Reset Windows Password

Reset Windows Password

Certain situations can arise where you no longer know a Windows user account password and need to reset it or make a new one. Third-party tools can assist, but in my experience, many of them have been hit-and-miss.

In this post, I will show you step-by-step how to reset a Windows password using Windows install media with the help of Utilman and cmd. I will also show you a way to prevent this.

Utilman is the executable name for the Utility Manager in Windows. Utility Manager allows for easy access to accessibility features in Windows. You can call Utility Manager right from Windows by pressing the Windows key and the letter U simultaneously.

On the Windows login screen, you can invoke Utilman by clicking on the Ease of access or the Accessibility icon in the bottom right beside the network icon.

Utility Manager running on the Windows login screen.

If we make Utilman launch CMD instead, we can get a command prompt window running with system-level permissions.

Prerequisites

The Process

It doesn’t matter if the Windows install media matches the target OS.

CMD running at system level on the Windows login screen

With the command prompt running at the system level, you can use net user commands to reset any password or make a new account and add it to the groups as needed using the net group command. For more details about the net user and net group commands, my blog post, Net User and Net Group, goes into more detail.

This process can also be duplicated with other bootable media.

I’ve confirmed this works on fully patched versions of Windows Server 2016, Windows Server 2019, Windows Server 2022, Windows Server 2025, Windows 10, and Windows 11. I suspect this also works on even older versions of Windows that I haven’t tested.

Undoing

There are a few ways to undo the utilman cmd swap. The simplest method that doesn’t require another reboot is to run the System File Checker by running the command sfc /scannnow. The SFC scan will detect that the hash for Utilman doesn’t match and fixes it.

SFC scan detected that the utilman.exe hash is different

The other method is to replace the CMD version of Utilman.exe with the backed-up version of utilman.exe.bak.

Prevention

The best method I’ve found to prevent the utilman password reset is to encrypt the system disk with BitLocker, as when the system drive is encrypted with BitLocker, you can’t mess with any of the files on the system without the BitLocker key, even if you have physical access or use other bootable media.

BitLocker key entry screen

My Theory

My theory on why the utilman password reset is still possible on Windows and hasn’t been patched out is that it might not be possible to patch it out. Also, when you have physical access, there’s little that can stop you.

If someone gains physical access to a system, you should treat the system as compromised. Maybe Microsoft doesn’t consider this a threat because you can prevent this with BitLocker. Why Microsoft doesn’t make a lite version of SFC to check files like this on boot-up and fix them if the hashes don’t match, I don’t know.

Exit mobile version