Jump to content











Photo

Reset a Windows 8 Password without using any third party software

do it in 10 minutes - how to

  • Please log in to reply
66 replies to this topic

#1 Jamal H. Naji

Jamal H. Naji

    Frequent Member

  • Tutorial Writer
  • 178 posts
  •  
    United States

Posted 11 December 2012 - 12:30 PM

*
POPULAR

Reset Your Windows 8 Password in 10 minutes without using any third party software / How to – Tutorial Guide
=======================================================================================


It has been less than 2 months since the launch of Windows 8 and I recieved tons of emails from Boot-Landers /members and
guests also friends and collegues asking me if there's a way to reset a forgotten Windows 8 password the easiest way ? The
answer was yes and as usual without the need for any third party software to unlock or remove or reset the user or admin
account password. Here I will try to make an easy to follow tutorial that will be usefull for novice users as well as professionals when they get stuck behind the logon screen of a Windows 8 because they lost or forgotten their password. So here's how to do it in 10 minutes or less :

1- You need a Windows 8 PC to make a System Recovery Disk .

2- You need a CD Burner + Blanck CD.

3- If you have a tablet or a netbook and you don't have a CD burner then You need a 512 MB USB thumb drive to make a System Recovery USB instead.

4- To make a system recovery CD, Go to control panel and navigate to Windows 7  File Recovery, click on that icon, and
from the next screen choose from the top left ( Create a System Recovery Disk ) and follow the on-screen instructions to make
that CD.

5- To make a System Recovery USB thumb drive go to control panel and navigate to ( Recovery ), click on that icon and from
the next screen choose ( Create a recovery drive ) and follow the instructions to make a bootable System Recovery USB.

6- When you are ready, boot the locked PC that needs to be unlocked with that CD or USB you just made, and follow the
pictures below :

001smg.jpg

002vax.jpg

003ik.jpg

7- The command prompt screen will open, type : diskpart and hit Enter key

004apt.jpg

8- Type :  list vol and hit Enter key (watch for spaces)

005clw.jpg

9- locate your Windows partition letter ( in our case here the letter will be C drive)

10- Type : Exit and hit Enter key.

006vcu.jpg

11- Type:  c:   and hit Enter key  (your Windows drive maybe different so change it accordingly to the drive letter you have)

007lwc.jpg

12- Type: cd windows (watch for spaces ) and hit Enter key

008ymh.jpg

13- Type: cd system32 (watch for spaces) and hit Enter key

009wrp.jpg

14- Type: copy  cmd.exe cmd.exe.original (watch for spaces) and hit Enter key.

010kq.jpg

15- Type: copy Utilman.exe Utilman.exe.original (watch for spaces) and hit Enter key.

011rns.jpg

16- Type: del Utilman.exe  (watch for spaces)  and hit Enter key.

012gqj.jpg

17- Type: ren cmd.exe Utilman.exe  (watch for spaces)  and hit Enter key.

013ysap.jpg

18- Type: Shutdown  -r  -t  00 (watch for spaces) and hit Enter key, the PC will restart.

014awz.jpg

19 – When you reach the Logon screen click on the Ease of Access Center icon on the left bottom side of the screen.

015who.jpg

20 – The command prompt window will open

016fya.jpg

21- Type: net user  (watch for spaces)  and hit Enter key.

017jd.jpg

22- Type: net user  Reboot.Pro *  ( replace Reboot.Pro with the name you find in your pc)  and hit Enter key

018whu.jpg

23- now type the new password you want and hit Enter key( when you type the cursor will not move and you will not see what you
type, so be carefull what you type, because you are typing blindly the new password)

019of.jpg

24- confirm the new password when prompted and hit Enter key when done:

020rtt.jpg

25- Type exit and hit the Enter key to close the command window.

021eq.jpg
 

26- Logon now to the locked account with the new password you just created.


27- After successfully unlocking  your account and resetting the account password now you need to roll back the changes you
made to Utilman.exe and cmd.exe, so go ahead and boot your pc with the System Recovery CD or USB you made earlier in this
tutorial and repeat steps in # 6 so you open the command prompt window :


28- Type: c: and hit Enter key(your Windows drive maybe different so change it accordingly to the drive letter you have) [see picture below]


29- Type:  cd windows  (watch for spaces) and hit Enter key [see picture below]


30- Type:  cd system32 (watch for spaces) and hit Enter key [see picture below]


31- Type:  del  Utilman.exe  (watch for spaces) and hit Enter key [see picture below]


32- Type: ren  Utilman.exe.original Utilman.exe  (watch for spaces) and hit Enter key [see picture below]


33- Type: ren cmd.exe.original cmd.exe  (watch for spaces) and hit Enter key [see picture below]


34- Type: shutdown  -r  -t  00  (watch for spaces) and hit Enter key to reboot your pc [see picture below]

022ai.jpg

35- Now when the pc reboots and reaches the logon screen, check to see if the Utilman is fixed and returned back to place by
clicking on its icon on the bottom left side of the screen, if the Ease of Access list pops up then you succeeded in your work.
See picture below.

023pvf.jpg


PS: some of you might have a Windows 8 Installation DVD, he can use it also in this process, boot with this Windows  DVD and
when you reach the first screen where you have to click next - stop there and hit SHIFT key + F 10 , the command prompt window
will pop up and you can use it as we did in steps 7 onward to the end. see picture below

024qtf.jpg



Done !  best regards / Jamal

===============
other useful topics :
===============
1- Reset a forgotten Windows 7 Password without using any third party software /

http://reboot.pro/to...ow-to-tutorial/

2- Image your system and forget about formatting -period /
http://reboot.pro/to...tting-–-period/

3- Encrypt your sensitive data before wiping it !

http://reboot.pro/to...fore-wiping-it/

 

4- Is your Anti-Virus healthy and responding right, Check that out !

http://reboot.pro/to...check-that-out/

 

5- Hacking for the Humanity

http://reboot.pro/to...g-for-humanity/

 

6- TuneUp your IT skills with Microsoft Technologies !

http://reboot.pro/to...your-it-skills/

 

 

 

 

 

 

 

 

 

 












 

Attached Files


  • Nuno Brito, pscEx, Max_Real Qnx and 11 others like this

#2 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 10,862 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 11 December 2012 - 12:50 PM

It's fascinating how they didn't fix this quirk on 8 :w00t:.

Nice to know :), thanks Jamal.

 

If I may, I would suggest, to avoid possible issues with encrypted files, to create a new user with administrator privileges as in this:

http://nookkin.com/c...ws-password.php

(I guess that if the utilman trick still works also creating a new user is still possible :unsure:)

and then use the full booted system to recover the original forgotten password of the original user, provided that currently available tools still work with 8's SAM. :dubbio:

 

:cheers:

Wonko


  • Jamal H. Naji likes this

#3 Nuno Brito

Nuno Brito

    Platinum Member

  • Team Reboot
  • 10,202 posts
  • Location:boot.wim
  • Interests:I'm just a quiet simple person with a very quiet simple life living one day at a time..
  •  
    European Union

Posted 11 December 2012 - 02:16 PM

Hi Jamal,

 

Very good tutorial, I'm happy to see you again. How are you going?

 

Hope all is well. :)


  • Jamal H. Naji and Master of Disaster like this

#4 Max_Real Qnx

Max_Real Qnx

    Gold Member

  • Patrician
  • 1,378 posts
  • Location:Istanbul
  • Interests:To be or not to be that is the question.
  •  
    Turkey

Posted 11 December 2012 - 02:21 PM

It really has been a great help text. Thank you for your tips. Best regards :hi:
  • Jamal H. Naji and Master of Disaster like this

#5 georgeks

georgeks
  • Members
  • 2 posts
  •  
    Netherlands

Posted 12 December 2012 - 07:27 PM

Hi

 

Quite a work you put here..quite impressed.

 

Having faced the issue of unlocking the Administrator account in W8 at the Repair Center I work, I was thinking of trying this:

 

Boot in a PE environment (W7 if W8 could not be found) and trying to acces C:WindowsSystem32

Then use the net user command from there


  • Jamal H. Naji and Master of Disaster like this

#6 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 10,862 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 12 December 2012 - 08:06 PM

Having faced the issue of unlocking the Administrator account in W8 at the Repair Center I work, I was thinking of trying this:

 

Boot in a PE environment (W7 if W8 could not be found) and trying to acces C:WindowsSystem32

Then use the net user command from there

Which Registry SAM would you expect the net user command would access when booted from the PE? :dubbio:

 

:cheers:

Wonko



#7 georgeks

georgeks
  • Members
  • 2 posts
  •  
    Netherlands

Posted 13 December 2012 - 05:17 AM

To manually navigate to WindowsSystem32 (on the HDD I would like to unlock the account from)

 

Was a question/statement, end of story

 

The topic still is about the effort and result of Jamal H. Naji's work.


Edited by georgeks, 13 December 2012 - 05:19 AM.


#8 Nori

Nori
  • Members
  • 3 posts
  •  
    Brazil

Posted 13 December 2012 - 11:34 AM

Excellent tutorial!


You saved many lives that forget the passwords in W8.
Including my cousin! :loleverybody:


  • Jamal H. Naji and Master of Disaster like this

#9 cyberagent

cyberagent
  • Members
  • 7 posts
  •  
    India

Posted 13 December 2012 - 11:54 AM

Hi,

 

Is there any way we can salvage encrypted files. I mean files encrypted using the user password, and when we reset the password, we loose access to all the encrypted files. I've not backed up the certificate keys.

 

Regards,

S. Sakthivel


  • Jamal H. Naji likes this

#10 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 10,862 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 13 December 2012 - 12:06 PM

Is there any way we can salvage encrypted files. I mean files encrypted using the user password, and when we reset the password, we loose access to all the encrypted files. I've not backed up the certificate keys.
NO, see:
If I may, I would suggest, to avoid possible issues with encrypted files, to create a new user with administrator privileges as in this:
http://nookkin.com/c...ws-password.php
(I guess that if the utilman trick still works also creating a new user is still possible :unsure:)
and then use the full booted system to recover the original forgotten password of the original user, provided that currently available tools still work with 8's SAM. :dubbio:
You can create a new user, then decrypt the password of the user for which the password was fogotten.

:cheers:
Wonko

#11 cyberagent

cyberagent
  • Members
  • 7 posts
  •  
    India

Posted 13 December 2012 - 12:39 PM

NO, see:You can create a new user, then decrypt the password of the user for which the password was fogotten.

:cheers:
Wonko

 

Hi wonko,

 

Thanks for the reply. Would you be kind enough to guide me step by step for decrypting procedure.  [Sorry I'm a bit dumb]

 

Thanks in advance

Sakthivel


  • Jamal H. Naji likes this

#12 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 10,862 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 13 December 2012 - 12:59 PM

Hi wonko,
 
Thanks for the reply. Would you be kind enough to guide me step by step for decrypting procedure.  Sorry I'm a bit dumb
 
Thanks in advance
Sakthivel

 

Not really, and besides it would take us way off topic, but you can read something about it here:
http://www.codinghor...h-cracking.html
http://www.codeproje...Hash-on-the-Fly
keywords for searching being "rainbow tables", "samdump", NTLM hash.

:cheers:
Wonko

#13 MCR700

MCR700
  • Members
  • 4 posts
  •  
    United States

Posted 13 December 2012 - 03:15 PM

has anyone tried Offline NT Password and Registry editorOffline NT Password and Registry editor?


  • Jamal H. Naji likes this

#14 Fedrico Garcia

Fedrico Garcia
  • Members
  • 2 posts
  •  
    Abu Dhabi

Posted 14 December 2012 - 07:11 AM

has anyone tried Offline NT Password and Registry editorOffline NT Password and Registry editor?

 

everybody in this forum knows offline NT password and registery editor.. :chair: you are in reboot.pro the castle of the elite IT professionals in the world if you have no idea about that :book:  also the inventors of offline NT password are members here.. :lamo: one more thing you are missing the point that this topic is about resetting W8 password without using third party software :idea:

 

 

@@@ JAMAL :clap: YOU ARE AWESOME :1st:  keep up the excellent work..thank you soooooo much for this...you saved my life :beer:


  • Jamal H. Naji likes this

#15 Shashi007

Shashi007
  • Members
  • 2 posts
  •  
    India

Posted 14 December 2012 - 08:17 AM

Very Nice Tutorial Jamal.
Thanks!!


  • Jamal H. Naji and Master of Disaster like this

#16 cyberagent

cyberagent
  • Members
  • 7 posts
  •  
    India

Posted 14 December 2012 - 10:42 AM

 

Not really, and besides it would take us way off topic, but you can read something about it here:
http://www.codinghor...h-cracking.html
http://www.codeproje...Hash-on-the-Fly
keywords for searching being "rainbow tables", "samdump", NTLM hash.

:cheers:
Wonko

 

Hi wonko,

 

Thanks for the timely tip. Sorry about that I asked for a step by step tutorial. 

 

Thanks once again for the help.

 

Kind regards,

Sakthivel



#17 MCR700

MCR700
  • Members
  • 4 posts
  •  
    United States

Posted 14 December 2012 - 11:17 AM

I guess I see your point and I will step up to the plate next time I post here...

 

I kinda just wanted to know if NT worked with 8 since I don't have the time for 34 steps, but I will keep that to myself. :-)

 

Great Instructions Jamal, thank you.


  • Master of Disaster likes this

#18 Kent0n

Kent0n
  • Members
  • 2 posts
  •  
    Canada

Posted 14 December 2012 - 05:10 PM

So, obviously this won't work if the person has setup Windows to use their Live login credentials instead of a local user. However, if you do that does Windows still create a local admin account? If so, does it have a blank passsword?


  • Nuno Brito and Jamal H. Naji like this

#19 wailer

wailer
  • Members
  • 5 posts
  • Interests:I have no special talent, I am only passionately curious.
  •  
    Netherlands

Posted 14 December 2012 - 06:03 PM

So, obviously this won't work if the person has setup Windows to use their Live login credentials instead of a local user. However, if you do that does Windows still create a local admin account? If so, does it have a blank passsword?

You can change from live to local account, but you have to suply your liveid password before changing.

It is posible to activate you're (hidden) admin account, and login to that.

I don't know if from there you can change form liveid to local account (without suplying your liveid password).


  • Jamal H. Naji likes this

#20 Kent0n

Kent0n
  • Members
  • 2 posts
  •  
    Canada

Posted 14 December 2012 - 06:06 PM

You can change from live to local account, but you have to suply your liveid password before changing.

It is posible to activate you're (hidden) admin account, and login to that.

I don't know if from there you can change form liveid to local account (without suplying your liveid password).

 

So does that mean that a local account gets created for every Live ID account? I'm thinking of a clean installation of Win 8 where the person chooses to use their Live ID during install, not after the fact.



#21 Nuno Brito

Nuno Brito

    Platinum Member

  • Team Reboot
  • 10,202 posts
  • Location:boot.wim
  • Interests:I'm just a quiet simple person with a very quiet simple life living one day at a time..
  •  
    European Union

Posted 14 December 2012 - 07:16 PM

Just for the reference, this tutorial is now being featured on geek.com and ycombinator. Congratulations Jamal. :)

 

http://www.geek.com/...tware-20121213/

http://news.ycombina...item?id=4915024


  • KaiserSoze and Jamal H. Naji like this

#22 DarkPhoeniX

DarkPhoeniX

    Frequent Member

  • Team Reboot
  • 446 posts
  • Location:Next Door To you
  • Interests:Interesting Things
  •  
    South Africa

Posted 14 December 2012 - 09:21 PM

Do you get administrator Rites or system rites ?

I remember a hack in Windows XP that replaced the Screen Saver with The CMD console(had to wait 10 min for it to kick in)

The XP hack gave you SYSTEM Rites

 

I think Windows 8 Will have this Patched by SP1

 

Try typing this at step 21:
net user administrator /active:yes

Reboot and login to the administrator account to remove the password

This should Fix Encrypted Files problem(i think)

Remember to Hide the Administrator Account:

net user administrator /active:no

 

(ps: i have not tried any of this so correct me if im wrong)


  • Jamal H. Naji likes this

#23 KaiserSoze

KaiserSoze
  • Members
  • 3 posts
  •  
    Sweden

Posted 15 December 2012 - 02:34 AM

Also refered at H-online.com but only as a notice

http://h-online.com/-1769744

Good work!


  • Nuno Brito and Jamal H. Naji like this

#24 wailer

wailer
  • Members
  • 5 posts
  • Interests:I have no special talent, I am only passionately curious.
  •  
    Netherlands

Posted 15 December 2012 - 10:15 AM

So does that mean that a local account gets created for every Live ID account? I'm thinking of a clean installation of Win 8 where the person chooses to use their Live ID during install, not after the fact.

An administrator account is always created on windows install, but is hidden by default.

 

All accounts created are local, the diffrence between liveid an normal password are that the password (and some system settings) for liveid are stored "in the cloud" not on the local pc.

Check this article http://blogs.msdn.co...ws-live-id.aspx

 

To get back to the subject, logging in to your account with liveid makes it more difficult to change the password.

Tools that i previously used like the ERD or Dart (both microsoft) environment work only on localy stored passwords.

For my work i have to reset passwords almost every day, what i do is log in as administrator and reset the local password.

 

Just wondering, when your laptop/pc is offline (no internet connection) can you log in with a liveid?

 

If so, it has to be stored localy!

If Not, it would make your pc worthless if offline...

 

Very interesting, this needs some more investigating!


Edited by Nuno Brito, 15 December 2012 - 01:22 PM.


#25 DarkPhoeniX

DarkPhoeniX

    Frequent Member

  • Team Reboot
  • 446 posts
  • Location:Next Door To you
  • Interests:Interesting Things
  •  
    South Africa

Posted 15 December 2012 - 10:41 AM

An administrator account is always created on windows install, but is hidden by default.

 

All accounts created are local, the diffrence between liveid an normal password are that the password (and some system settings) for liveid are stored "in the cloud" not on the local pc.

Check this article http://blogs.msdn.co...s-live-id.aspx.

 

To get back to the subject, logging in to your account with liveid makes it more difficult to change the password.

Tools that i previously used like the ERD or Dart (both microsoft) environment work only on localy stored passwords.

For my work i have to reset passwords almost every day, what i do is log in as administrator and reset the local password.

 

Just wondering, when your laptop/pc is offline (no internet connection) can you log in with a liveid?

 

If so, it has to be stored localy!

If Not, it would make your pc worthless if offline...

 

Very interesting, this needs some more investigating!

Cannot connect to the internet? no logon for you!:

http://social.msdn.m...42-119acd7ff34f

 

but most files still stay on the local pc

music, docs, vidios, ect...