Certain situations can arise where you no longer know a Windows user account password and need to reset it or make a new one. Third-party tools can assist, but in my experience, many of them have been hit-and-miss.
In this post, I will show you step-by-step how to reset a Windows password using Windows install media with the help of Utilman and cmd. I will also show you a way to prevent this.
Utilman is the executable name for the Utility Manager in Windows. Utility Manager allows for easy access to accessibility features in Windows. You can call Utility Manager right from Windows by pressing the Windows key and the letter U simultaneously.
On the Windows login screen, you can invoke Utilman by clicking on the Ease of access or the Accessibility icon in the bottom right beside the network icon.
If we make Utilman launch CMD instead, we can get a command prompt window running with system-level permissions.
Prerequisites
- Physical access to the system.
- Bootable Windows install media.
The Process
- Boot off of the Windows install media.
It doesn’t matter if the Windows install media matches the target OS.
- Click on Repair your computer.
- Select Troubleshoot.
- Select Command Prompt.
- Change to C drive by entering
C:
- Switch into
Windows\System32
by enteringcd Windows\System32
- To save a copy of the real Utilman, we will rename
utilman.exe
toutilman.exe.bak
with the commandren utilman.exe utilman.exe.bak
- To make CMD execute when Utilman is launched, we will copy
cmd.exe
asutilman.exe
with the commandcopy cmd.exe utilman.exe
- Reboot the system.
- Click on the Ease of access or the Accessibility icon in the bottom right of the login screen beside the network icon to launch CMD.
- You will now have a command prompt window running at system-level on the login screen.
With the command prompt running at the system level, you can use net user commands to reset any password or make a new account and add it to the groups as needed using the net group command. For more details about the net user and net group commands, my blog post, Net User and Net Group, goes into more detail.
This process can also be duplicated with other bootable media.
I’ve confirmed this works on fully patched versions of Windows Server 2016, Windows Server 2019, Windows Server 2022, Windows Server 2025, Windows 10, and Windows 11. I suspect this also works on even older versions of Windows that I haven’t tested.
Undoing
There are a few ways to undo the utilman cmd swap. The simplest method that doesn’t require another reboot is to run the System File Checker by running the command sfc /scannnow
. The SFC scan will detect that the hash for Utilman doesn’t match and fixes it.
The other method is to replace the CMD version of Utilman.exe with the backed-up version of utilman.exe.bak.
Prevention
The best method I’ve found to prevent the utilman password reset is to encrypt the system disk with BitLocker, as when the system drive is encrypted with BitLocker, you can’t mess with any of the files on the system without the BitLocker key, even if you have physical access or use other bootable media.
My Theory
My theory on why the utilman password reset is still possible on Windows and hasn’t been patched out is that it might not be possible to patch it out. Also, when you have physical access, there’s little that can stop you.
If someone gains physical access to a system, you should treat the system as compromised. Maybe Microsoft doesn’t consider this a threat because you can prevent this with BitLocker. Why Microsoft doesn’t make a lite version of SFC to check files like this on boot-up and fix them if the hashes don’t match, I don’t know.