Resetting Windows Password

In past, some of you have used clever utilities like Kon Boot Utility to reset your window password, or asked your engineer to format C:/ drive if there was no way out. This article will introduce various ways to reset password in Windows xp,vista, 7,8 & 8.1. Please note that this knowledge is shared for educational purpose only. Resetting passwords in windows is resetting the SAM (Security Account Manager)

Windows Password Recovery

Windows Password Recovery

These  disks are Windows XP based operating systems, even lighter than that in size. The size is kept to its lowest and more utilities like Registry Scanners, Password Reset / Bypass Utilities, File Explorer etc. Using GRUB loaders, we have option to install these OS on a USB Diskette (pen drive). We can create Bootable CD / pendrive to boot this temporary OS directly from USB to RAM and reset password or fix a broken system. Such CD’s are more popularly known as LIVE CD’s, but It is important to note that such Disks can be used to  repair only Windows xp,Vista and 7. 

The reason behind this is, that in most of the laptops in which windows 8 comes pre-installed, the BIOS is configured in UEFI mode (Unified Extensible Firmware Interface). The UEFI mode does not allow to boot legacy OS like Windows xp, DOS etc. If you enable the LegacyBoot option, it will boot your legacy OS (like xp, DOS etc) but will not allow you to access the Hark Disk. A typical BIOS screen of a windows 8 system is shown here :

20121207140026232

This screenshot explain the aim of having Legacy mode in newer BIOS systems. So here we have two Boot orders (or Boot device priorities), one for UEFI or newer systems, & one for older or Legacy systems. So to reset Windows 8/8.1 password, our conventional methods do not work. We’ll study resetting Windows 8 / 8.1 password in the last section of this article, methods for older Windows systems are described here.

 

a) Hiren’s Boot CD Series : It is a set of  powerful utilities. The oldest edition was around 186 MB, including a rich set of utilities (shown below). The executables are compressed using UHA compression standard and extracted on the go when user executes a particular program. The newer version includes many On-Boot utilities and a richer set of windows utilities so the size is now 700 MB. Screenshot of Utilities available in Hiren’s 15.2 (Size : 594 MB) is shown below :
hirens

b)  Windows Unlocker Enterprise : This is another Windows xp based light OS but its current version is only 43 MB in size because it includes only windows xp image + password unlocker software. It locates the partition containing windows installed, and at the same time gives option to choose another partition (in case it has located wrong partition or in case of multi-boot system). As it is also a windows xp based utility, it doesn’t work for windows 8/8.1  A screenshot of this utility is shown below :

136093-windows-password-unlocker-enterprise

c) Kon Boot : It is a DOS based utility used to Reset / Bypass / Remove Windows password. It is even lighter than the other two due to the fact that it contains image of DOS based OS. As it is also a legacy OS based utility, it doesn’t work for windows 8/8.1. Screen shot of KonBoot Reset tool is shown below :

 

booting-konboot-11

  •  Net user command Method

Net user is one of the oldest commands used to reset Windows password without using any external utility. Its idea is simple, we can reset password of any user if we are one of the Admins of system. The general syntax of this command is :

net user <user-name> * (Press Enter)

Open CMD (command prompt) with administrative rights to type this command.

For eg : net user gagan * (Enter)

To view list of users on the system, use <net user> command.

 

  • Resetting Windows 8/8.1 passwords

When we want to reset password of a Windows 8.1 based system (where windows 8/8.1 was pre-installed), the conventional methods described above do not work due to UEFI firmware settings. We need Windows 8/8.1 based Live CD to reset such passwords (or Linux based Live CDs). The most popular and easy to use Windows 8.1 based Live CD is Gandalf Windows 8 PEIt allows to boot using Legacy mode and still accesses Hard Disk because its not a legacy OS. We can easily boot using this disk and reset it using any utility from Hiren’s collection  (like Windows Gate) or any other available utility. Please note that here we are referring to Windows 8/8.1 local account password and not Microsoft account password.

 

We can also Reset Windows 8/8.1 password using our vendor’s Recovery module. For Eg. in HP based laptops, F11 is the recovery key. To enter Recovery mode, we can press F11 continuously as soon as system starts. After that, windows starts in recovery mode. Similarly in some Dell based laptops, to enter recovery mode, restart  with Shift key pressed. The following screens appear one after another, after following your vendor’s method of entering into recovery mode.

keyboard-layout

My keyboard layout is US (top left), choose yours accordingly.

jTw1r

Choose Troubleshooting option

 

 

ZOfn7

Choose Advanced option

 

uVNVJ

Choose Command Prompt option.

After that we’ll use a trick called utilman trick. We know that when logon screen opens and prompts for password, we have Utility Manager setting on the left which can be used to open Narrator and other things as shown

 

login-screen-windows-8 (Custom)

 

The trick is simple, we will enter command prompt mode of recovery mode and rename command prompt to utility manager so that when we click on this button (left bottom corner of above screenshot), it opens cmd and we can use our regular net user command to reset the password. When we open command prompt mode, we have a command prompt pointing to

X:/Windows/System32

First of all, we’ll change the prompt to C:/ drive (or drive containing installed windows) because X is our recovery drive. then we’ll use commands to enter into system32 directory of c: drive using cd  (change directory) command.

cd Windows

cd System32

 

Now our prompt is on desired directory. We’ll rename Utility Manager to some other name and command prompt to utility manager using these commands :

rename utilman.exe utilman2.exe

rename cmd.exe utilman.exe

 

Now restart your computer, at the logon screen, click on bottom left icon and command prompt will open. Now use the net user trick (described above).

Post your queries in comments section (if any)

4 Comments

  1. Great article! I am using the latest version v3.2 of PCUnlocker Enterprise, it can boot in UEFI mode and reset lost Windows user password. It’s worth a try!

    • Hey Gareth!
      Thank you for enlightening us about your choice, this may help people here. However, in this tutorial we just focused on standard technique.
      Cheers!

  2. In order to run cmd in recovery mode, you have to enter a password for a account with admin rights. Thus your solution is not valid. In order for your solution to work, you will need to boot with a different OS eg: Linux Mint and then you will have access the Windows 8 file system ..

  3. Thank you for sharing,
    I followed the steps to the command prompt option, but the password screen doesn’t show the option of the utility management (that is, where the on screen keyboard is normally located).
    Pls do reply me, thank you

Leave a Reply

Your email address will not be published. Required fields are marked *