The Dutch Hacker
System Account

How to Recover the password of a local Windows 10 account

This issue has been patch. But it will stil spawn and cmd prompt just for a couple of seconds. To recover the password might still be possible this way

Sometimes you lost acces to a Windows 10 machine or a friend has forgotten his password and nobody knows the administrator password. Or perhaps there is an old pc running for a while and nobody knows it’s password. Anyway you need to recover the password for an local account on this machine. It is not recover the password but more replacing it

If the drive is not ecrypted and you can boot from USB into a Windows PE environment then it is possible to change the password or even create new accounts and add them to the administrator group. This also works with Windows server editions

Let’s get started

In this scenario I’m using a virtual Machine but it also works with physical devices as long as the drive is not encrypted and you can boot from a media like USB. I’m using windows 10 1909. I do not believe it is working on the latest version. I’m sure there is a work around for this

Boot the device from an windows installation media.

Windows PE phase 1

Make sure your keyboard input is right en click next

Windows PE repair computer

Click on Repair your computer

 Windows pe troubleshoot

Choose Troubeshoot

Spawn cmd in windows PE

Now Click on Command Prompt

Now we are going to load the SOFTWARE registry hive from the Operating Sytem that is on the device. Type in the following command

REG LOAD hklm\thedutchhacker c:\Windows\System32\config\SOFTWARE

Password recovery - Edit register in windows PE

Now we are going to use the debgger feature to replace the utilman ( Ease of Acces Center) with cmd.exe

Type in the following command

REG ADD “HKLM\Thedutchhacker\Microsoft\Windows NT\CurrentVersion\Image File Execution tOptions\utilman.exe” /v Debugger /t REG_SZ /d “cmd.exe”

Password recovery - Change Ease of Acces

Now close the command prompt and continue to boot into windows

Continue in windows PE

Once the system is started and you see a login screen. Click on the Ease of Acces button once

Password recovery - Press ease of acces

You will now see a command prompt spawned as System. You can use the command net use to change the password or create a new user and add it to the local administrator group

net user Thedutchhacker P@ssw0rd /ADD
net localgroup Administrators Thedutchhacker /ADD

As for the patch versions of windows the cmd prompt will popup and disapear. I just wanted to show here that trought the debugger function you can change an exe file with another exe file. In this case Ease of Acces with cmd. Because the login screen is a system process and there for it will run anything with the system account.

Most Popular Post

Sign Up

Signup today for free and be the first to get notified on new updates.
* indicates required

Follow Me

Most Popular Post

Contact Us