Use Regedit + Command Prompt to Reset a Windows Account Password at Boot

July 10, 2018 · by qtechbabble · in CMD/Batch, Registry, Windows · 23 Comments

Successfully Tested On: Windows 7 Enterprise SP1, Windows 8 Enterprise, Windows 8.1 Enterprise, Windows 10 Enterprise versions 1507 - 1909, Windows 10 Long-Term Servicing Branch (LTSB) versions 1507 & 1607, Windows 10 Long-Term Servicing Channel (LTSC) versions 2015 - 2019

So you’re locked out of Windows and need to reset the account password. There are a number of 3rd party tools and NT editors that can do this (e.g. Hiren’s BootCD PE and Gandalf’s Windows 10PE), but one can easily reset Windows computer passwords by using any Registry editor to trigger a command prompt on boot.

I’ll walk through doing this using Windows’ Regedit. I’ve successfully tested this process on Windows 7, Windows 8, Windows 8.1, and Windows 10.

1 – Boot from Windows Installation Media

First obtain Windows installation media. This might be a Windows DVD or USB drive. If needed you can create Windows 10 installation media for free using Microsoft’s Media Creation Tool.

Plug in or insert the installation media and restart the computer. Pull up the boot menu (usually F10 or F12) and select the installation media.

2 – Open Regedit

Once booted from media, the Windows Setup wizard will pop up. Instead of continuing through this, press Shift + F10 to launch a Command Prompt window

Type regedit and press Enter which will then open Registry Editor

3 – Modify the Registry

Click on HKEY_LOCAL_MACHINE to highlight it then select File -> Load Hive

Browse to C:\Windows\System32\config and open the file called SYSTEM
NOTE: Your boot drive might be labeled with a different drive letter than C:

When prompted for a Key Name enter temp and click OK

In the left pane, expand HKEY_LOCAL_MACHINE and then expand temp. Then click on the Setup key to highlight it

In the right pane, double click the SetupType value to edit it. In the popup, change the value data to 2 then click OK

In the right pane, double click the CmdLine value to edit it. In the popup, change the value data to cmd.exe then click OK

In the left pane, click on temp to highlight it then go to File -> Unload Hive

On the prompt to confirm unloading the hive, click Yes

Now close Registry Editor and restart the computer.

4 – Run Password Reset Commands

Let the computer boot to Windows and a Command Prompt window will automatically pop up.

Use net user commands to reset the password for the desired account. This is done by typing net user <username> <new password> then pressing Enter.

For example, I can reset the local Administrator password to TestPW by typing: net user Administrator TestPW

NOTE: If your username contains spaces, you must surround the username with double quotes “” when entering the command.

Verify the command completed successfully.

5 – Clean Up

Still within the Command Prompt, type regedit and press Enter which will then open Registry Editor

Navigate to the key HKEY_LOCAL_MACHINE\SYSTEM\Setup and verify the CmdLine value is blank and the SetupType value is set to 0

Close Regedit and Command Prompt, reboot the computer, and then proceed to log in with the new account password.

Tags: windows 10, Windows 7, Windows 8, Windows 8.1

23 comments

Jose Garcia II · December 20, 2022 - 8:20 pm · Reply→

Excellent walkthrough! My mother had forgotten her sign-in password to log into her Windows 10 Pro (Ver. 21H2, OS build 19044.2006) desktop. It’s a PC she hadn’t touched in six months because she forgot the password. Her account acts as the admin account while the “Administrator” account is set to inactive. I almost threw in the towel trying to work my way around. I kept getting the ” System error 5…” message in the command prompt using net user commands. I tried everything else but this method worked flawlessly! Thanks!!

LikeLiked by 1 person
thesolution357 · November 4, 2022 - 8:45 am · Reply→

Thanks man… worked like a charm!!

LikeLiked by 1 person
Justin · May 13, 2022 - 6:56 am · Reply→

It DOES work.

LikeLiked by 1 person
Audrey · November 17, 2021 - 10:42 pm · Reply→

Made no differeence to my situation. Running Win8.1.
Password still required after completing the above.
Carefully followed instructions but no joy.

On a side note thoiugh, on this site https://www.wimware.com/how-to/reset-windows-8-password-cmd.html
Tip3, No7. When I try to copy cmd.exe I get the error “The system cannot find the path specified”.
So perhaps this is messing up the tutorial above.
I’ve no idea how to fix the cmd.exe when I am locked out of my pc 😦
NB:I have win 8.1 genuine dics set but I couldn’t find cmd.exe on there either or, I do not know what I am doing. Probably the latter 🙂

LikeLike
1. qtechbabble · November 18, 2021 - 9:01 am · Reply→
  
  Hi Audrey. Instead of just cmd.exe you could try the full path: C:\Windows\System32\cmd.exe
  
  Perhaps that will make a difference in your case?
  
  LikeLike
  1. Audrey · November 18, 2021 - 2:24 pm ·
    
    Hi there,
    On which part would you be referring too?
    The site that I noted? Or the value line above in this sites article?
    If referring to Tip.3 , No.7 I encounter the error when attepting to ‘copy cmd.exe utilman.exe
    I think I may have renamed the cmd.exe a long time ago and forgot to revert the process before resuming the use of the os.
    I have been thinking to install the os to my second hdd and try and copy the data i need from the crippled OS..
    But I had also applied protections on the system to prevent the other local accounts from modifying or accessing the C partition. So am wondering if that protection will prevent me from accessing its contents?
    😕 Yes, I should have written down my password for the OS. I changed it on the fly, as my kids were getting up to mischief with programs etc. 😣
    It was such a simple password that had proved to be my undoing in the end 🤣
    
    LikeLike
  2. qtechbabble · November 19, 2021 - 9:02 am ·
    
    I was referring to the value line line listed above on this blog. But if you’ve renamed cmd.exe, that will definitely result in some nasty side effects like this!
    
    LikeLike
Xandrew · May 26, 2021 - 9:42 am · Reply→

cmd does not open in my case….

LikeLike
1. qtechbabble · May 26, 2021 - 2:02 pm · Reply→
  
  I’d suggest doing all the steps over again as well as double checking all values for accuracy.
  
  LikeLike
2. Mig · August 26, 2021 - 11:22 am · Reply→
  
  Doesn’t open for my computer as well. It did the first time, but I tried to make the password blank, and this apparently did not work. When I tried to go through these steps again, no command prompt. I have tried it a number of times, but no go.
  
  LikeLike
Ben · February 26, 2021 - 8:43 pm · Reply→

Does not windows 10 require an email to login to windows?
And is not the password you use for your email the same for logging into windows?
If all these be yeahs, then does this method allow individuals to change their email password they registered to the computer?

LikeLike
1. qtechbabble · March 4, 2021 - 4:01 pm · Reply→
  
  Windows 10 does not require a Microsoft account in order to log in. This method is for accessing local Windows accounts (e.g. Administrator) and will not affect a Microsoft account password.
  
  LikeLike
Ivan · May 5, 2020 - 1:43 pm · Reply→

When trying to change the password I receive an error:

The system is not authorized for the specified account and therefore cannot complete the operation. Please retry the operation using the provider associated with this account. If this is an online provider please use the provider’s online site.

LikeLike
1. qtechbabble · May 12, 2020 - 2:16 pm · Reply→
  
  Ivan,
  
  It’s possible the Administrator account is disabled. Try running this command prior to the reset password command: net user administrator /active:yes
  
  LikeLiked by 1 person
Khizar · April 11, 2020 - 1:57 am · Reply→

while in cmd you can also type “control userpasswords2” and reset password there

LikeLike
1. qtechbabble · May 5, 2020 - 9:51 am · Reply→
  
  Good tip, thank you Khizar.
  
  LikeLike
rebeckayuan0605 · October 30, 2019 - 8:29 pm · Reply→

It is working on Windows Server 2012 and Windows Server 2012 R2 as well.

LikeLiked by 1 person
John · July 20, 2019 - 9:39 am · Reply→

This works for all local accounts. Microsoft attached accounts to your workstation does not work, but this is a handy tool to troubleshoot a PC with locked password.

LikeLiked by 1 person
1. John · July 20, 2019 - 9:41 am · Reply→
  
  Post Script: To add a new user, type ‘net user [user] [password] /add’ then enter. The new username with the new password will be added. Example: net user testname password1 /add. If multiple domains, enter domain after add command. Default domain is the one you are logged on to.
  Now enter “regedit” in command line, go back and undo the changes made to SetupType and CmdLine back to defaults. Reboot, and the username selected will have the new password.
  
  LikeLike
  1. qtechbabble · July 22, 2019 - 12:14 pm ·
    
    Great additional info here, thank you John!
    
    LikeLike
Mike FMart · May 28, 2019 - 5:49 pm · Reply→

After the reboot, mine didn’t boot to a command prompt!

LikeLike
1. qtechbabble · May 30, 2019 - 9:43 am · Reply→
  
  This is a very consistent method, although I have yet to test it on 1903. Boot back into regedit and double check your changes saved.
  
  LikeLike
2. John · July 20, 2019 - 9:48 am · Reply→
  
  After you unload hive and close the regedit command, reboot but remove the boot disk you used first. Then use net user command to alter, add or modify an existing account. While still in command mode, enter regedit and undo all the changes you had made previously, reverting back to default values. Exit and reboot. New user should be on the login screen. It works.
  
  LikeLike