You have a Windows 10, Windows 11 or Windows Server machine in which you have locked yourself out and cannot login using a local administrator account. You need to reset the local administrator password without re-installing the operating system.
Option 1 – Windows boot disk
Create a Windows 10 boot disk by burning a Windows 10 or Windows Server iso file to a USB or CD disk. .Then boot into Windows 10 using that boot disk. On the Windows Setup screen, press Shift + F10 keyboard shortcut and a Command Prompt window will open. In the Command Prompt window, run the following two commands, which will replace the Utility Manager on Windows 10 sign-in screen with Command Prompt.
move c:\windows\system32\utilman.exe c:\ copy c:\windows\system32\cmd.exe c:\windows\system32\utilman.exe
After the two commands are executed successfully, remove the Windows 10 installation disk and restart the computer. You can restart the computer using the command “wpeutil reboot“. After reboot, reset the Windows 10 local admin password with Command Prompt. After computer restarts and comes to Windows 10 sign-in screen, click on the Ease of Access icon in the lower-right corner. This will bring up a Command Prompt window if the previous three steps went right. In the Command Prompt window, type the password reset command “net user” and hit Enter to set a new password for your Windows 10 local admin account. Once password reset is complete, close the Command Prompt and then you can sign into the admin account with the new password.
Finally, to restore the Utility Manager to its original state, carry out the following tasks.
- Reboot your computer from the Windows 10 installation disk again and when you get to the Windows Setup screen, press Shift + F10 to bring up Command Prompt window.
- Run the following command.
copy c:\utilman.exe c:\windows\system32\utilman.exe
Option 2 – Kali Linux Live or Trinity Rescue Kit
You can use the Kali Linux live CD to reset the local administrator password in Windows 10 or 11.
First off, you need to download and burn the Kali Linux iso into a DVD or USB medium and make it bootable via software, such as Rufus, Balena Etcher and WoeUSB. Review this separate KB article for instructions on how to burn the Kali Linux iso image to a bootable disk.
When you boot from your Kali Linux disk, you should choose the Live (forensic mode) option. Login with the default Kali Linux administrator credentials when prompted to do so.
Kali Linux Live Forensic Mode
While inside the Kali Linux operating system, run the File Manager utility and navigate to the directory where the Windows Security Accounts Manager (SAM) database is located. The Windows SAM is a database file in the operating system which contains usernames and passwords. This file is usually located in /Windows/System32/Config. Open a terminal and execute the following commands
cd /media/root/[yourpartitionname_here]/Windows/System32/Config # Show a list of all usernames inside the SAM database sudo chntpw -l SAM # Replace "youruser" with your actual Windows user from the above list chntpw -u youruser SAM
At the “User Edit Menu” section, type 1 (one) to clear the user password.
Then press y (Yes) to save the changes to the SAM hive. You should now be able to reboot your Windows machine and log on as an administrator without the need of a local administrator password.
An alternative to Kali Linux Live is the Trinity Rescue Kit or TRK. Trinity Rescue Kit is a free live Linux distribution which aims specifically at recovery and repair operations on Windows machines, but is equally usable for Linux recovery issues.
Option 3 – Third party software
You can purchase a third party software application which automates the local administrator password reset with a few clicks. Some notable third party software examples are the following: