Sometimes, life happens, and you wind up with a forgotten password in Windows and have to break into the system. The below article was written for Windows l0, but the creation of an administrator account by copying some critical files about 1/3rd of the way down the page works in Windows 7 as well. All you need is a boot USB to enter Windows PE mode (or you can boot into Linux and do the same thing).
Thankfully, the process of recovering your password in Windows 10 is much the same as it has been in Windows 8 and above, albeit with a few slight tweaks. Here’s how you can recover both your Microsoft Live 10 login, as well as the credentials for any other users registered with the local machine.
The short of it:
- Boot into Windows PE (or Linux).
- Navigate to the OS drive (mount it if in Linux and cd to where you mounted it).
- Change into the Windows\System32 directory.
- Rename Utilman.exe to Utileman.exe.bak.
- Copy cmd.exe to Utilman.exe.
- Reboot into Windows.
- When it comes to the login screen, click on the Accessibility button. This will open a command prompt.
- Create a new user. For example: net user John /add
- Add new user to local administrator group. For example: net localgroup Administrators John /add
- Login as the new user. You now have free reign to enable the built-in Administrator account, or change passwords on local accounts.
- Don’t forget to copy the Utilman.exe.bak back to Utilman.exe and cleanup the temporary account.