How to reset a forgotten Windows 8 /10 account password


Recommended Posts

How to reset a forgotten Windows 8 / 10 account password

If you buy a computer or are working a computer with windows 8 you might find it harder to do simple tasks because of the UEFI. Today I got a computer in my office where all off the sudden he could not log onto his Windows 8 account, he must have somehow changed the windows 8 logon password and had no idea what the new password was.

Because of the UEFI bios, a lot of the bootable utilities I would use to reset the password couldn?t see the hard drive, including bartpe. The bios also had very little settings.

Upon looking online there was a neat little password reset hack for Windows 8

  1. Boot off a Windows 8 DVD / USB
  2. Select Repair Your Computer

repairx.jpg

Select Troubleshoot ? refresh or reset your pc or use advanced tools

trouble.JPG

Select Advanced options

advacned.JPG

Select command prompt

adb2.jpg

Once the command prompt appears navigate to the c:\windows\system32

cmde.jpg

  1. Rename utilman.exe to anything else (ren utilman.exe utilman2.exe)
  2. Rename cmd.exe to utilman.exe (ren cmd.exe utilman.exe)
  3. Now restart the computer.

Once inside windows at the password box, click the little icon in the bottom left of your screen. At this point a command prompt will open up. At the command prompt type

Net user (Then your username) *

Make sure there is a space between your username and the *. Then press enter. It will now ask you to enter a new password for your account. You have to type it twice.

That?s it! You should now be able to access the account again! Once you are back into your account you will want to go back to c:\windows\system32 and rename those files back to what they should be.

...

 

Accounts which are tied to a Microsoft Account.

 

I had a customers machine in my office which he had forgotten the password. He also somehow signed it up with a bogus gmail address. So there was no address to send a reset code to.

I was about ready to reinstall when I wondered if I would be able to activate the administrator account using the command prompt above.

 

So on that command prompt window above I typed in

 

net user administrator /active:yes

 

it said the command had been entered successfully. I then restarted the computer and upon reboot, the administrator account was an option. Once logged in I was able to access the account, backup his file and then delete the account off the computer and create a new one.
 

I had to use the command prompt to create a new user. So I ran utilman (cmd was still renamed) ... and typed

 

net user username password /ADD

 

example 

net user owner 1234 /add

 

Now I logged into the admin account and set that account up from standard to Admin and removed the password.

Link to comment
Share on other sites

Easiest thing to do would be to change it using another machine, and going to live.com

Link to comment
Share on other sites

Easiest thing to do would be to change it using another machine, and going to live.com

Although I agree, There are circumstances like: no Internet connection, and/or the account being a local one not a Microsoft's, which makes this method the only one available...

Link to comment
Share on other sites

  • 7 months later...

You can change anyone's password only knowing their username?? Seems like a security flaw to me :| Of course you need physical access and a DVD/USB but that's not hard.

 

You should see how easy it is on previous version of windows using a password reset CD. Takes about 30 seconds to nuke anyone password.

Link to comment
Share on other sites

  • 7 months later...

Just out of curiosity, does anybody know if the Linux program chntpw works on Windows 8?  I've used it on my Ubuntu computer to change Windows passwords on XP, Vista, and 7, but haven't had a need to try it on Windows 8 yet.

Link to comment
Share on other sites

  • 9 months later...

2nd the sticky!!! Thank you warwagon!!!

Link to comment
Share on other sites

Great ProTip Warwagon

In the past, Konboot, or Lazesoft's PW Reset, NT Offline, even Ophcrack made Windows passwords easy to get past.

One question:

Since most people log into their Win8 machine via an online-type account - does this still get them access to that account, or does it boot them in some type of dummy account ?

Basically, when the PW is reset, then they log in, is it the exact same environmnet (user account) as before ?

 

Link to comment
Share on other sites

Great ProTip Warwagon

In the past, Konboot, or Lazesoft's PW Reset, NT Offline, even Ophcrack made Windows passwords easy to get past.

One question:

Since most people log into their Win8 machine via an online-type account - does this still get them access to that account, or does it boot them in some type of dummy account ?

Basically, when the PW is reset, then they log in, is it the exact same environmnet (user account) as before ?

 

it just resets the "microsoft" account logon status to a "local account" the last time i used this method I was unable to logon to the system and could only create a new local account to carry out repairs via the MDOP msdart tools. the system was set up with encryption and a TPM chip so the outcome might be different for different setups

Link to comment
Share on other sites

it just resets the "microsoft" account logon status to a "local account" the last time i used this method I was unable to logon to the system and could only create a new local account to carry out repairs via the MDOP msdart tools. the system was set up with encryption and a TPM chip so the outcome might be different for different setups

OK, I was kinda thinking things would be different since the logon process is completely different than ones in previous OS - I havent messed with 8.1 personally, and know nothing - I still help friends with their computer problems, but I will be out of a hobby soon since I dont have any modern Kung foo- need to go back to playing golf -

Link to comment
Share on other sites

  • 4 weeks later...

Isn't this super lax on security? I mean, I used Windows 8.1 for the longest time. My question is, if you use a "live" account, does it change that password?

All my accounts are inter-linked. My XBOX Live PW was the same as my Windows 8.1, same with my OneDrive, and anything Microsoft related.

Excellent find, I agree, sticky it please!

Link to comment
Share on other sites

Isn't this super lax on security? I mean, I used Windows 8.1 for the longest time. My question is, if you use a "live" account, does it change that password?

All my accounts are inter-linked. My XBOX Live PW was the same as my Windows 8.1, same with my OneDrive, and anything Microsoft related.

Excellent find, I agree, sticky it please!

no in order to change those you would need to goto the account area of your account on the device or on the web and change it there, those password cracking apps only have the ability to crack the .SAM database files. what i did find strange, is that when you create an account with a microsoft login and then try to login to that account with no internet, you can still log into the account localy.

i dont know if this is a bug, so perhaps the microsoft account password is being stored in the .SAM database for "local access" if that is the case then its a huge security issue as .SAM files can be cracked which would then give the attacker access to the microsoft account.

Link to comment
Share on other sites

  • 3 months later...

You can change anyone's password only knowing their username?? Seems like a security flaw to me :| Of course you need physical access and a DVD/USB but that's not hard.

Look at how you do it on a Mac. Boot off an OSX USB stick. Go to the terminal, type resetpassword .. .select the user name and type a new password.

Link to comment
Share on other sites

This topic is now closed to further replies.