Sometimes you get a computer without the user password or the administrator password. For example, when you get a colleague's former computer. Without a proper username and password, you cannot log in. Instead of reinstalling Windows, you can just add a new user or reset the administrator password.
The idea is to be able to run a command prompt as an administrator. You can do better and run it as System. The easiest way is to run Windows in recovery mode (before Windows runs), so you get a command prompt and you can change everything in the system. In this case, you'll replace the accessibility tool (
utilman.exe) with a command prompt. Why? Because you can run this tool from the login screen by pressing 5 times the key shift, and the user that runs the tool is
System. Another way is to replace replace
EaseOfAccessDialog.exe. This one is more convenient as you can just press the accessibility button 😃
First, you need to restart the computer in recovery mode. One way is to start on the Windows10 setup (usb key or dvd-rom). Another way is to stop the machine during the boot (maybe twice). At the next boot, Windows will automatically start the recovery mode.
Select you language
Click "Repair your computer"
Click "Command Prompt"
Run the following commands to backup
Utilman.exeand replace it with
REM change disk c: REM Backup Utilman.exe (should be restored later) xcopy \Windows\System32\Utilman.exe \ REM Replace Utilman.exe by cmd.exe xcopy \Windows\System32\cmd.exe \Windows\System32\Utilman.exe /y REM Reboot wpeutil reboot
Ease of accessbutton. Instead of starting the actual exe, it runs
cmd.exe. You can run the following commands:Shell
REM check the current user. Should be `NT Authority\System` whoami REM list users net user REM Set the administrator password to "toto" net user Administrator toto REM Enable the administrator account net user Administrator /active:yes
You can now log in using the username
Administratorand the password
Finally, you should restore
Utilman.exe. Redo steps 1 to 4. Then, execute the following commands:Shell
REM change disk c: REM Restore Utilman.exe xcopy \Utilman.exe \Windows\System32\Utilman.exe /y REM Reboot wpeutil reboot
You can now log in as an administrator using the password
If you care about security and you don't want this technique to work on your computer, you should harden your computer. The main step is to encrypt the disk using BitLocker or similar.
I use the verb "reset" and not "change". These 2 mechanisms are different. When you change a password, you need to provide the current password. This allows decrypting and re-encrypting the sensible information stored by the user such as the passwords stored in the credential manager. When you reset a password, the sensitive information is not decryptable.
#Comparison with other solutions
Hiren's BootCD or its competitors are good alternatives. However, I prefer the above method for 2 reasons:
- You don't need to create a bootable USB key with another computer. Indeed, the current computer is locked 😉
- It uses the Windows built-in user/password manager. This means you are sure the password is set the right way for the current version of Windows.
Do you have a question or a suggestion about this post? Contact me!