Recently someone I knew decided to change their password, and later forgot it.  This account was the only Administrator account on the system.   And while their data was just fine they had no access to their desktop.  So they called upon ‘jermsmit’ to assist them in getting logged onto their system once again.   Here I will be providing the steps I took to get admin account to their system.

What you do with this information is for you to decide.

What is required?

  1. USB Stick – Loaded with a live distribution of Linux, or even a live Linux CD will work just fine
  2. A little bit of Linux and Windows cli knowledge (The live CD may also have a desktop UI, I still personally prefer using the cli for these operations)
  3. How to create a windows user account and elevate permissions via the windows command prompt

Now for the steps:

Boot the computer using the Live USB stick or Live CD
Once booted into the system; proceed to mount the windows file system
Once mounted browse to Windows System32

Here will we be renaming the file named ‘Utilman.exe’ to something like ‘Utilman.exe.backup’ I do not suggest deleting this, you will need it later to restore the system back to its normal behavior

Once the ‘Utilman.exe’ has been renamed, make a copy of ‘cmd.exe’ and name it ‘Utilman.exe’.
At this point you can reboot into Windows as you would do normally.

-After the reboot-

Windows will start up to the normal log-on screen.  At this point you will press the ‘Windows key’ and ‘U’
A command prompt window will open and be running at system level access (you have windows root)
Here you will be able to create a new account and give it administrator rights on the system:

How-To:  add account via the command prompt:

net user jermsmit password /add
net localgroup administrators jermsmit /add

After you have created your new logon account and granted it administrator rights, reboot and logon, you now are the administrator and can reset your other windows account password.