Offline password reset on a local admin account on a Windows 10 V1909

mbkitmgr
mbkitmgr used Ask the Experts™
on
Have you performed a offline password reset on a local admin account on a Windows 10 V1909.  What did you use?

The GM of a client has exited the org and has not left details of the local admin pwd for some standalone and workgroup machines.  All machines are EUFI and CHNTPW fails to acess the drives to allow editing.

A number of utils that had worked in the past are showing as unable since V1803, normally I'd test some to find one but these pwds need resetting today.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Distinguished Expert 2017

Commented:
Much depends on the setup, the partitions/drives might be encrypted.

There are common ways to regain acces though newer make it more involved.
mbkitmgrOwener

Author

Commented:
Thanks Arnold.  Previously I've used chntpw even on servers, but I cant get it to edit the disk on a EUFI machine, single partition, no encryption
Systems Administrator
Commented:
Active Boot Disk works: https://www.lsoft.net/bootdisk.aspx#buynow.  I just tried it on my 1909 laptop.  If you are a business, it's $100, but well worth it.  If you can see the drive contents from Windows RE or PE, this boot disk should work.

EDIT: It looks like there is a demo on that page.  You might want to give that a shot.
Distinguished Expert 2017

Commented:
Have you tried boiling the system into safe mode?
And whether the administrator's password is set or not?

Are you familiar with the osk.exe as cmd.exe option?
Adam LeinssSystems Administrator

Commented:
sethc.exe and osk.exe and the like hacks are detected and blocked by Windows Defender now. :(
mbkitmgrOwener

Author

Commented:
HI Adam, correct
Distinguished Expert 2017

Commented:
try safe mode boot.
Usually, there has to be a record of info.

Offline access to the hklm run once to update/set new password.
mbkitmgrOwener

Author

Commented:
HI Adam,  Just tested the demo version of the product and its perfect.  Thanks heaps for your recomendation.  The other fetaures will come in handy too.
mbkitmgrOwener

Author

Commented:
This tool does quite a bit, but importantly saves time having to try various Tools and techniqiues suggested by others.  It works out of the box, is worth the cost, and worked on a basic raid controller (had to try out of curiosity)
Adam LeinssSystems Administrator

Commented:
No problem.  There was a workaround that was demoed by Sami Laiho in his paid class that involves copying the GroupPolicy folder from one computer to another.  Essentially, you create a local Group Policy login script with GPEDIT.MSC on another computer that adds an account to the Local Administrator's group.  Then you copy that GroupPolicy folder to a USB stick, boot the computer in question to WinPE and then overwrite the GroupPolicy folder with the copy on the USB stick and then boot it into normal Windows.  The account gets created and viola, you can log in as that newly created user.

Rather than go through all of those hoops, I find keeping a boot of a WinPE disc with a password changer is going to make your life a lot easier, plus you can use it for other things such as hard drive recovery or disk wiping.
Distinguished Expert 2018

Commented:
You wouldn't need tools for that. Although windows defender (if utilized) will check whether the systemfiles that are used in the famous "utilman trick" are original, it is not quick enough and will still allow me to use those at least in safe mode. Did that a few times since defender detects those.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial