How to Reset a forgotten Windows 10 Password

Andrew LeniartIT Professional, Freelance Journalist, Certified Editor
IT Professional - Helping others to help themselves. https://andrewleniart.com & https://www.computerhelpzone.com.au/testimonial/
Published:
Updated:
This tutorial shows a simple method of resetting a forgotten Windows 10 Password, on both a Physical and VM VirtualBox machine without the need for any third-party tools. Both Local and Microsoft Connected accounts are covered. Enjoy...

Important Article Update: An important update to this tutorial has just been added on 2nd November 2018 due to recent changes by Microsoft to Windows Defender that is included with Windows 10. Please see the heading titled "Copying cmd.exe to utilman.exe didn't work for me - Now what?" at the bottom of this article to resolve the problem if you are using Windows Defender as your Antivirus of choice on Windows 10, rather than one of the other multitude of third-party antivirus applications available.  Regards, Andrew Leniart


Introduction


I frequently see questions pop up at Experts Exchange from folks that have forgotten their Windows 10 user password and who didn't bother to create a Win10 Password Reset Disk, don't have a secondary Administrator profile to log in with, or who use a Microsoft Connected Live account, without recovery options to be able to reset their password online.


Links are often suggested to askers, recommending various third-party boot CD's or Images, some free, some paid, that may have worked great for Windows 7 and earlier installations, but can sometimes fail to reliably reset a Windows 10 password. The good news is that you don't need any third party tools. All you need is a Windows 10 Installation DVD or a Windows 10 ISO file which will work every time. 


By reading this article, you will learn some DOS (Disk Operating System) commands and what they do, as well as be able to get free additional help at Experts Exchange.


Note: Though not tested at the time of writing, the Utilman related tricks described in this tutorial should also apply to previous versions of Microsoft Windows, including Windows XP / Vista / 8.1 /  Windows 7 and Servers.


Let's dive in...



1 - Steps for Physical Machine Installs 


- Change your BOOT Device in BIOS to Boot from DVD or USB First


You're going to have to boot your computer with a Windows 10 Installation DVD or with a USB device that a Windows 10 Installation ISO has been extracted to and made bootable. So restart and enter BIOS settings on your computer. How to do this can differ depending on your mainboard manufacturer or the brand name of your computer, but most commonly, getting into BIOS simply means tapping the Delete key on your keyboard while booting up. 


Often there will be a message on your monitor during boot telling you which key you need to press to get into BIOS Settings. If pressing the Delete key doesn't work for you, check which keys you need to press for your particular computer or mainboard with the manufacturer's website, or use the ask a question feature at Experts Exchange to ask for help.


If you're using a physical computer, skip down to "Create a Secondary (Local) Administrator User" now.


1 - Steps for Oracle VM VirtualBox Installs


For those of you using a Virtual Machine in VirtualBox, change your boot device to Boot from a saved Windows 10 Installation ISO. On the Oracle VM VirtualBox Machine, click "Devices" > "Optical Drives" > "Choose Disk Image" and select the saved Windows 10 installation ISO. If you don't (or no longer) have one, you can download the ISO file straight from Microsoft using this link


See screenshot below.



The remaining steps are the same for both Physical and Virtual Machine installs.



Create a Secondary (Local) Administrator User


If you don't already have a second Administrator enabled user account on Windows 10 to help you out, just create one on the fly. Once you've booted with your Windows 10 installation DVD (or ISO in the case of VirtualBox) the process is quite simple and you can then make use of the Windows GUI (Graphical User Interface) to change the password.


When you boot with a Windows 10 DVD, USB stick or ISO on Oracle VM VirtualBox, you'll get a message on your screen for a few seconds telling you to "Press any key to boot from..." 


1.    Follow that instruction and just hit any key on your keyboard. You should end up with the following screen.

At this point, we want to bring up a command prompt to issue some DOS commands to Windows. 


2.    Press Shift+F10 on your keyboard to open a DOS command prompt window. The Window that pops up will show a drive letter of X:\ That's a temporary drive letter that Windows has assigned to boot media you've used. 


3.    Enter the following commands exactly as shown to perform actions on your Microsoft Windows installation, which will usually be on drive letter D: - and pressing your Enter Key after each line. 


Note: If the following commands fail for you, then type "Dir E:", "Dir F:" etc until you find which drive letter your system drive has been assigned, then just replace D: with the drive letter for your system.


Move D:\Windows\System32\utilman.exe D:\Windows\System32\utilman.bak

Copy D:\Windows\System32\cmd.exe D:\Windows\System32\utilman.exe

wpeutil reboot



What are those commands doing?

  • The move command makes a copy of the "utilman.exe" command as "utilman.bak"
  • The Copy command copies the "cmd.exe" command as a fake "utilman.exe" command
  • The "wpeutil reboot" command tells Windows to reboot


4.     When Windows restarts, don't boot with your Windows Installation DVD, USB Stick or ISO this time. We're done with that, so just allow Windows to boot up normally.


5.    Now that Windows has restarted, we can use the fake "utilman.exe" command we copied above, to bring up a command prompt at the login screen by clicking the "Ease of Access" option on the Windows 10 login screen. 

Doing so will now bring up a DOS command box. 


6.    Enter the following commands into the DOS command box as shown below.


  • net user Temporary /add
  • net localgroup administrators Temporary /add
  • exit


What are those commands doing?

  • The first command is creating a new user profile called "Temporary"
  • The second command adds the new "Temporary" account to the local Administrators group
  • The last command simply "exits" (or closes) the DOS cmd Window


You will now have a new Administrator enabled account to log into Windows with, named "Temporary" and with no login password set. We could have set a password at this point if we wanted to, but we'll do that in Windows GUI instead so that we can record a helpful password hint as well.


Sidenote: We could have just enabled the Windows 10 built-in Administrator account in the above steps, but I personally don't recommend doing that for a variety of reasons I won't go into here.


7.    Log into Windows 10 with the new "Temporary" account just created. It's insecure at this point, so the first thing I recommend you do is to give it a good strong password, even if you don't intend to keep it for the long term. 


Use Windows GUI to change the password of your regular account


Note: If the account you are trying to change the password to is an Online Microsoft Connected Account, skip down to "What if my Account is a Microsoft Connected Account?" now. Otherwise, continue on to reset a Local User Account.


8.    Now that you've logged back into Windows 10 with an Administrator enabled account, you can change the password on your main local account. As with most things in Windows, there's more than one way of doing this, but here's one simple way.


  • Press the Windows Key, Type Control Panel and hit your Enter Key
  • Click "Change account type" under the User Accounts Category.


9.    On the next window, click on the problem account that you've forgotten the password to. In the example below, we'll assume it's John Jacob's account.



10.    On the next Window, click the "Change the password" hyperlink.



11.    Now type and confirm a new password for the John Jacob account, put in a password hint if desired and click the "Change password" button.  



Cleaning Up 


Be sure restore your c:\windows\system32\utilman.exe file or you will no longer be able to configure any of Windows Accessibility options like Magnifier, High Contrast Theme, Narrator and On-Screen Keyboard, the latter which can often be useful before logging onto the system.


Worse, leaving a fake utilman.exe command would also leave a gaping security hole in your system, because it could also provide administrator access to hackers.


There are different ways to achieve this, but I think one of the simplest methods is to use WinPE (Windows Preinstallation Environment) Complete the following steps to restore Windows Accessibility functionality and reverse cmd.exe functionality;


  • Restart Windows by holding down your Shift Key and clicking Restart to boot back into WinPE
  • Just as we did earlier, click Troubleshoot > Advanced Options > Command Prompt
  • Windows re starts into the WinPE Command Prompt screen - Select your account and enter your password
  • Type the following commands into the command window, followed by your Enter key
  • move D:\Windows\System32\utilman.bak D:\Windows\System32\utilman.exe (answer Y to overwrite if prompted)
  • wpeutil reboot


You're Done! Select the previously forgotten password account to login with and use the newly set password to log in. If you haven't done so already, (you should have) then don't forget to give the "Temporary" user profile a strong password if you intend to keep it.



What if my Account is a Microsoft Connected Account?


Resetting a Microsoft Connected account is easy, providing you set up your account recovery options, such as security questions, a mobile telephone number where you can get an SMS, and a recovery email address. If you did, good job! 


Just open a browser and go to this "Why can't you sign in?" Microsoft password reset page. Select "I forgot my password" and follow the prompts to reset your password.



Didn't configure your Microsoft Account recovery options? 


No problem, we have you covered and can still get you back into your account!


This won't solve your account connectivity problems with Microsoft, but it will get you back into your normal user profile. Read on to learn how...*


A)    First things first, if you haven't done so already, complete  Steps 1 through 7  under the "Create a Secondary (Local) Administrator User" heading above, then skip back to here once you have created a "Temporary" local administrator user account.


B)    If you've followed all instructions correctly, you should now be in Windows 10 using the "Temporary" user account we created, and have set a password on that account. If not, go back to Step 1 above and find out which step you may have skipped.


Here's where things get a little complex and tedious, so pay very careful attention to the following instructions. 


Completing the following steps "will" restore your access to your Microsoft Connected Account in Windows 10, as we will be changing it to be a Local Account. 


Be careful not to skip any steps - everything should be as shown below - if it's not, then it's likely that you may have missed a step.


C)    Restart Windows and let it boot to your normal Login Screen.


  • Hold down your [Shift] Key, then click Power > Restart as shown below


Note: If Windows just restarts normally, you probably forgot to hold down your Shift Key before you clicked Restart


Tip! - Click any image below to enlarge in a new browser tab


  • Windows Restarts and presents you with the screen shown below


  • Click "Troubleshoot - Reset your PC or see advanced options"

  • Click "Advanced Options"


  • Click "Command Prompt"


Windows will Restart again and present you with the following screen...


  • Click the "Temporary" local Administrator account we created with Steps 1 through 7 above

  • Enter the password you gave to the "Temporary" user account password per the following screen and click "Continue"


  • A Windows Command Prompt opens - Note that it has a drive letter of X:


  • Type regedit into the cmd box and hit your Enter key


  • The Windows Registry Editor Opens. Expand and click once on "HKEY_LOCAL_MACHINE"


  • Click File > Load Hive... in the Registry Editor


Click the "Look in:" drop arrow and select your system drive. Local Disk (D:) in the example below. 


  • Drill down into the following path - Windows\System32\config\


  • Scroll down until you locate the hive named "SAM", click it and then click the "Open" button


  • You will be prompted for a Key Name. Give it a name like "SAM-TEMP" and click the "OK" button


Drill into the loaded SAM-TEMP hive to the following path;


HKEY_LOCAL_MACHINE\SAM-TEMP\SAM\Domains\Account\Users\Names  


  • Locate the profile name for your Microsoft Connected Online account.  Click it once and note the "Type" value in the right-hand pane. "andre" in the example below, with a "Type" value of "0x3e9".  

    Tip! Remember your Profile Name, you'll need it later 


  • Now click the corresponding value that ends in 3e9 - 000003e9 - once under Users as shown below


  • Delete the following values in the right-hand pane. When warned to Confirm Value Delete - click Yes
    • InternetProviderGUID
    • InternetSID
    • InternetUID
    • Internet User Name


  • After deleting the above 4 values, click once on the SAM-TEMP account again as shown below


  • Now unload the SAM-TEMP hive from Registry Editor. Click File > Unload Hive... as shown below


  • Confirm you want to Unload Hive by clicking Yes

Now close Registry Editor and we are back at the still open CMD DOS box. Restart Windows with the following command.


  • wpeutil reboot



On the Home Stretch


  • Allow Windows to restart and boot back up to your normal login screen. Open a Command Prompt by clicking the "Ease of Access" button again. (Remember we set that up early on in the previous steps)

In the DOS Command Window, type the following command;


  • net user andre newpass 


Change "andre" above to YOUR profile name


The above command sets the previously locked account's password to: newpass


Next, we need to add the user account to the "local" administrator group.  Enter the following command in the DOS Command Box to add the profile to the local administrators group


  • net localgroup administrators andre /add


Again, replace "andre" with YOUR user profile name in the above command


Type exit and hit enter to close the command box and login to your previously locked out account with a password of "newpass"


Now that you're back in Windows 10 with your familiar user account, it's time to do a little cleaning up. I strongly recommend you perform the following steps.


  1. Press Windows Key and Type Settings - Click Accounts - From the "Your info" section, select "Stop signing in to all Microsoft apps automatically" This now completes the change of this profile from a Microsoft Account, to a Local Account

  2. Click "Sign-in options" on the left side and Change your account Password to something stronger than "newpass"

  3. You can also delete the "Temporary" Profile now if you want to, as it's no longer required. If you have the space to spare though, I'd suggest leaving it there just in case there's a problem in the future.

  4. Finally, the last (and most important) thing to do, is to restore utilman.exe or you will no longer be able to configure any of Windows Accessibility options like Magnifier, High Contrast Theme, Narrator and On-Screen Keyboard, the latter which can often be useful before logging onto the system.

    Worse, leaving the fake utilman.exe command (which is actually cmd.exe at this point) would also leave a gaping security hole in your system, because it could also provide administrator access to hackers.

    Restore it in much the same way as we created the fake copy from the cmd.exe file, only this time we boot into WinPE (Windows Preinstallation Environment) to negate any file ownership and permission issues.


  • Restart Windows by holding down your Shift Key and clicking Restart to boot back into WinPE
  • Just as we did earlier, click Troubleshoot > Advanced Options > Command Prompt
  • Windows reboots into the WinPE Command Prompt screen - Select your account and enter your password
  • Type the following commands into the command window, followed by your Enter key
  • move D:\Windows\System32\utilman.bak D:\Windows\System32\utilman.exe (answer Y to overwrite if prompted)
  • wpeutil reboot


Windows restarts and you're done!  Now get cracking in contacting Microsoft Support to try and regain access to your online account again.




Copying cmd.exe to utilman.exe didn't work for me - Now what?


Microsoft recently updated the definitions for Windows Defender, which is a respectable free antivirus app included in all editions of Windows 10, to recognize that the utilman.exe command we created earlier in this tutorial is fake. 


This can cause issues with this process when trying the above-described processes when Windows Defender is enabled on your system and is being used as your Antivirus App, rather than another third party Antivirus application: when you click on the "Ease of Access" button, nothing happens, since Windows Defender blocks the access to the fake utilman.exe file. Here's a screenshot of what Windows Defender will show in its threat history after we try to use the fake utilman.exe which it blocks:


Tip! - Click on any graphic below to get a full-sized view.



Credits: Thanks to Experts Exchange Expert and Page Editor "McKnife" for providing most of the screenshots used below to save me making my own, and also for bringing this recent development to my attention!


To get around this problem, simply restart Windows 10 into safe mode. In safe mode, defender will start a little later and allow us for a few seconds to still use our method as usual. On test machines, I had 30 seconds - on fast machines, it could be less.


1) To start in safe mode, we need to restart our computer in a special way: you need to keep the shift key pressed, while clicking on the restart button. After it restarts, you will then see the following screen. Click on the "Troubleshoot" panel as shown below.



2) Now click on "Advanced options"



3) Click on "See more recovery options"



4) Click the Startup Settings button as shown below



Note: If your installation doesn't show the above screenshot as it turned out for me, it will likely look like the following, in which case you just click the "Startup Settings" button as shown below.



5) You will end up with the following screen. Click the "Restart" button



6) Windows will now present you with the following "Startup Settings" screen. Note the different ways that you can tell Windows to start up in. The ones we are interested in here are 4), 5), and 6) as highlighted below



7) I suggest pressing the Number 4 key on your keyboard and Windows will restart in "Safe Mode" which is what we want to bypass Window Defender's protection.


8) Having done that, the fake "utilman.exe" we copied and created earlier in this tutorial will now work for a few seconds until defender starts - this will usually be just long enough to bring up a command prompt at the login screen by clicking the "Ease of Access" option on the Windows 10 login screen and use the two commands you find in the steps already given under the "Create a Secondary (Local) Administrator User" heading earlier in this tutorial. Done!


Remember, you need to hurry up typing or the fake utilman.exe will be deleted, the command shell closes and you have to start over.




Need more support on this issue? Click the blue Ask a Question button at the top of your browser while logged into Experts Exchange.


Everything in this tutorial was tested and working at the time of writing with a Windows 10 Professional installation and a Microsoft Connected user account. Each step was documented as I went through the process myself, so I can say with total confidence that it works well.


Finally, this entire process was focused on getting you back into your Microsoft Connected profile account in Windows 10 in a scenario where you can't reset your Microsoft account password online for some reason. How to now go about recovering your Microsoft account is another story. Despite some fake promises you may find on the web, only Microsoft Support will be able to help you in this regard.


If you need additional support on this topic, please use the Ask a Question feature of Experts Exchange.


* Full Credit for the Regedit related process goes to user "colinardo" for making this solution available to the world at this web page on the 15th  January 2018.


Till the next time...


Tutorial by: Andrew Leniart


11
19,638 Views
Andrew LeniartIT Professional, Freelance Journalist, Certified Editor
IT Professional - Helping others to help themselves. https://andrewleniart.com & https://www.computerhelpzone.com.au/testimonial/

Comments (4)

IT GuySys Admin/Windows Admin

Commented:
Do these steps work with Server 2016 and Server 2019 as well?
Andrew LeniartIT Professional, Freelance Journalist, Certified Editor
Author of the Year 2019
Distinguished Expert 2020

Author

Commented:
Hi IT Guy,

Thank you for the endorsement - appreciated.

Do these steps work with Server 2016 and Server 2019 as well?

Untested on any server platform sorry, so I can't say for sure.

Regards, Andrew
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
It works on server 2008/2012/2016 and 2019, too.
Basem KhawajaClinical Pharmacist

Commented:
Andrew,

Thank you for the valuable information in this article. Although I never had a problem remembering my password, I am sure one day when I am old and grey and my memory not so good this article will come in vey handy to me as well as others.


Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.