Windows OS Hub / Windows 10 / How to Reset a Local Administrator Password on Windows

July 5, 2023 Questions and AnswersWindows 10Windows 11Windows Server 2019

How to Reset a Local Administrator Password on Windows

It can happen that you have forgotten your Windows login password and can no longer log on to your computer. This article shows you how to reset a forgotten password for the local administrator account using a Windows installation media (USB flash, DVD, or ISO image). This password reset guide covers both Windows 10/11 and Windows Server 2022/2019/2016.

You will need any Windows 10 or 11 installation media to reset the local administrator password. The easiest way is to create a bootable Windows USB flash drive using the Media Creation Tool or use the Rufus tool to write the downloaded Windows ISO image to a USB flash drive

  1. When you start the computer, enter the BIOS/UEFI settings, and select your USB flash drive as the primary boot device. To do this, press F1 , F2 or Del (depending on your hardware vendor), find the Boot Order/Boot Device Priority item (menu item names depend on the manufacturer and BIOS/UEFI firmware version), then set your Removable USB flash drive as the primary boot device;Boot computer from Removable USB flash
  2. When the computer starts, the message ‘Press any key to boot from CD/DVD/USB‘ should appear;
  3. The next thing you will see is the Windows Setup wizard. Use the key combination Shift+F10 to open the command prompt;
  4. The next thing you need to do is to find out the drive letter assigned to the partition where Windows is installed. Run the command:
    wmic logicaldisk get volumename,name
  5. You can see that in my example, Windows is on the C: drive. This is the letter we will use in the following commands;
    Shift+F10 - run command prompt on Windows Setup screen
    If your system partition is encrypted with Bitlocker and you have the password to decrypt it, you must first unlock the BitLocker-encrypted drive with the command: manage-bde -unlock C: -pw. Once you’ve done this, you can reset the administrator password.
    You can also identify partitions and their assigned drive letters in the WinPE environment using the diskpart command. For that, run the following commands one after the other: diskpart -> list disk (to display a list of hard disks available) -> list vol (list partitions and their assigned drive letters). In this example, there is only one Disk 0 with a GPT partition table and three partitions: the EFI system partition (with the FAT32 file system, which contains the Windows EFI bootloader), the recovery partition (with the WinRE recovery environment), and the primary partition with the NTFS file system and size of 39GB (with the C drive letter assigned);
    get windows volume drive letter
  6. Run the following command to back up the original utilman.exe file:
    copy C:\windows\system32\utilman.exe C:\windows\system32\utilman.exebak
  7. Then replace the utilman.exe file with the cmd.exe file:
    copy c:\windows\system32\cmd.exe c:\windows\system32\utilman.exe /y
    replace utilman.exe with cmd.exe
  8. Eject the bootable flash drive/Windows Setup ISO and restart the computer:
    wpeutil reboot
  9. Boot normally to Windows which is installed on your computer. On the sign-in screen, click on the Easy of Access (Accessibility) icon;
    Ease of Access button on Windows Login screen
  10. A command prompt should appear. Make sure that the console is running under NT Authority\SYSTEM: whoami
    Open the command prompt under the Local System Account on Windows Login screen
  11. You can manage local Windows accounts from this command line.
    List the user accounts with administrator rights on the computer:
    net localgroup administrators
    There are two users in the Administrators group in this example. You can reset the password for any of these users to log on to Windows.
    net localgroup administrators : list local admins
    If the group is empty, this means that you need to assign administrator rights to one of the available local Windows users. List all local users:
    net user
    In order to add user1 to the local Administrators group, run the following command:
    net localgroup administrators user1 /add
    If you have no other users on the computer except the built-in Administrator account, you will need to reset the password for this account.
    If you use a Microsoft account on your computer, you can reset its password via https://account.live.com/password/reset. If you can’t recover your password in this way, you must enable your local Administrator account, reset its passwords, and sign in with it. You should then create a different local user with administrative privileges, or add a new user with a cloud-based Microsoft account.
  12. To reset the user’s password (in this example, the username is root), run the command:
    net user root *
    Set a new password and confirm it (the new password must match your local Group Policy password settings);
    net user: reset password
  13. Now you need to check if your account is enabled. Display the account information: net user root
    If the user is disabled (Account active: No ), enable it:
    net user root /active:yesnet user - enable account
  14. Restart your computer and boot it again from the removable USB flash drive/ISO image. Replace the utilman.exe with the original file to avoid leaving a security hole in Windows:
    copy c:\windows\system32\utilman.exebak c:\windows\system32\utilman.exe /y
    After that, remove the flash drive and once again reboot the computer;
  15. Now you can log on to Windows using the account that you reset the password for.
    In case you get an error ‘The Sign-in method you’re trying to use isn’t allowed’ when trying to sign in to Windows, it means that you have the corresponding group policy enabled on your computer. You can disable this policy option using the local GPO editor (gpedit.msc). You can also run this MMC snap-in from the command prompt on the Windows logon screen.
The example above shows how to reset the password by replacing the utilman.exe file. Note that the same trick can also be used by replacing the sethc.exe executable. If you have replaced sethc.exe with cmd.exe, just press the Shift key 5 times to open the command prompt on the Windows welcome screen (this triggers Sticky Keys mode and causes the sethc.exe executable to run).

After resetting a user’s password, you will still have access to all files in the user’s profile, programs and settings, saved passwords in Windows Credential Manager, and all other data available for the user (note that you may lose access to EFS-encrypted files).

Note that if your computer is added to an Active Directory domain, it may be affected by various settings through domain Group Policies (GPOs). To help keep computers secure, Domain Administrators can assign specific policy settings to computers. For example, disable all local user accounts, remove local users from the Administrators group, or automatically change the password of the built-in admin account (via Windows LAPS). In that case, if you need to reset the administrator password on such a computer, you must first reset the local policies and clear the GPO cache, and then disconnect the computer from the network. You can then log in to Windows as a local administrator with the new password.

In the same way, you can reset the password of the Active Directory domain administrator.
0 comment
0
Facebook Twitter Google + Pinterest

Related Reading

How to Connect VPN Before Windows Logon

November 14, 2023

Using WPAD (Web Proxy Auto-Discovery Protocol) on Windows

November 7, 2023

Zabbix: How to Get Data from PowerShell Scripts

October 27, 2023

Tracking Printer Usage with Windows Event Viewer Logs

October 19, 2023

How to Use Ansible to Manage Windows Machines

September 25, 2023

Leave a Comment