Traveling this summer?Check out our on-demand webinar to learn about the importance of Wi-Fi security and 3 easy measures you can start taking immediately to protect your private data while using public Wi-Fi. Follow us today to learn more!
I frequently see questions pop up at Experts Exchange from folks that have forgotten their Windows 10 user password and who didn't bother to create a Win10 Password Reset Disk, don't have a secondary Administrator profile to log in with, or who use a Microsoft Connected Live account, without recovery options to be able to reset their password online.
Links are often suggested to askers, recommending various third-party boot CD's or Images, some free, some paid, that may have worked great for Windows 7 and earlier installations, but can sometimes fail to reliably reset a Windows 10 password. The good news is that you don't need any third party tools. All you need is a Windows 10 Installation DVD or a Windows 10 ISO file which will work every time.
By reading this article, you will learn some DOS (Disk Operating System) commands and what they do, as well as be able to get free additional help at Experts Exchange.
Note: Though not tested at the time of writing, the Utilman related tricks described in this tutorial should also apply to previous versions of Microsoft Windows, including Windows XP / Vista / 8.1 / Windows 7 and Servers.
Let's dive in...
1 - Steps for Physical Machine Installs
- Change your BOOT Device in BIOS to Boot from DVD or USB First
You're going to have to boot your computer with a Windows 10 Installation DVD or with a USB device that a Windows 10 Installation ISO has been extracted to and made bootable. So restart and enter BIOS settings on your computer. How to do this can differ depending on your mainboard manufacturer or the brand name of your computer, but most commonly, getting into BIOS simply means tapping the Delete key on your keyboard when booting up.
Often there will be a message on your monitor during boot telling you which key you need to press to get into BIOS Settings. If pressing the Delete key doesn't work for you, check which keys you need to press for your particular computer or mainboard with the manufacturer's website, or use the ask a question feature at Experts Exchange to ask for help.
If you're using a physical computer, skip down to "Create a Secondary (Local) Administrator User" now.
1 - Steps for Oracle VM VirtualBox Installs
For those of you using a Virtual Machine in VirtualBox, change your boot device to Boot from a saved Windows 10 Installation ISO. On the Oracle VM VirtualBox Machine, click "Devices" > "Optical Drives" > "Choose Disk Image" and select the saved Windows 10 installation ISO. If you don't (or no longer) have one, you can download the ISO file straight from Microsoft using this link.
See screenshot below.
The remaining steps are the same for both Physical and Virtual Machine installs.
Create a Secondary (Local) Administrator User
If you don't already have a second Administrator enabled user account on Windows 10 to help you out, just create one on the fly. Once you've booted with your Windows 10 installation DVD (or ISO in the case of VirtualBox) the process is quite simple and you can then make use of the Windows GUI (Graphical User Interface) to change the password.
When you boot with a Windows 10 DVD, USB stick or ISO on Oracle VM VirtualBox, you'll get a message on screen for a few seconds telling you to "Press any key to boot from..."
1. Follow that instruction and just hit any key on your keyboard. You should end up with the following screen.
At this point, we want to bring up a command prompt to issue some DOS commands to Windows.
2. Press Shift+F10 on your keyboard to open a DOS command prompt window. The Window that pops up will show a drive letter of X:\ That's a temporary drive letter that Windows has assigned to boot media you've used.
3. Enter the following commands exactly as shown to perform actions on your Microsoft Windows installation, which will usually be on drive letter D: - and pressing your Enter Key after each line.
Note: If the following commands fail for you, then type "Dir E:", "Dir F:" etc until you find which drive letter your system drive has been assigned, then just replace D: with the drive letter for your system.
Move D:\Windows\System32\utilman.exe D:\Windows\System32\utilman.bak
Copy D:\Windows\System32\cmd.exe D:\Windows\System32\utilman.exe
What's are those commands doing?
4. When Windows restarts, don't boot with your Windows Installation DVD, USB Stick or ISO this time. We're done with that, so just allow Windows to boot up normally.
5. Now that Windows has restarted, we can use the fake "utilman.exe" command we copied above, to bring up a command prompt at the login screen by clicking the "Ease of Access" option on the Windows 10 login screen.
Doing so will now bring up a DOS command box.
6. Enter the following commands in the DOS command box.
net user Temporary /add
net localgroup administrators Temporary /add
You will now have a new Administrator enabled account to log into Windows with, named "Temporary" and with no login password set. We could have set a password at this point if we wanted to, but we'll do that in Windows GUI instead so that we can record a helpful password hint as well.
Sidenote: We could have just enabled the Windows 10 built-in Administrator account in the above steps, but I personally don't recommend it for a variety of reasons I won't go into here.
7. Log into Windows 10 with the new "Temporary" account just created. It's insecure at this point, so the first thing I recommend you do is to give it a good strong password, even if you don't intend to keep it for the long term.
Use Windows GUI to change the password of your regular account
Note: If the account you are trying to change the password to is an Online Microsoft Connected Account, skip down to "What if my Account is a Microsoft Connected Account?" now. Otherwise, continue on to reset a Local User Account.
8. Now that you've logged back into Windows 10 with an Administrator enabled account, you can change the password on your main local account. As with most things in Windows, there's more than one way of doing this, but here's one simple way.
9. On the next window, click on the problem account that you've forgotten the password to. In the example below, we'll assume it's John Jacob's account.
10. On the next Window, click the "Change the password" hyperlink.
11. Now type and confirm a new password for the John Jacob account, put in a password hint if desired and click the "Change password" button.
Be sure restore your c:\windows\system32\utilman.exe file or you will no longer be able to configure any of Windows Accessibility options like Magnifier, High Contrast Theme, Narrator and On-Screen Keyboard, the latter which can often be useful before logging onto the system.
Worse, leaving a fake utilman.exe command would also leave a gaping security hole in your system, because it could also provide administrator access to hackers.
There are different ways to achieve this, but I think one of the simplest methods is to use WinPE (Windows Preinstallation Environment) Complete the following steps to restore Windows Accessibility functionality and reverse cmd.exe functionality;
You're Done! Select the previously forgotten password account to login with and use the newly set password to log in. If you haven't done so already, (you should have) then don't forget to give the "Temporary" user profile a strong password if you intend to keep it.
What if my Account is a Microsoft Connected Account?
Resetting a Microsoft Connected account is easy, providing you set up your account recovery options, such as security questions, a mobile telephone number where you can get an SMS, and a recovery email address. If you did, good job!
Just open a browser and go to this "Why can't you sign in?" Microsoft password reset page. Select "I forgot my password" and follow the prompts to reset your password.
Didn't configure your Microsoft Account recovery options?
No problem, we'll still get you into your account. This won't solve your account connectivity problems with Microsoft, however, it will get you back into your normal user profile. Read on to learn how...*
A) First things first, if you haven't done so already, complete Steps 1 through 7 under the "Create a Secondary (Local) Administrator User" heading above, then skip back to here once you have created a "Temporary" local administrator user account.
B) If you've followed all instructions correctly, you should now be in Windows 10 using the "Temporary" user account we created, and have set a password on that account. If not, go back to Step 1 above and find out which step you may have skipped.
Here's where things get a little complex and tedious, so pay very careful attention to the following instructions.
Completing the following steps "will" restore your access to your Microsoft Connected Account in Windows 10, as we will be changing it to be a Local Account.
Be careful not to skip any steps - everything should be as shown below - if it's not, then it's likely that you may have missed a step.
C) Restart Windows and let it boot to your normal Login Screen.
Note: If Windows just restarts normally, you probably forgot to hold down your Shift Key before you clicked Restart
Tip! - Click any image below to enlarge in a new browser tab
Windows will Restart again and present you with the following screen...
Click the "Look in:" drop arrow and select your system drive. Local Disk (D:) in the example below.
Drill into the loaded SAM-TEMP hive to the following path;
Now close Registry Editor and we are back at the still open CMD DOS box. Restart Windows with the following command.
On the Home Stretch
In the DOS Command Window, type the following command;
Change "andre" above to YOUR profile name
The above command sets the previously locked account's password to: newpass
Next, we need to add the user account to the "local" administrator group. Enter the following command in the DOS Command Box to add the profile to the local administrators group
Again, replace "andre" with YOUR user profile name in the above command
Type exit and hit enter to close the command box and login to your previously locked out account with a password of "newpass"
Now that you're back in Windows 10 with your familiar user account, it's time to do a little cleaning up. I strongly recommend you perform the following steps.
Windows restarts and you're done! Now get cracking in contacting Microsoft Support to try and regain access to your online account again.
Everything in this tutorial was tested and working at the time of writing with a Windows 10 Professional installation and a Microsoft Connected user account. Each step was documented as I went through the process myself, so I can say with total confidence that it works well.
Finally, this entire process was focused on getting you back into your Microsoft Connected profile account in Windows 10 in a scenario where you can't reset your Microsoft account password online for some reason. How to now go about recovering your Microsoft account is another story. Despite some fake promises you may find on the web, only Microsoft Support will be able to help you in this regard.
If you need additional support on this topic, please use the Ask a Question feature of Experts Exchange.
Finally, if you found this article helpful, please do endorse it by clicking the Thumbs Up button below.
Doing so helps me out and provides me with positive feedback.
*Full Credit for the Regedit related process goes to "colinardo" for making this solution available to the world at this web page on the 15th January 2018.
Till the next time...
Author: Andrew Leniart