How to Reset Forgotten Windows 10/11 Account Password

Summary: This article tells you how to reset the password(s) for any local user account, including the built-in administrator in Windows 10 if you have forgotten the password.

Occasionally, we may forget the Windows user account password, especially if we have been using the auto-login using stored credentials or PIN sign-in method for a long time. Most users don’t have a second administrator account on their computer. And they would have never activated the built-in Administrator account (keeping it disabled is good for security, anyway).

The local user account password can be reset easily using different methods even if you haven’t created a password reset disk beforehand.

If you’re using a Microsoft Account (MSA), you can reset your forgotten MSA password online. However, this is not within the scope of this article. This post tells you how to reset the local user account password.

Similar problem: Lost administrator rights but not the password?

If the user account has suddenly lost its administrative privileges (but you remember the password) and turned into a guest or standard user account, it’s a different issue and the fix is very simple in that case. Check out the article Lost Administrator Rights? Recover the Account via Windows RE for an easy fix.

Contents

For the forgotten password situation, the user has these options to reset the account password.

Method 1: Use the Reset password link at the sign-in screen
Method 2: Reset the user account password via Windows RE
- Step 1: Activate built-in Administrator via registry
- Step 2: Reset the user or administrator password
Method 3: Using Utilman.exe backdoor to reset the account password

I’m confused! Which of the above methods should I use?

Here’s the hint:

Method 1 assumes that you know the answers to the security questions.
Method 2 assumes that you remember the built-in administrator password.
Method 3 works great even if you’ve forgotten the built-in administrator and your user account passwords — and even if the built-in administrator is inactive.

How to Reset Account Passwords in Windows 10

Method 1: Using the sign-in screen

In Windows 10 v1803 and higher, you can reset your local account password via the sign-in screen. If you added security questions when you set up your local account for Windows 10, you have at least version 1803, and you can answer security questions to sign back in.

Note that this section talks about resetting the local user account (not Microsoft Account) password only.

After you’ve entered an incorrect password: Select the Reset password link on the sign-in screen.
If you use a PIN instead, see PIN sign-in issues. If you’re using a work device that’s on a network, you may not see an option to reset your password or PIN. In that case, contact your administrator.
Answer your security questions.
Enter a new password.
Sign in as usual with the new password.

Method 2: Reset the user account password via Windows RE

Using this method, we first enable the built-in administrator (“Administrator”) account using the Registry Editor in Windows RE. Then we log in as “Administrator” and then reset the user account password or perform other administrative tasks as required.

For this method, you may be able to use the built-in recovery options or the Windows RE loaded via the Windows 10 Setup disk. However, my suggestion is to use the Windows 10 USB Setup disk. Accessing the built-in recovery options will prompt you for the administrator password. Whereas, booting from Windows 10 Setup disk won’t ask you for the password.

Step 1: Activate built-in administrator using the registry (via WinRE)

Boot the system using your Windows installation media or Recovery drive if you’ve created one already. If you don’t have any, download the Windows 10 ISO and then create bootable media using another computer.
On the Windows setup page, click Next.
(Tip: At this point, you can press Shift + F10 to open a Command Prompt window quickly, and jump directly to Step 6 below. Or you can follow the instructions from Step 3 below.)
Click Repair your computer.
In the Windows Recovery Options menu, click Troubleshoot, and then click Advanced Options.There we go. We have opened the recovery options.
Click Command Prompt.

(This opens a Command Prompt window. We need to edit the SAM registry hive offline to enable the built-in Administrator account from recovery options.)
In the Command Prompt window, type the following command and press ENTER:
```
regedit.exe
```
In the Registry Editor, select HKEY_LOCAL_MACHINE
From the File menu, click Load Hive…
In the browse dialog, locate and select the \Windows\System32\Config\SAM hive file from your Windows installation — e.g., assuming C:\ is your Windows drive letter. This SAM hive contains the user accounts information.
(See the section about finding the drive letter of your Windows installation in this article).
Assign a name for the loaded hive — e.g., TEMPHIVE

Go to the following branch in the Registry Editor:

HKEY_LOCAL_MACHINE\TEMPHIVE\SAM\Domains\Account\Users\000001F4

Double-click the REG_BINARY value named F
In the 8th row, 1st column, modify the value 11 to 10
The value of 11 denotes that the built-in Administrator account is disabled. Setting it to 10 enables the built-in Administrator.
Click OK to save the setting.
Select the TEMPHIVE key.
From the File menu, click Unload Hive…
Exit the Registry Editor.
In the Recovery Options window, click Continue (Exit and Continue to Windows 10.)
When you get to the Windows 10 sign-in screen, you’ll see the built-in Administrator account.
Log in to the built-in Administrator. This account has a blank password by default.

Step 2: Reset Password for administrator/user accounts

Once logged in as the built-in administrator (“Administrator”), you may create a new user account with administrator rights, or reset the password for the original user account. You can use the User Accounts Settings page or command-line to manage accounts.

Here are some command-line examples:

To reset the user account (e.g., Ramesh) password, run this command::

net user ramesh p@ssw0rd

To reset the built-in Administrator account password (e.g., to p@ssw0rd), run this command::

net user administrator p@ssw0rd

To create a new user account and set it as administrator, use this syntax::

net user {username} /add
net localgroup administrators {username} /add

e.g., To create a new user account named John, you’d type:

net user john /add
net localgroup administrators john /add

Method 3: Create a Backdoor Using Utilman.exe

You can use the utilman.exe backdoor method to facilitate a group membership change, built-in Administrator account activation, or resetting the user account or built-in administrator account password from the login screen.

For this method, you’ll need the Windows 10 Setup disk before proceeding. Accessing the built-in Windows RE does not help.)

About this method: If you’ve noticed, the Windows sign-in screen shows the Ease of Access button to launch the Accessibility Options; clicking that would launch the file utilman.exe. So, by replacing utilman.exe with cmd.exe, we can make Windows invoke Command Prompt when you click the Accessibility Options button. This gets you full administrative access to the system.

The debugger method also works for sethc.exe in all versions of Windows and Atbroker.exe (at least in the earlier builds of Windows 10.)

The beauty of the method is that it works even if you have forgotten the password of your user account and the built-in “Administrator” accounts, or the built-in Administrator is inactive.

Replace Utilman.exe with CMD.exe

Boot the device using the Windows 10 setup disk to access the Windows Recovery Environment.
On the Windows setup page, click Next.
(Tip: At this point, you can press Shift + F10 to open a Command Prompt window quickly, and jump directly to Step 5 below. Or you can follow the instructions from Step 3 below.)
Click Repair your computer.
In the Recovery Options menu, click Troubleshoot → Advanced Options → Command Prompt.
Find out the drive letter of your Windows installation by typing bcdedit. If Windows was installed on C:\ drive, it might be assigned D:\ in Windows RE. The output of the bcdedit command shows the Windows drive letter, as seen from Windows RE.
Note: The drive letter doesn’t always change! On my EFI-based system, the drive letter of Windows remained the same (C:\)
Once you got the drive letter of your Windows installation (e.g., C:\ ), run the following commands:
```
cd /d c:\windows\system32

copy Utilman.exe Utilman2.exe

copy cmd.exe Utilman.exe /y
```
Exit the Recovery Environment and continue to Windows.
When the sign-in screen appears, click the accessibility (Ease of access) button or press Win + U, which should, in turn, launch the Command Prompt under admin privileges.
Ignore the following error messages if they appear in the Command Prompt window:
```
The system cannot find message text for message number 0x2350 in the message file for Application.

Not enough memory resources are available to process this command.
```
This is expected when you rename cmd.exe and run it, without the corresponding .mui file. This error can be avoided by replacing Utilman.exe.mui with cmd.exe.mui in the c:\windows\system32\en-us\ folder. However, it’s not a mandatory step as far as this article/scenario is concerned. But, if you plan to do that, be sure to backup the original utilman.exe.mui file first.

Despite these messages, you’ll be able to carry out the tasks mentioned below without any issues.

Reset Password for administrator/user accounts

From the elevated Command Prompt window, perform the required account management task(s) — e.g., enable built-in Administrator, reset account passwords, or create a new admin user account.
To activate the built-in Administrator account, type:
```
net user administrator /active:yes
```
To reset the built-in Administrator account password (e.g., to p@ssw0rd), run this command::
```
net user administrator p@ssw0rd
```
To reset the user account (e.g., Ramesh) password, run this command::
```
net user ramesh p@ssw0rd
```
To create a new user account and set it as administrator, use this syntax::
```
net user {username} /add
net localgroup administrators {username} /add
```
For example, if you want to name the new user account as John, you’d type:
```
net user john /add
net localgroup administrators john /add
```
Quick Tip: In the Command Prompt window, you can launch the User Accounts GUI to manage user accounts — i.e., enable the built-in Administrator account, reset local user account passwords, etc. Run the command CONTROL USERPASSWORDS2 or LUSRMGR.MSC. The latter command is available on Windows Pro Editions and higher.
Once you gain access to your account/admin privileges, restore the original Utilman.exe back. To do so, run Command Prompt under TrustedInstaller rights and execute these commands:
```
cd /d c:\windows\system32

del Utilman.exe

ren Utilman2.exe Utilman.exe
```
Close the Command Prompt window.

Replace Utilman.exe with CMD.exe (Alternate way, via the registry)

Renaming Utilman.exe is one way; it is probably the easiest option. However, there is also another route — via the registry — that can accomplish the task.

You can edit the registry offline and set a debugger for Utilman.exe (i.e., attaching CMD.exe as the debugger), so that you can launch admin Command Prompt from the login screen. This is a backdoor method that helps you gain full administrative access to the system.

Follow the instructions in the article Edit the Registry Offline via Windows RE and load the SOFTWARE registry hive.
Add a debugger value for utilman.exe, mentioning cmd.exe as the debugger. To do that, create a subkey named “utilman.exe” under this key:
```
HKEY_USERS\MyKey\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utilman.exe
```
(Assuming you used the name MyKey when you loaded the hive.)
In the utilman.exe key, create a string value (REG_SZ) named Debugger
Double-click Debugger and set its value data to c:\windows\system32\cmd.exe
Make sure you Unload the hive,

The next step is to disable the Windows Defender service. This is because, in recent versions of Windows 10, Windows Defender antivirus removes the debugger registry value for the executables, namely: DisplaySwitch.exe, osk.exe, Magnify.exe, Narrator.exe, sethc.exe, and utilman.exe, for security reasons.

In the Registry Editor, select the HKEY_USERS key
Follow the instructions in the article Edit the Registry Offline via Windows RE and load the SYSTEM registry hive.

Go to the following key:

HKEY_USERS\MyKey\ControlSet001\Services\WinDefend

Double-click Start and set it to 4. Setting the value to 4 will set the service to “Disabled.”
Double-click ImagePath and append .OLD to the existing string — e.g., "C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe.OLD"
From the File menu, unload the MyKey hive. This is important!
Exit the Registry Editor.
Click Continue to Exit and continue to Windows.
In the Windows logon screen, click the accessibility (Ease of access) button or press Win + U. This should now launch the Command Prompt window under admin privileges.
It’s time to enable the built-in Administrator or reset the account password(s) — whichever you need for that situation.
After gaining access to your user account or admin privileges, close the backdoor created in Step #3 above. You don’t have to go back to Recovery Environment to delete the key. You can do so from within Windows. To close the backdoor, delete this key using the Registry Editor once you login to your user account:
```
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utilman.exe
```
This is an important step. If this backdoor is left as it is, anyone who has access to your system can play bad tricks against you.
After logging in to your account, re-enable the Microsoft Defender antivirus service (by running the Registry Editor as TrustedInstaller) by setting the Start value to 2 and the correct ImagePath value, in the following registry key:
```
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend
```
Exit the Registry Editor.

Deactivate the built-in administrator

After you’ve reset the account password(s) and finished the administrative procedure, log off from the “Administrator” account.

Log in to your user account and deactivate the built-in administrator account by running the following command from the admin Command Prompt:

net user administrator /active:no

disable built-in administrator

Keeping the built-in “Administrator” account deactivated is highly recommended for security reasons.

I hope this guide helped you reset Windows 10 administrator or user account passwords easily!

One small request: If you liked this post, please share this?

One "tiny" share from you would seriously help a lot with the growth of this blog.

Some great suggestions:

Pin it!
Share it to your favorite blog + Facebook, Reddit
Tweet it!

So thank you so much for your support. It won't take more than 10 seconds of your time. The share buttons are right below. :)

0 Shares