Windows 10 Password Reset Methods for Lost Password Scenario

Summary: This article tells you how to reset the password(s) for any local user account, including the built-in administrator in Windows 10 if you have forgotten the password.

Occasionally, we may forget the Windows user account password, especially if we have been using the auto-login using stored credentials or PIN sign-in method for a long time. Most users don’t have a second administrator account on their computer. And they would have never activated the built-in Administrator account (keeping it disabled is good for security, anyway).

The local user account password can be reset easily using different methods even if you haven’t created a password reset disk beforehand.

If you’re using a Microsoft Account (MSA), you can reset your forgotten MSA password online. However, this is not within the scope of this article. This post tells you how to reset the local user account password.

Similar problem: Lost administrator rights but not the password?

If the user account has suddenly lost its administrative privileges (but you remember the password) and turned into a guest or standard user account, it’s a different issue and the fix is very simple in that case. Check out the article Lost Administrator Rights? Recover the Account via Windows RE for an easy fix.

Contents

For the forgotten password situation, the user has these options to reset the account password.

  1. Method 1: Use the Reset password link at the sign-in screen
  2. Method 2: Reset the user account password via Windows RE
  3. Method 3: Using Utilman.exe backdoor to reset the account password

I’m confused! Which of the above methods should I use?

Here’s the hint:

  • Method 1 assumes that you know the answers to the security questions.
  • Method 2 assumes that you remember the built-in administrator password.
  • Method 3 works great even if you’ve forgotten the built-in administrator and your user account passwords — and even if the built-in administrator is inactive.

How to Reset Account Passwords in Windows 10

Method 1: Using the sign-in screen

In Windows 10 v1803 and higher, you can reset your local account password via the sign-in screen. If you added security questions when you set up your local account for Windows 10, you have at least version 1803, and you can answer security questions to sign back in.

Note that this section talks about resetting the local user account (not Microsoft Account) password only.

  1. After you’ve entered an incorrect password: Select the Reset password link on the sign-in screen.reset windows 10 password at sign-in screen
    If you use a PIN instead, see PIN sign-in issues. If you’re using a work device that’s on a network, you may not see an option to reset your password or PIN. In that case, contact your administrator.
  2. Answer your security questions.
  3. Enter a new password.
  4. Sign in as usual with the new password.

Method 2: Reset the user account password via Windows RE

Using this method, we first enable the built-in administrator (“Administrator”) account using the Registry Editor in Windows RE. Then we log in as “Administrator” and then reset the user account password or perform other administrative tasks as required.

For this method, you may be able to use the built-in recovery options or the Windows RE loaded via the Windows 10 Setup disk. However, my suggestion is to use the Windows 10 USB Setup disk. Accessing the built-in recovery options will prompt you for the administrator password. Whereas, booting from Windows 10 Setup disk won’t ask you for the password.

Step 1: Activate built-in administrator using the registry (via WinRE)

  1. Boot the system using your Windows installation media or Recovery drive if you’ve created one already. If you don’t have any, download the Windows 10 ISO and then create bootable media using another computer.
  2. On the Windows setup page, click Next.
    (Tip: At this point, you can press Shift + F10 to open a Command Prompt window quickly, and jump directly to Step 6 below. Or you can follow the instructions from Step 3 below.)
  3. Click Repair your computer.
    windows 10 setup - repair your computer
  4. In the Windows Recovery Options menu, click Troubleshoot, and then click Advanced Options.There we go. We have opened the recovery options.
  5. Click Command Prompt.
    (This opens a Command Prompt window. We need to edit the SAM registry hive offline to enable the built-in Administrator account from recovery options.)
  6. In the Command Prompt window, type the following command and press ENTER:
    regedit.exe
  7. In the Registry Editor, select HKEY_LOCAL_MACHINE
  8. From the File menu, click Load Hive…load hive registry editor SAM - windows re
  9. In the browse dialog, locate and select the \Windows\System32\Config\SAM hive file from your Windows installation — e.g., assuming C:\ is your Windows drive letter. This SAM hive contains the user accounts information.
    (See the section about finding the drive letter of your Windows installation in this article).

    windows recovery options load hive SAM administrator

  10. Assign a name for the loaded hive — e.g., TEMPHIVE
    windows recovery options load hive SAM administrator
  11. Go to the following branch in the Registry Editor:
    HKEY_LOCAL_MACHINE\TEMPHIVE\SAM\Domains\Account\Users\000001F4
  12. Double-click the REG_BINARY value named F
  13. In the 8th row, 1st column, modify the value 11 to 10
    windows recovery options load hive SAM administratorThe value of 11 denotes that the built-in Administrator account is disabled. Setting it to 10 enables the built-in Administrator.
    windows recovery options load hive SAM administrator
  14. Click OK to save the setting.
  15. Select the TEMPHIVE key.
  16. From the File menu, click Unload Hive…
    windows recovery options load hive SAM administrator
  17. Exit the Registry Editor.
  18. In the Recovery Options window, click Continue (Exit and Continue to Windows 10.)
  19. When you get to the Windows 10 sign-in screen, you’ll see the built-in Administrator account.
    built-in administrator sign-in screen activated
  20. Log in to the built-in Administrator. This account has a blank password by default.

Step 2: Reset Password for administrator/user accounts

Once logged in as the built-in administrator (“Administrator”), you may create a new user account with administrator rights, or reset the password for the original user account. You can use the User Accounts Settings page or command-line to manage accounts.

Here are some command-line examples:

To reset the user account (e.g., Ramesh) password, run this command::

net user ramesh [email protected]

To reset the built-in Administrator account password (e.g., to [email protected]), run this command::

net user administrator [email protected]

To create a new user account and set it as administrator, use this syntax::

net user {username} /add
net localgroup administrators {username} /add

e.g., To create a new user account named John, you’d type:



net user john /add
net localgroup administrators john /add

Method 3: Create a Backdoor Using Utilman.exe

You can use the utilman.exe backdoor method to facilitate a group membership change, built-in Administrator account activation, or resetting the user account or built-in administrator account password from the login screen.

For this method, you’ll need the Windows 10 Setup disk before proceeding. Accessing the built-in Windows RE does not help.)

About this method: If you’ve noticed, the Windows sign-in screen shows the Ease of Access button to launch the Accessibility Options; clicking that would launch the file utilman.exe. So, by replacing utilman.exe with cmd.exe, we can make Windows invoke Command Prompt when you click the Accessibility Options button. This gets you full administrative access to the system.

The debugger method also works for sethc.exe in all versions of Windows and Atbroker.exe (at least in the earlier builds of Windows 10.)

tips bulb iconThe beauty of the method is that it works even if you have forgotten the password of your user account and the built-in “Administrator” accounts, or the built-in Administrator is inactive.

Replace Utilman.exe with CMD.exe

  1. Boot the device using the Windows 10 setup disk to access the Windows Recovery Environment.
  2. On the Windows setup page, click Next.
    (Tip: At this point, you can press Shift + F10 to open a Command Prompt window quickly, and jump directly to Step 5 below. Or you can follow the instructions from Step 3 below.)
  3. Click Repair your computer.
    windows 10 setup - repair your computer
  4. In the Recovery Options menu, click Troubleshoot → Advanced Options → Command Prompt.
  5. Find out the drive letter of your Windows installation by typing bcdedit. If Windows was installed on C:\ drive, it might be assigned D:\ in Windows RE. The output of the bcdedit command shows the Windows drive letter, as seen from Windows RE.
    Note: The drive letter doesn’t always change! On my EFI-based system, the drive letter of Windows remained the same (C:\)
  6. Once you got the drive letter of your Windows installation (e.g., C:\ ), run the following commands:
    cd /d c:\windows\system32
    
    copy Utilman.exe Utilman2.exe
    
    copy cmd.exe Utilman.exe /y
    

    reset lost administrator password windows 10

  7. Exit the Recovery Environment and continue to Windows.
  8. When the sign-in screen appears, click the accessibility (Ease of access) button or press Win + U, which should, in turn, launch the Command Prompt under admin privileges.
    utilman.exe cmd.exe rename noticeIgnore the following error messages if they appear in the Command Prompt window:
    The system cannot find message text for message number 0x2350 in the message file for Application.
    
    Not enough memory resources are available to process this command.

    This is expected when you rename cmd.exe and run it, without the corresponding .mui file. This error can be avoided by replacing Utilman.exe.mui with cmd.exe.mui in the c:\windows\system32\en-us\ folder. However, it’s not a mandatory step as far as this article/scenario is concerned. But, if you plan to do that, be sure to backup the original utilman.exe.mui file first.

    Despite these messages, you’ll be able to carry out the tasks mentioned below without any issues.

Reset Password for administrator/user accounts

  1. From the elevated Command Prompt window, perform the required account management task(s) — e.g., enable built-in Administrator, reset account passwords, or create a new admin user account.
    To activate the built-in Administrator account, type:
    net user administrator /active:yes

    To reset the built-in Administrator account password (e.g., to [email protected]), run this command::

    net user administrator [email protected]

    To reset the user account (e.g., Ramesh) password, run this command::

    net user ramesh [email protected]

    To create a new user account and set it as administrator, use this syntax::

    net user {username} /add
    net localgroup administrators {username} /add

    For example, if you want to name the new user account as John, you’d type:

    net user john /add
    net localgroup administrators john /add

    hand point iconQuick Tip: In the Command Prompt window, you can launch the User Accounts GUI to manage user accounts — i.e., enable the built-in Administrator account, reset local user account passwords, etc. Run the command CONTROL USERPASSWORDS2 or LUSRMGR.MSC. The latter command is available on Windows Pro Editions and higher.

  2. Once you gain access to your account/admin privileges, restore the original Utilman.exe back. To do so, run Command Prompt under TrustedInstaller rights and execute these commands:
    cd /d c:\windows\system32
    
    del Utilman.exe
    
    ren Utilman2.exe Utilman.exe

    reset lost administrator password windows 10

  3. Close the Command Prompt window.

Replace Utilman.exe with CMD.exe (Alternate way, via the registry)

Renaming Utilman.exe is one way; it is probably the easiest option. However, there is also another route — via the registry — that can accomplish the task.

You can edit the registry offline and set a debugger for Utilman.exe (i.e., attaching CMD.exe as the debugger), so that you can launch admin Command Prompt from the login screen. This is a backdoor method that helps you gain full administrative access to the system.

  1. Follow the instructions in the article Edit the Registry Offline via Windows RE and load the SOFTWARE registry hive.
  2. Add a debugger value for utilman.exe, mentioning cmd.exe as the debugger. To do that, create a subkey named “utilman.exe” under this key:
    HKEY_USERS\MyKey\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utilman.exe

    (Assuming you used the name MyKey when you loaded the hive.)

  3. In the utilman.exe key, create a string value (REG_SZ) named Debugger
  4. Double-click Debugger and set its value data to c:\windows\system32\cmd.exe
  5. Make sure you Unload the hive,

The next step is to disable the Windows Defender service. This is because, in recent versions of Windows 10, Windows Defender antivirus removes the debugger registry value for the executables, namely: DisplaySwitch.exe, osk.exe, Magnify.exe, Narrator.exe, sethc.exe, and utilman.exe, for security reasons.

  1. In the Registry Editor, select the HKEY_USERS key
  2. Follow the instructions in the article Edit the Registry Offline via Windows RE and load the SYSTEM registry hive.
  3. Go to the following key:
    HKEY_USERS\MyKey\ControlSet001\Services\WinDefend
  4. Double-click Start and set it to 4. Setting the value to 4 will set the service to “Disabled.”
  5. Double-click ImagePath and append .OLD to the existing string — e.g., "C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe.OLD"
  6. From the File menu, unload the MyKey hive. This is important!
  7. Exit the Registry Editor.
  8. Click Continue to Exit and continue to Windows.
  9. In the Windows logon screen, click the accessibility (Ease of access) button or press Win + U. This should now launch the Command Prompt window under admin privileges.
  10. It’s time to enable the built-in Administrator or reset the account password(s) — whichever you need for that situation.
  11. After gaining access to your user account or admin privileges, close the backdoor created in Step #3 above. You don’t have to go back to Recovery Environment to delete the key. You can do so from within Windows. To close the backdoor, delete this key using the Registry Editor once you login to your user account:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utilman.exe

    This is an important step. If this backdoor is left as it is, anyone who has access to your system can play bad tricks against you.

  12. After logging in to your account, re-enable the Microsoft Defender antivirus service (by running the Registry Editor as TrustedInstaller) by setting the Start value to 2 and the correct ImagePath value, in the following registry key:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend
  13. Exit the Registry Editor.

Deactivate the built-in administrator

After you’ve reset the account password(s) and finished the administrative procedure, log off from the “Administrator” account.

Log in to your user account and deactivate the built-in administrator account by running the following command from the admin Command Prompt:

net user administrator /active:no

disable built-in administrator

Keeping the built-in “Administrator” account deactivated is highly recommended for security reasons.

I hope this guide helped you reset Windows 10 administrator or user account passwords easily!


One small request: If you liked this post, please share this?

One "tiny" share from you would seriously help a lot with the growth of this blog. Some great suggestions:
  • Pin it!
  • Share it to your favorite blog + Facebook, Reddit
  • Tweet it!
So thank you so much for your support, my reader. It won't take more than 10 seconds of your time. The share buttons are right below. :)

Ramesh Srinivasan is passionate about Microsoft technologies and he has been a consecutive ten-time recipient of the Microsoft Most Valuable Professional award in the Windows Shell/Desktop Experience category, from 2003 to 2012. He loves to troubleshoot and write about Windows. Ramesh founded Winhelponline.com in 2005.

Leave a Comment