Byon May 15, 2017
Coming to the aid of a fellow forum member, TSers recently shared around a dozen ways to handle a lost Windows password. We were so impressed with the list that we’ve decided to editorialize some of it for easier access.
We’ve included five of what seem like the most approachable ways for resetting or recovering your Windows password along with abridged instructions on how to execute them and some alternatives toward the end.
Before moving on, if you log into Windows with an online Microsoft account (offered as the default during setup since Windows 8), you can likely just reset it online at Microsoft’s site using another device with Internet.
#1 Use a command prompt to change your password from the Windows login screen
How it works: Swaps the Utility Manager on your Windows login screen for a command prompt, from which you can change the forgotten password.
What it works on: Your offline Windows account. Doesn’t require extra software though an installation disc might be handy for the first step. Windows XP users can skip past step 3.
To put a command prompt on your login screen you’ll need to use a separate command prompt from your Windows installation disc, a recovery drive/partition or by accessing the ‘Advanced Startup Options’ some other way. After testing, nothing has been as reliable or easy as simply booting off a Windows disc/USB drive, which you can set up without having a license:
Download Windows 10 – Setup instructions – Quick navigation: After booting off the installation media and reaching the first prompt for your language, region etc. you can simply hit Shift + F10 to make a command prompt appear.
Step 1: Swapping the Utility Manager for a command prompt
Assuming you’ve made it to a command prompt, enter the two lines below to create a backup of the Utility Manager and then overwrite it with cmd.exe.
Note that “?” should be your Windows drive letter. To list all your drives launch DiskPart by typing diskpart and then enter list volume.
move ?:\windows\system32\utilman.exe ?:\windows\system32\utilman.exe.bak
copy ?:\windows\system32\cmd.exe ?:\windows\system32\utilman.exe
Reboot. Now when you click the Utility Manager on your login screen, it should launch cmd.exe.
Step 2: Changing your password
At the command prompt on your login screen, enter the following line to set a new password on your account (USERNAME is your account name and PASSWORD is the password you’d like to apply):
net user USERNAME PASSWORD
Example: net user George bestpassw0rd — also, typing net user alone will list the accounts if you can’t remember your username either.
Bonus: From the command prompt on your login screen, enter control userpasswords2 for a GUI-based account manager.
Step 3: #&@!… That didn’t work!
You still have options. In the command prompt, enter the text below to enable the default administrator account (requires a reboot):
net user administrator /active:yes — /active:no when you’re done with the account later
After rebooting you should see the Administrator account listed and it shouldn’t need a password to log in. Retry step 2 from a command prompt within this elevated account.
These steps are less involved on Windows XP:
- Boot into Safe Mode with Command Prompt (reboot your PC and tap F8 as it’s starting up but before Windows loads to see the option)
- Tap control + alt + delete twice at the login screen for the option to type in a username and enter Administrator which should provide access to a command prompt where you can view Windows accounts by typing net user and apply a new password via net user USERNAME PASSWORD (example: net user Bill bestpassw0rd)
- Reboot and try the new password
#2 Official Microsoft DaRT disk
How it works: Offers TechNet subscribers a “Locksmith” tool using the familiar Windows GUI to set a new password on the account(s) of your choosing.
What it works on: The DaRT version number typically matches the copy of Windows it works on (DaRT 10 is for Windows 10 etc.).
Based on the Windows Preinstallation Environment, DaRT (Diagnostics and Recovery Toolset) is an official Microsoft utility suite that includes a registry editor, file explorer, crash analyzer as well as tools to restore files, repair disks, scan for viruses and more. Among them is a straightforward utility that should have a new password applied to your Windows account after a few clicks and may be less spooky than software such as Ophcrack.
Professionals with access to volume licensing for Microsoft products can also download the Microsoft Desktop Optimization Pack, which is another boot disk that contains a copy of DaRT.
#3 Offline NT Password & Registry Editor (Chntpw)
How it works: Gives you a bootable environment outside of Windows to edit the password in your SAM file.
What it works on: The local account of any NT-based Windows operating system, which includes Windows 2000 through Windows 10 (excluding fully encrypted NTFS partitions).
This might be the most used password recovery tool considering it’s included with popular boot disks and Linux distros such as Hiren’s Boot CD, Kali Linux and Trinity Rescue, which calls its password tool “winpass” but it’s actually just a script that launches NTpasswd/Chntpw.
Assuming you have one of those solutions around, that might be the quickest path to accessing Windows again. If you’re familiar with one of them but don’t have it handy, here are the download links and quick setup instructions for each one mentioned:
- Download Hiren’s Boot CD – Setup instruction – Quick navigation: Launch Offline NT/2000/XP/Vista/7 Password Changer from the main menu > choose your Windows installation > Edit user data and passwords
- Download Kali Linux – Setup instructions – Quick navigation: Mount your Windows drive > go to MS SAM (cd /media/win/Windows/System32/config/) > enter chntpw -u [username] SAM > choose clear or edit password
- Download Trinity Rescue – Setup instructions – Quick navigation: Press enter to run Trinity > Windows password resetting > Interactive winpass > choose your Windows installation > Edit user data and passwords
If you’d rather go straight to the source, you can also download and boot from only the password recovery tool itself:
Download Offline NT Password & Registry Editor (Chntpw) – Setup instructions – Quick navigation: Press enter to boot when prompted > choose your Windows installation > ‘Password reset (SAM)’ > Edit user data and passwords > Enter the desired user’s RID > Clear (blank) user password
#4 Ophcrack LiveCD
How it works: Provides a bootable environment that uses LM hashes through rainbow tables to brute force your Windows password, which is provided once discovered.
What it works on: Windows (both local and Microsoft accounts), Linux and Mac OS X
Perhaps the second most notable password recovery tool and maybe the most memorable by name, Ophcrack will also require you to download an ISO and put it on a bootable disk or drive, though it uses different technology than Offline NT/Chntpw so it could make for a fantastic backup solution and may even be worth trying first.
Although it’s commonly flagged by antiviruses as being a potential threat, Ophcrack isn’t loaded with malware. The subject is addressed on the software’s FAQ section, which notes that the installer includes a tool called “pwdump6” by Fizzgig that often turns up as a false positive, typically because of the files “samdump.dll” and “pwservice.exe” — again though, neither pose a known security risk.
Download Ophcrack LiveCD – Setup instructions – Usage guide/tips – Quick navigation: Enter Ophcrack Graphic mode – automatic > Double click Launcher on the LiveCD desktop > Search for tables and start Ophcrack
How it works: Provides a boot disk with a clean GUI that shows detected Windows users and their passwords along with the ability to reset them.
What it works on: Windows XP through 10 including Server editions etc. with separate tools for passwords on MS Office, iTunes, PDFs and RARs.
In the event that you’d like to pay for your mistake, iSeePassword charges ~$30 for a “Password Recovery Bundle” that covers more than just Windows and although you’ll still have to make a bootable disc/drive to load the software, it will display everything you need in the first window that appears so there isn’t any navigation once you’re in — perhaps the only perk of going paid.
Additional tips and honorable mentions
While easier said than done if your password is already lost, the best way to avoid this situation is not losing it in the first place, either by writing it somewhere safe or keeping a digital backup on your phone, on the cloud, or in dedicated software such as Keepass.
Microsoft’s method for resetting an offline Windows password is about as useful as not losing it at all because you have to create the password reset disk in Windows before locking yourself out and that tool only works on the account/PC used to create it.
If the forgotten password was recently applied and you don’t mind using Windows Restore, you can wind back to a point before changing it: Tap F8 during bootup before Windows loads to reach advanced boot options > repair your computer > system restore.
Few if any of these methods will help with a lost pin code or picture password, and although the open source utility ‘Mimikatz‘ can extract plaintext passwords, PIN codes and kerberos tickets from memory, it doesn’t seem as straightforward to use as the tools above.
Hopefully if you’re still reading this you’ve figured out how to get back into your Windows account, but in the event that none of those methods worked for you, here are four more tools worth trying that work differently than those we’ve already mentioned.