Occasionally I will have a client who forgets their Windows 10 Local Account login password.
This article, which is strictly for my personal and educational use only, covers how to bypass the Windows 10 login screen so that I can, with their consent and permission, access client data for recovery or properly reset their Windows 10 login password.
WARNING: If the target PC is using BitLocker, performing the actions listed below will NOT unencrypt the data. Because of this, the data will still be inaccessible without the original, correct password. In short, do not do this if BitLocker is being used. I also highly recommend creating a system image (as a backup) to revert to incase things go sideways.
- Boot the PC from a bootable USB Windows 10 installation media.
- Once at the Windows Setup window, access the command prompt by pressing: Shift + F10
- List all the drives that are on this PC using the following command: wmic logicaldisk get name
- Cycle through each drive letter by entering the drive followed by a colon: c:
- Then list the directory contents for the selected drive using: dir
- Once the directory containing the Windows folder is located, access it and the underlying System32 folder using: cd windows/system32
- Within the System32 folder rename the utilman.exe file as this will essentially back it up using: ren utilman.exe utilman2.exe
- Next, copy the command application to a new file which replaces the original utilman.exe that was renamed above using: copy cmd.exe utilman.exe
- Now reboot the PC normally and at the Windows 10 login screen, click on the Ease of Access icon down at the bottom right of the screen. This should now bring up a command prompt window because the utilman.exe was replaced with cmd.exe.
- Next, enter the following command which will allow us to update the user account password: net user [username] [password]
- Note, in the step above simply replace [username] with the current user’s name and [password] with what ever temporary password desired.
- Once completed access the user account using the [password] set in the prior step. Access the data (assuming BitLocker was not being used) and/or reset the user account password if needed.
- Note, Windows Defender will/may incorrectly identify the utilman.exe file as a Trojan. This is because utilman.exe (currently) is actually the command application cmd.exe.
- Finally, undo the rename of utilman.exe otherwise the Ease of Access feature won’t work. Do so by opening the command prompt as an administrator and enter the following command: sfc /scannow
As always, I welcome your thoughts, questions or suggestions on my article on bypassing the Windows 10 login password.
Let me know if you found any errors within my article or if I may further assist you by answering any additional questions you may have.