Most of you should have experienced forgotten password and locked out.
If you forgot password and can’t sign in to Windows, there are many ways to recover password if you are using Microsoft Account. For local account, only thing you can count on is yourself.
Fortunately or unfortunately, there’s a way to work around in Windows 8 if you forgot password, using old technique. In another word, there’s a way for anyone to access your PC.
There’s several ways to reset forgotten password, and there is commercial software that can do that. This time, I’ll show you technique using Windows 8 setup media. This technique exists since Windows Vista, and still exists in Windows 8 even though this could be taken as a severe security hole.
Configure BIOS or UEFI to boot from DVD, and boot from Windows setup media.
Once you see setup wizard, press “Shift + F10”, and call console screen.
Find drive where your Windows is installed (make a guess and try moving to c: or d:, etc, or check using diskpart).
Move to windows\system32 and look for Utilman.exe, then rename to Utilman.exe.bk. Then, copy cmd.exe to Utilman.exe.
If c: is your Windows drive,
c: cd \windows\system32 ren Utilman.exe Utilman.exe.bk copy cmd.exe Utilman.exe
Now, you are ready to go. Remove media and reboot PC.
When sign in screen shows up, click icon in lower left corner. This will launch console with administrative rights.
This is because you replaced Utilman.exe, with cmd.exe.
Since you have console with administrator rights, you can do anything. Use net command and check user list.
Find user you want to reset password, enter
net user <Username> <New Password>
and done. User now have new password, and you can use that password to sign in.
If you are using Microsoft account, you can’t change password with this command, but still, you can use administrator account to sign in. In Windows 8, Administrator account is hidden as default, but it exists internally. Enable Administrator account using command
net user Administrator /active:yes
and set password
net user Administrator <New Password>
Reboot PC once, and after reboot, you will see arrow next to user name. click on arrow.
You will see Administrator in list, sign in with password you just set.
Go to Microsoft homepage and recover user password, etc.
When you are done recovering user password, let’s put it back.
net user Administrator /active:no
Will hide Administrator account again.
User Windows setup media, and put back original exe file.
c: cd \windows\system32 del Utilman.exe ren Utilman.exe.bk Utilman.exe
Exe file can’t be set back from console in Windows 8. You can use takeown command to modify file owner, but this is bit complicated, I’m not going to cover this here.
Please do not use this technique for abuses.
This post is also available in: Japanese