How to Reset a forgotten Windows 10 Password

Published on
7,550 Points
5 Endorsements
Last Modified:
Andrew Leniart
Helping others, to help themselves...
This tutorial shows a simple method of resetting a forgotten Windows 10 Password, on both a Physical and VM VirtualBox machine without the need for any third-party tools. Both Local and Microsoft Connected accounts are covered. Enjoy...


I frequently see questions pop up at Experts Exchange from folks that have forgotten their Windows 10 user password and who didn't bother to create a Win10 Password Reset Disk, don't have a secondary Administrator profile to log in with, or who use a Microsoft Connected Live account, without recovery options to be able to reset their password online.

Links are often suggested to askers, recommending various third-party boot CD's or Images, some free, some paid, that may have worked great for Windows 7 and earlier installations, but can sometimes fail to reliably reset a Windows 10 password. The good news is that you don't need any third party tools. All you need is a Windows 10 Installation DVD or a Windows 10 ISO file which will work every time. 

By reading this article, you will learn some DOS (Disk Operating System) commands and what they do, as well as be able to get free additional help at Experts Exchange.

Note: Though not tested at the time of writing, the Utilman related tricks described in this tutorial should also apply to previous versions of Microsoft Windows, including Windows XP / Vista / 8.1 /  Windows 7 and Servers.

Let's dive in...

1 - Steps for Physical Machine Installs 

- Change your BOOT Device in BIOS to Boot from DVD or USB First

You're going to have to boot your computer with a Windows 10 Installation DVD or with a USB device that a Windows 10 Installation ISO has been extracted to and made bootable. So restart and enter BIOS settings on your computer. How to do this can differ depending on your mainboard manufacturer or the brand name of your computer, but most commonly, getting into BIOS simply means tapping the Delete key on your keyboard when booting up. 

Often there will be a message on your monitor during boot telling you which key you need to press to get into BIOS Settings. If pressing the Delete key doesn't work for you, check which keys you need to press for your particular computer or mainboard with the manufacturer's website, or use the ask a question feature at Experts Exchange to ask for help.

If you're using a physical computer, skip down to "Create a Secondary (Local) Administrator User" now.

1 - Steps for Oracle VM VirtualBox Installs

For those of you using a Virtual Machine in VirtualBox, change your boot device to Boot from a saved Windows 10 Installation ISO. On the Oracle VM VirtualBox Machine, click "Devices" > "Optical Drives" > "Choose Disk Image" and select the saved Windows 10 installation ISO. If you don't (or no longer) have one, you can download the ISO file straight from Microsoft using this link

See screenshot below.

The remaining steps are the same for both Physical and Virtual Machine installs.

Create a Secondary (Local) Administrator User

If you don't already have a second Administrator enabled user account on Windows 10 to help you out, just create one on the fly. Once you've booted with your Windows 10 installation DVD (or ISO in the case of VirtualBox) the process is quite simple and you can then make use of the Windows GUI (Graphical User Interface) to change the password.

When you boot with a Windows 10 DVD, USB stick or ISO on Oracle VM VirtualBox, you'll get a message on screen for a few seconds telling you to "Press any key to boot from..." 

1.    Follow that instruction and just hit any key on your keyboard. You should end up with the following screen.

At this point, we want to bring up a command prompt to issue some DOS commands to Windows. 

2.    Press Shift+F10 on your keyboard to open a DOS command prompt window. The Window that pops up will show a drive letter of X:\ That's a temporary drive letter that Windows has assigned to boot media you've used. 

3.    Enter the following commands exactly as shown to perform actions on your Microsoft Windows installation, which will usually be on drive letter D: - and pressing your Enter Key after each line. 

Note: If the following commands fail for you, then type "Dir E:", "Dir F:" etc until you find which drive letter your system drive has been assigned, then just replace D: with the drive letter for your system.

Move D:\Windows\System32\utilman.exe D:\Windows\System32\utilman.bak

Copy D:\Windows\System32\cmd.exe D:\Windows\System32\utilman.exe

wpeutil reboot

What's are those commands doing?

  • The move command makes a copy of the "utilman.exe" command as "utilman.bak"
  • The Copy command copies the "cmd.exe" command as a fake "utilman.exe" command
  • The "wpeutil reboot" command tells Windows to reboot

4.     When Windows restarts, don't boot with your Windows Installation DVD, USB Stick or ISO this time. We're done with that, so just allow Windows to boot up normally.

5.    Now that Windows has restarted, we can use the fake "utilman.exe" command we copied above, to bring up a command prompt at the login screen by clicking the "Ease of Access" option on the Windows 10 login screen. 

Doing so will now bring up a DOS command box. 

6.    Enter the following commands in the DOS command box.

net user Temporary /add

net localgroup administrators Temporary /add


What's are those commands doing?

  • The first command is creating a new user profile called "Temporary"
  • The second command adds the new "Temporary" account to the local Administrators group
  • The last command simply "exits" (or closes) the DOS cmd Window

You will now have a new Administrator enabled account to log into Windows with, named "Temporary" and with no login password set. We could have set a password at this point if we wanted to, but we'll do that in Windows GUI instead so that we can record a helpful password hint as well.

Sidenote: We could have just enabled the Windows 10 built-in Administrator account in the above steps, but I personally don't recommend it for a variety of reasons I won't go into here.

7.    Log into Windows 10 with the new "Temporary" account just created. It's insecure at this point, so the first thing I recommend you do is to give it a good strong password, even if you don't intend to keep it for the long term. 

Use Windows GUI to change the password of your regular account

Note: If the account you are trying to change the password to is an Online Microsoft Connected Account, skip down to "What if my Account is a Microsoft Connected Account?" now. Otherwise, continue on to reset a Local User Account.

8.    Now that you've logged back into Windows 10 with an Administrator enabled account, you can change the password on your main local account. As with most things in Windows, there's more than one way of doing this, but here's one simple way.

  • Press the Windows Key, Type Control Panel and hit your Enter Key
  • Click "Change account type" under the User Accounts Category.

9.    On the next window, click on the problem account that you've forgotten the password to. In the example below, we'll assume it's John Jacob's account.

10.    On the next Window, click the "Change the password" hyperlink.

11.    Now type and confirm a new password for the John Jacob account, put in a password hint if desired and click the "Change password" button.  

Cleaning Up

Be sure restore your c:\windows\system32\utilman.exe file or you will no longer be able to configure any of Windows Accessibility options like Magnifier, High Contrast Theme, Narrator and On-Screen Keyboard, the latter which can often be useful before logging onto the system.

Worse, leaving a fake utilman.exe command would also leave a gaping security hole in your system, because it could also provide administrator access to hackers.

There are different ways to achieve this, but I think one of the simplest methods is to use WinPE (Windows Preinstallation Environment) Complete the following steps to restore Windows Accessibility functionality and reverse cmd.exe functionality;

  • Restart Windows by holding down your Shift Key and clicking Restart to boot back into WinPE
  • Just as we did earlier, click Troubleshoot > Advanced Options > Command Prompt
  • Windows reboots into the WinPE Command Prompt screen - Select your account and enter your password
  • Type the following commands into the command window, followed by your Enter key
  • move D:\Windows\System32\utilman.bak D:\Windows\System32\utilman.exe (answer Y to overwrite if prompted)
  • wpeutil reboot

You're Done! Select the previously forgotten password account to login with and use the newly set password to log in. If you haven't done so already, (you should have) then don't forget to give the "Temporary" user profile a strong password if you intend to keep it.

What if my Account is a Microsoft Connected Account?

Resetting a Microsoft Connected account is easy, providing you set up your account recovery options, such as security questions, a mobile telephone number where you can get an SMS, and a recovery email address. If you did, good job! 

Just open a browser and go to this "Why can't you sign in?" Microsoft password reset page. Select "I forgot my password" and follow the prompts to reset your password.

Didn't configure your Microsoft Account recovery options? 

No problem, we'll still get you into your account. This won't solve your account connectivity problems with Microsoft, however, it will get you back into your normal user profile. Read on to learn how...*

A)    First things first, if you haven't done so already, complete  Steps 1 through 7  under the "Create a Secondary (Local) Administrator User" heading above, then skip back to here once you have created a "Temporary" local administrator user account.

B)    If you've followed all instructions correctly, you should now be in Windows 10 using the "Temporary" user account we created, and have set a password on that account. If not, go back to Step 1 above and find out which step you may have skipped.

Here's where things get a little complex and tedious, so pay very careful attention to the following instructions. 

Completing the following steps "will" restore your access to your Microsoft Connected Account in Windows 10, as we will be changing it to be a Local Account. 

Be careful not to skip any steps - everything should be as shown below - if it's not, then it's likely that you may have missed a step.

C)    Restart Windows and let it boot to your normal Login Screen.

  • Hold down your [Shift] Key, then click Power > Restart as shown below

Note: If Windows just restarts normally, you probably forgot to hold down your Shift Key before you clicked Restart

Tip! - Click any image below to enlarge in a new browser tab

  • Windows Restarts and presents you with the screen shown below

  • Click "Troubleshoot - Reset your PC or see advanced options"

  • Click "Advanced Options"

  • Click "Command Prompt"

Windows will Restart again and present you with the following screen...

  • Click the "Temporary" local Administrator account we created with Steps 1 through 7 above

  • Enter the password you gave to the "Temporary" user account password per the following screen and click "Continue"

  • A Windows Command Prompt opens - Note that it has a drive letter of X:

  • Type regedit into the cmd box and hit your Enter key

  • The Windows Registry Editor Opens. Expand and click once on "HKEY_LOCAL_MACHINE"

  • Click File > Load Hive... in the Registry Editor

Click the "Look in:" drop arrow and select your system drive. Local Disk (D:) in the example below. 

  • Drill down into the following path - Windows\System32\config\

  • Scroll down until you locate the hive named "SAM", click it and then click the "Open" button

  • You will be prompted for a Key Name. Give it a name like "SAM-TEMP" and click the "OK" button

Drill into the loaded SAM-TEMP hive to the following path;


  • Locate the profile name for your Microsoft Connected Online account.  Click it once and note the "Type" value in the right-hand pane. "andre" in the example below, with a "Type" value of "0x3e9".  

    Tip! Remember your Profile Name, you'll need it later 

  • Now click the corresponding value that ends in 3e9 - 000003e9 - once under Users as shown below

  • Delete the following values in the right-hand pane. When warned to Confirm Value Delete - click Yes
    • InternetProviderGUID
    • InternetSID
    • InternetUID
    • Internet User Name

  • After deleting the above 4 values, click once on the SAM-TEMP account again as shown below

  • Now unload the SAM-TEMP hive from Registry Editor. Click File > Unload Hive... as shown below

  • Confirm you want to Unload Hive by clicking Yes

Now close Registry Editor and we are back at the still open CMD DOS box. Restart Windows with the following command.

wpeutil reboot

On the Home Stretch

  • Allow Windows to restart and boot back up to your normal login screen. Open a Command Prompt by clicking the "Ease of Access" button again. (Remember we set that up early on in the previous steps)

In the DOS Command Window, type the following command;

  • net user andre newpass 

Change "andre" above to YOUR profile name

The above command sets the previously locked account's password to: newpass

Next, we need to add the user account to the "local" administrator group.  Enter the following command in the DOS Command Box to add the profile to the local administrators group

  • net localgroup administrators andre /add

Again, replace "andre" with YOUR user profile name in the above command

Type exit and hit enter to close the command box and login to your previously locked out account with a password of "newpass"

Now that you're back in Windows 10 with your familiar user account, it's time to do a little cleaning up. I strongly recommend you perform the following steps.

  1. Press Windows Key and Type Settings - Click Accounts - From the "Your info" section, select "Stop signing in to all Microsoft apps automatically" This now completes the change of this profile from a Microsoft Account, to a Local Account

  2. Click "Sign-in options" on the left side and Change your account Password to something stronger than "newpass"

  3. You can also delete the "Temporary" Profile now if you want to, as it's no longer required. If you have the space to spare though, I'd suggest leaving it there just in case there's a problem in the future.

  4. Finally, the last (and most important) thing to do, is to restore utilman.exe or you will no longer be able to configure any of Windows Accessibility options like Magnifier, High Contrast Theme, Narrator and On-Screen Keyboard, the latter which can often be useful before logging onto the system.

    Worse, leaving the fake utilman.exe command (which is actually cmd.exe at this point) would also leave a gaping security hole in your system, because it could also provide administrator access to hackers.

    Restore it in much the same way as we created the fake copy from the cmd.exe file, only this time we boot into WinPE (Windows Preinstallation Environment) to negate any file ownership and permission issues.

  • Restart Windows by holding down your Shift Key and clicking Restart to boot back into WinPE
  • Just as we did earlier, click Troubleshoot > Advanced Options > Command Prompt
  • Windows reboots into the WinPE Command Prompt screen - Select your account and enter your password
  • Type the following commands into the command window, followed by your Enter key
  • move D:\Windows\System32\utilman.bak D:\Windows\System32\utilman.exe (answer Y to overwrite if prompted)
  • wpeutil reboot

Windows restarts and you're done!  Now get cracking in contacting Microsoft Support to try and regain access to your online account again.

Everything in this tutorial was tested and working at the time of writing with a Windows 10 Professional installation and a Microsoft Connected user account. Each step was documented as I went through the process myself, so I can say with total confidence that it works well.

Finally, this entire process was focused on getting you back into your Microsoft Connected profile account in Windows 10 in a scenario where you can't reset your Microsoft account password online for some reason. How to now go about recovering your Microsoft account is another story. Despite some fake promises you may find on the web, only Microsoft Support will be able to help you in this regard.

If you need additional support on this topic, please use the Ask a Question feature of Experts Exchange.

Finally, if you found this article helpful, please do endorse it by clicking the Thumbs Up button below. 

Doing so helps me out and provides me with positive feedback.

*Full Credit for the Regedit related process goes to "colinardo" for making this solution available to the world at this web page on the 15th  January 2018.

Till the next time...

Author: Andrew Leniart


Featured Post

On-Demand: Securing Your Wi-Fi for Summer Travel

Traveling this summer?Check out our on-demand webinar to learn about the importance of Wi-Fi security and 3 easy measures you can start taking immediately to protect your private data while using public Wi-Fi. Follow us today to learn more!

Join & Write a Comment

The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month