Sometimes you get a computer without the user password or the administrator password. For example, when you get a colleague's former computer. Without a proper username and passord, you cannot log in. Instead of reinstalling Windows, you can just add a new user or reset the administrator password.
The idea is to be able to run a command prompt as administrator. In fact, you can do better and run it as System. The easiest way is to run Windows in recovery mode (before Windows actually run), so you get a command prompt and you can change everything in the system. In this case, you'll replace the accessibility tool (
utilman.exe) by a command prompt. Why? Because you can run this tool from the log in screen by pressing 5 times the key shift, and the user that runs the tool is
System. Another way is to replace replace
EaseOfAccessDialog.exe. This one is more convenient as you can just press the accessibility button 😃
First, you need to restart the computer in recovery mode. One way is to start on the Windows10 setup (usb key or dvd-rom). Another way is to stop the machine during the boot (maybe twice). At the next boot, Windows will automatically start the recovery mode.
- Select you language
- Click "Repair your computer"
- Click "Troubleshoot"
- Click "Command Prompt"
- Run the following commands to backup
Utilman.exe and replace it by
REM change disk
REM Backup Utilman.exe (should be restored later)
xcopy \Windows\System32\Utilman.exe \
REM Replace Utilman.exe by cmd.exe
xcopy \Windows\System32\cmd.exe \Windows\System32\Utilman.exe /y
- Click the
Ease of access button. Instead of starting the actual exe, it run
cmd.exe. You can run the following commands:
REM check the current user. Should be `NT Authority\System`
REM list users
REM Set the administrator password to "toto"
net user Administrator toto
REM Enable the administrator account
net user Administrator /active:yes
- You can now log in using the username
Administrator and the password
- Finally, you should restore
Utilman.exe. Redo step 1 to 4. Then, execute the following commands:
REM change disk
REM Restore Utilman.exe
xcopy \Utilman.exe \Windows\System32\Utilman.exe /y
You can now log in as administrator using
toto as password.
If you care about security and you don't want this technique to work on your computer, you should harden your computer. The main step is to encrypt the disk using BitLocker or similar.
I use the verb "reset" and not "change". These 2 mecanisms are differents. When you change a password, you need to provide the current password. This allow to decrypt and re-encrypt the sensible information stored by the user such as the passwords stored in the creadential manager. When you reset a password, the sensible information are not decryptable.
Do you have a question or a suggestion about this post? Contact me on Twitter or by email!