- Poll: How reliable are ChatGPT and Bing Chat? - Tue, May 23 2023
- Pip install Boto3 - Thu, Mar 24 2022
- Install Boto3 (AWS SDK for Python) in Visual Studio Code (VS Code) on Windows - Wed, Feb 23 2022
If you no longer have access to a Windows 10 computer, say because you forgot the password of your Microsoft account or because the trust relationship between the workstation and the Active Directory domain failed, you need a local account with administrator rights. If you haven’t used the local account for a while, you also might not remember its name and its password. It is also possible that no other local account exists on the computer for security reasons.
In such situations, you can follow the procedure described below to offline activate the built-in administrator account.
- Boot from your Windows 10 setup media. You might have to change the boot order in the BIOS of the computer if Windows 10 starts after you inserted the media. After Windows setup has started, you have to press SHIFT+F10 to open a command prompt.
- Next, find the drive letter of the drive where Windows 10 is installed. The drive letter might be different from the one you use when you boot up Windows 10. The Windows setup media is usually on X: and, in most cases, Windows 10 is located on drive D:. To get an overview of the available drives you can run echo list volume | diskpart. You can recognize the correct drive by viewing its contents with the dir command (dir d:\users). The date of your profile folder should show the last date you logged on.
- You can now replace the utilman.exe file with cmd.exe in the system32 folder of the Windows 10 system directory. But first you have to create a copy of utilman.exe so that you can restore it after you activate the administrator account. Make sure you use the drive letter that you found in step 2:
move d:\windows\system32\utilman.exe d:\ copy d:\windows\system32\cmd.exe d:\windows\system32\utilman.exe
- Now, remove the boot media and reboot:
wpeutil reboot
- Wait until Windows 10 boots up, press a key, and then click the Accessibility options A command prompt should open on the login screen. At this point, you have full access to your Windows 10 installation without having signed in. You could also reset the password of any account.
- You can now enable the built-in administrator account. You should also set a password because, by default, the administrator account password is blank:
net user administrator /active:yes net user administrator <your password>
- After you close the command prompt, you can sign in with the newly activated administrator account. If the computer does not belong to an Active Directory domain, you can just enter “administrator” as the user name after you click Other user. If the computer is a domain member, you should add “.\” in front of the name (.\administrator) to ensure that you log on locally:
After you sign in, you might want to restore the original utilman.exe. To do so, you have to boot again from your Windows 10 setup media and open a command prompt as explained in step 1. Then, you have to enter this command to restore utilman.exe:
Subscribe to 4sysops newsletter!
move /y d:\utilman.exe d:\windows\system32\
Read the latest IT news and community updates!
Join our IT community and read articles without ads!
Do you want to write for 4sysops? We are looking for new authors.
And I also tried multiple antivirusses, including Avast, Avira and AVG. All downloaded from the vendors’ websites. This is troubling me, because I have a lot of important work on my laptop, and I can’t afford to lose it.
Regards
Maybe you already have an AV software installed that prevents the installation.
Worked perfectly and saved me a lot of stress. Thanks!
When I run the net user command on Windows 10 Home, I get “the rpc server is unavailable.” Any ideas?
@Chris
Usually it’s the consequence of a denied access because you didn’t run from an elevated command prompt.
Will this process delete my files?
If the administrator account was active before and you encrypted files with the administrator account and EFS, you will loose these files. You will also loose encrypted information in Internet Explorer (stored passwords, for instance). This all applies only to the administrator account. Files of other users are not affected.
Hi!
I tried following the steps. But when I input the command move d:\windows\system32\utilman.exe … I get a response that the system cannot find the specified path…
What am I doing wrong?
btw, I verifed that the usb was actually e:\, so i tried that and got the same
Check the installation folder of windows where your current windows is install. You can change to C or D or E where the current windows is booting.
Nice informative article.
This really saved my butt!! Thanks!!
Thank you very much for this- it saved me the wrath of my teenage daughter who forgot her “sentence long” password…
I did find one shortcut- thorugh the bios boot menu, there is an option to access the “terminal”, where you can enter the DOS commands you list. This means I didn’t have to begin the new Windows installation to get to the CMD prompt.
Thanks again,
-Mike
Can you please explain your method to me?
Thanks !This method still working perfectly
waw! impressive!
Bravo
Any update on bringing the cmd prompt at login screen? I also can’t get the command prompt at login screen by clicking Ease of access or pressing shift key 5 times in normal or safe mode.
Hi, thank you for this information!
I have tried several times but can’t seem to get this to work. I found the OS drive using notepad, used “dir c:\users” and saw my accounts. Then I tried to move the file as in step 3 and I get – “ The file cannot be accessed by the system.”
I then tried to cd to c:\ but it does nothing then pops up as X:\sources> , again.
One thing is that my computer is upgraded to windows 10 and the boot USB is windows 8
any idea where to go from here?
Thanks very much.
Calvin, either your system drive is encrypted or you using the wrong drive letter. Just try different letters and see if there is a Windows installation.
Hi Michael, I’m in a bad situation right now and could really do with your help. My brand new laptop running Windows 10 has been stolen. I’ve set up bit locker and find my device, tried to locate it but its not been turned on since stolen so impossible to track it. Is there any way to track the Laptop while it’s turned off like with the serial number or to blacklist it. I believe even when switched off the battery stays on to maintain the time and date. Please Help ( there’s a £100 reward if you manage to help me successfully locate it)
Thank you
Sheldon Rodrigues
+447413719691
@Sheldon
According to Microsoft:
However, this is true for every application which locates devices and every type of device (computer, phones, …).
Furthermore, instead of starting the computer the thief can just reinstall it. And then I guess it will not be possible anymore to locate it…
But before you give up, wait a few days…
Here is the whole procedure for a Windows 10 computer:
https://support.microsoft.com/en-us/help/11579/microsoft-account-find-and-lock-lost-windows-device
This method is very promising. But can’t we use sethc.exe rather than utilman.exe so we can get cmd using shift key on log screen.
Hey,
I tried to use the command "move d:\windows\system32\utilman.exe d:\" on both d and c.
On "D" i got "The system cannot find the file specified"
On "C" i got to see the last logon's but same message "The system cannot find the file specified".
Any tips there?
Your windows is installed in another drive. Try checking other directories by dir command. If you found the windows and users folders in any drive, that is the drive that windows is installed on. Mine was in f drive. (You should keep that in mind that the name of the drives are different from what you actually see in the windows)
Really thanks for the help. I really panicked that I thought I had to reinstall windows.
Anyone able to help me? I tried using shift+F10 but it still won't show up for me 🤷♀️
Did you see the setup screen?
Does this still work or has it been patched?
I am able to get onto command off my external hard drive windows startup, I have identified the user accounts on my hard drive in the d:\user directory.
The move and copy command work but when I reboot and press ease of access nothing happens. Not only does it not open command but it doesn’t open the accessibility options either?
Any help with a fix/alternative?
I guess Defender got in your way. Read this
I can’t logged in because I forgot my pin. I can access my cmd in bios but that also requires a pin… And downloading the windows 10 setup is taking forever…any ideas?