Windows Password Reset

There are several ways to reset a user account password in Windows, mostly depending on how the account was setup originally (local account vs Microsoft account). Use the following procedure to ensure the process is done correctly every time.

Procedure

Determine best password reset procedure to use

Start by assessing the state of the computer and type of account being used. Take note of the following:

  • Is the OS drive BitLocker encrypted or encrypted with a third-party Whole Disk Encryption program?
  • Are you able to get to the Windows login screen?
  • Is the account local to the computer, an Active Directory account, or a Windows account?
    • Local: Most common. Probably a local account if it doesn’t match the below criteria
    • Active Directory: Typically preceded by a domain name, like \domain\user.
    • Microsoft Account: May see an email address on the login screen. After entering an incorrect password, gives you instructions to go online to reset the password.
  • Is the account the only account (other than built-in administrator) on the computer? If not, is it an Administrator account?

Dealing with Whole Disk Encryption

If the OS drive is BitLocker-encrypted or encrypted with some other WDE program, it will be necessary to unlock the drive with their BitLocker or WDE passphrase prior to commencing. If you are booting into Windows Recovery media, then you should be prompted to unlock the drive. If booting into a Linux distribution, you may need to install “Dislocker” in order to unlock the BitLocker-encrypted drive prior to resetting the password. This is available for Linux distributions via terminal command sudo apt-get install dislocker.

Forgot Whole Disk Encryption Passphrase

If the customer has forgotten their Whole Disk Encryption passphrase, then the only other method to unlock the drive is to use the Recovery Key, which would have been created at the time WDE was setup. If the customer cannot locate the key, we are unable to recover the data - no ifs ands or buts.

Reset local account password

(if you have already successfully completed a password reset, skip down to the “Quick Guide” for instructions without the explanatory text)

Local account passwords can be reset either via the “Ease of Access trick” or via Linux-based packages such as chntpw, or via Hiren’s Boot CD or Ultimate Boot CD programs like Offline NT/2000/XP/Vista/7 Password Changer. The Ease of Access trick is the easiest method to perform with the fewest ways to accidentally damage the Operating System.

Ease of Access trick

The goal of this method is to “trick” Windows into thinking we are opening the Ease of Access Center from the host OS’s login screen (where we would normally find Accessibility options like the on-screen keyboard and Narrator) but to instead open the command line utility with administrative rights. From the command line we are able to edit existing users and create new users if necessary. This is accomplished by temporarily moving the Ease of Access program (utilman.exe) to a temporary location and then copying and renaming the Command Prompt (cmd.exe) to utilman.exe. After the trick is performed, we reverse the moving/copying/renaming so that both cmd.exe and utilman.exe are back in their original locations.

Prepare the trick

  1. Find the appropriate Windows boot media to match the Windows version of the computer on which the account recovery is being performed.
    1. If you cannot locate an appropriate Windows boot media, perform the Ease of Access trick using a Linux Live CD (preferably Lubuntu) instead (note that if you have to do this via Ease of Access on a BitLocker-encrypted drive then you may need to unlock the drive as mentioned in the “Dealing with Whole Disk Encryption” section above).
  2. Insert the Windows boot media and boot to it.
  3. When prompted, choose to “Repair your computer” from the bottom left corner after booting.
  4. Click “Troubleshoot” and then click “Command Prompt”. A Command Prompt window will open.
  5. Find the drive letter of the OS partition. While you would normally find the OS partition at letter C:\, this is not always the case when booted to Windows installation media. Two methods to finding the drive letter are:
    1. In the command prompt, type d: and hit Enter. You will notice the path change (from something like X:\sources) to just D:\. Type dir Users - if the output of this command shows you a listing of the Users directory and you see non-default user account folders listed, then you can be reasonably sure that this is the correct drive letter. If not, repeat this step continuing through the alphabet (E:, then F:, etc) until you find the right letter.
    2. In the command prompt, type notepad.exe and hit Enter. In the Notepad window, go to File → Open. On the Open dialog, click on “This PC” on the navigation menu on the left. A list of all mapped partitions will be shown here. Look at the contents of each partition to find the customer’s OS partition and take note of the drive letter. Close Notepad to return to the command prompt.
  6. If you haven’t already, switch to the correct drive letter. Type D: (or E: or F:, etc) and hit Enter.
  7. Type the following commands, hitting Enter after each command to execute.
    1. cd Windows\System32
      1. Output: (no output if successful)
    2. move utilman.exe utilman.exe.bak
      1. Output: 1 file(s) moved.
    3. copy cmd.exe utilman.exe
      1. Output: 1 file(s) copied.
    4. Exit

Reset the password

  1. After completing the commands, eject the Windows installation media and reboot to the customer’s Operating System. The entire boot process should complete as it normally would and you should end up on the login screen.
  2. Click on the Ease of Access icon in the bottom right corner of the Windows login screen. This will open the renamed cmd.exe program, giving us an administrative command prompt.
  3. Reset the password with the following commands:
    1. net user
      1. Output: A listing of all users on the computer. Take note of the username you are trying to recover. Note that it does not always match the display name of the user, so use your best judgement to determine the right account. If you are unsure, type command net localgroup administrators to see a list of all administrator users and proceed with the password recovery for one of the administrator users.
    2. net user "username" password where username is the actual username of the account you’re resetting (don’t actually type username unless that is literally their username)
      1. Output: This command was successful

After completing the above steps, the user account password will be reset to “password” and you will be able to login immediately. If you are unable to login with “password” as the password, it’s possible that you reset the password on the wrong account. Repeat the steps above but choose the correct user account.

Revert changes to system files

After completing the password reset and verifying that you are able to login to the user account (and that you have access to at least one administrator user on the customer’s computer), it is important to revert the file copying and renaming performed earlier.

  1. Boot into the Windows installation media again, following steps 1-6 from section “Prepare the trick” above.
  2. Run the following commands:
    1. cd Windows\System32
      1. Output: (no output if successful)
    2. del utilman.exe
      1. Output: (no output if successful)
    3. move utilman.exe.bak utilman.exe
      1. Output: 1 file(s) moved.
  3. Eject the Windows installation media and boot back into the customer’s Operating System. Verify that you can open both utilman.exe and cmd.exe to their respective programs (Ease of Access and Command Prompt, respectively).

Quick Guide

The following steps summarize the information contained in the previous sections. It’s best to use the more wordy explanation to get acquainted with the process, then use the Quick Guide if you need a reminder after you’re familiar with the password recovery process.

  1. Boot to Windows installation media of the same version and edition as the customer’s Operating System.
  2. Click “Repair this computer” and “Troubleshoot”, then “Command Prompt”
  3. Switch to the appropriate drive letter (usually D: but could also be E:, F:, etc)
  4. Run the following commands:
    1. cd Windows\System32
    2. move utilman.exe utilman.exe.bak
    3. copy cmd.exe utilman.exe
  5. Reboot into customer’s OS.
  6. On the login screen, click the Ease of Access icon in the bottom right to open an administrative command prompt
  7. Run the following commands:
    1. net user to list all users on the computer
    2. net user "username" password where username is the actual username of the account you’re resetting
  8. Login to the user account with password “password” and verify that this account is an administrator (if not, reset the password for an administrator account and optionally promote this user to an administrator)
  9. Reboot the computer to the Windows installation media
  10. Repeat steps 1-3 above.
  11. Run the following commands:
    1. cd Windows\System32
    2. del utilman.exe
    3. move utilman.exe.bak utilman.exe
  12. Reboot to the customer’s OS and verify that you can open both utilman.exe and cmd.exe to their respective programs (Ease of Access and Command Prompt, respectively)
  13. Done

Reset Active Directory account password

Active Directory accounts must be reset from the Domain Controller, which is usually a physical Server (running Windows Server) at the customer’s workplace. This will typically be handled by a Remote Technician that has administrative access on the Domain Controller, but can also be done by an OnSite Technician if they can get physical access to the device.

Note: Unless the customer has actually brought us their Windows Server machine, we cannot reset Active Directory passwords in the shop. The customer should take the device back and reconnect it at their workplace before calling us to schedule a remote session. \ Additional note: If the account in question is an Active Directory account and the Active Directory server no longer exists, then we cannot reset the password at all. Instead, we would need to create a new local user account (which usually requires physical access) and then migrate the data.

  1. Login to the server with an administrator account
  2. Open Control Panel → Administrative Tools → Active Directory Users and Computers
  3. Find the Users folder in the navigation pane on the left (Active Directory Users and Computers → companydomain.local → Users) and locate the user account in question.
  4. Right click the user account in the list and click “Reset Password”.
  5. Fill out the Reset Password form, selecting to have the user change their password on next login. Notate the temporary password to provide it to the customer.
  6. Complete the Reset Password form, and give the new password to the customer. Instruct them that they will be prompted to reset their password on the next login.

What to do when AD domain is not reachable or no longer available

This method of recovery only works if the computer is still connected to the domain. If the device will not be attached to the domain network again (for example, if the customer no longer works at their previous place of business) or if the domain network doesn’t exist (business closed) then it will not be possible to recover the account “as-is”. Domain user accounts authenticate against the domain, or against the last known password hash from the Domain Controller. Since the Controller isn’t available and you can’t change the last known password hash, and because the Ease of Access trick only works on local user accounts, there is no way to reset the password and recover the account “as-is”.

You can, however, perform the “Prepare the trick” section above and steps 1-2- of “Reset the password” and then instead of trying to reset a local account password (which doesn’t exist), you can create a new local administrator account:

  1. net user "username" password /add where username is the name of the account you want to create (if you’re unsure, “Owner” is usually sufficient)
  2. net localgroup administrators "username" /add where username is the same username as you chose above

This will create a new local administrator user with password “password”. Login to that account and perform a data migration from the domain user account. Some OS and program settings may be lost in the process, but all the files that were on the previous account will be transferred.

Don’t forget to reverse the Ease of Access trick!

Reset Microsoft Account password

The actual process for resetting a Microsoft account password is perhaps the easiest of all of these methods, but in reality it can be the most time consuming if the customer is not in the habit of keeping up with accounts, emails and recovery methods. To reset a Microsoft account password:

  1. Go to https://account.live.com/password/reset
  2. Enter the email address associated with the user account from the customer’s computer. (You will typically see the email address after entering the password incorrectly).
  3. Follow instructions on the recovery process.
  4. Reset the password. Preferably, let the customer choose a password.

The process gets complicated if they don’t have access to their recovery methods (phone or email) or if they’ve also forgotten the recovery methods to get into their recovery email. Keep working down the rabbit trail of recovering recovery emails until you get the account reset. The record number of accounts recovered on this kind of rabbit hole, at the time of writing, is 4.

References

Changing the Customer's Password

Discard
Save
Draft
Was this article helpful?
Edit Page New Page Revisions Page Settings

Previous Page

Left

Next Page

Right

On this page

Review Changes ← Back to Content
Message Status Space Raised By Last update on