilman.exe \

REM Replace Utilman.exe by cmd.exe
xcopy \Windows\System32\cmd.exe \Windows\System32\Utilman.exe /y

REM Reboot
wpeutil reboot

  1. Click the Ease of access button. Instead of starting the actual exe, it run cmd.exe. You can run the following commands:
REM check the current user. Should be `NT Authority\System`
whoami

REM list users
net user

REM Set the administrator password to "toto"
net user Administrator toto

REM Enable the administrator account
net user Administrator /active:yes

  1. You can now log in using the username Administrator and the password toto.
  2. Finally, you should restore Utilman.exe. Redo step 1 to 4. Then, execute the following commands:
REM change disk
c:

REM Restore Utilman.exe
xcopy \Utilman.exe \Windows\System32\Utilman.exe /y

REM Reboot
wpeutil reboot

You can now log in as administrator using toto as password.

Security

  1. If you care about security and you don't want this technique to work on your computer, you should harden your computer. The main step is to encrypt the disk using BitLocker or similar.

  2. I use the verb "reset" and not "change". These 2 mecanisms are differents. When you change a password, you need to provide the current password. This allow to decrypt and re-encrypt the sensible information stored by the user such as the passwords stored in the creadential manager. When you reset a password, the sensible information are not decryptable.