Skip to content

Instantly share code, notes, and snippets.

@superjojo140

superjojo140/windows_password_reset.md

Last active April 9, 2024 09:04
Show Gist options
  • Save superjojo140/10a8596b6ec0703e35fd596e87d3d2ae to your computer and use it in GitHub Desktop.
Save superjojo140/10a8596b6ec0703e35fd596e87d3d2ae to your computer and use it in GitHub Desktop.
Download ZIP
Windows password reset
Raw
windows_password_reset.md

Thsi is a guide to reset your local windows password.

⚠️ If you dont exactly understand what you do here, this could break your operating system. Please be carefull!

1. Boot from live system

Boot from another live operating system, for example from a USB stick with Linux or something similar (e.g. http://www.knoppix.org/). You need a console where you can access the hard disk of the computer.

You can also use the Windows installation CD. You can open the command line in the installation screen with SHIFT + F10

2. Replace some utility programs with cmd.exe

There are a few .exe programs that you can run from the login screen. If you replace these .exe files with cmd.exe, you can open a command line with admin privileges in the login screen and reset your password yourself.

  • C:\Windows\system32\Utilman.exe
  • C:\windows\system32\sethc.exe
    • Snap function of the Shift key.
    • Activate on login screen: Pressing the Shift key 5 times

Backup the corresponding "original" .exe and then replace it with C:\Windows\system32\cmd.exe

# On an unix shell (eg linux)
mv sethc.exe sethc.exe.old
cp cmd.exe sethc.exe

# On a windows shell
ren sethc.exe sethc.exe.old
copy cmd.exe sethc.exe

3. Use your prepared .exe file

Special case Windows 10

In Windows 10, you must first disable Protection against malware execution:

  • Start Windows normally until you reach the logon screen
  • Click on the shutdown options
  • Then hold down Shift and click on Restart
  • Windows will now start in a repair mode
  • Select Troubleshoot / Problembehandlung
  • Then Advanced options / Erweiterte Optionen
  • Then Startup Settings / Starteinstellungen
  • Then click on Restart
  • Now select Option 8 - Disable early-launch anti-malware protection
  • Now continue with the steps below

Restart Windows to login screen

Start Windows to the login screen and then activate the previously replaced .exe file (see Step 2 / Activate on login screen)
A command line should open. Here you can change your password:

net user <USERNAME> <NEW_PASSWORD>
net user peter s3cr3t  #Set password s3cr3t for user peter
net user peter ""      #Removes password completely for user peter
net user               #List all user accounts

4. Restore the original .exe file

Of course you would never leave a system in this vulnerable state... :D
So you should now replace the backuped original .exe file:

# On a windows shell
ren C:\windows\system32\sethc.exe.old C:\windows\system32\sethc.exe
@superjojo140
Copy link
Author

superjojo140 commented Apr 9, 2024
edited
Loading

Successfully tested with Windows XP, Windows 7 and Windows 10 (with disable early-launch anti-malware protection)

Has anyone tested this with Windows 11?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment