One problem that comes up now and again for any OS (well, any modern OS) is how to recover administrative access to the system when the password has been forgotten.
There’s a reasonably straightforward solution [1] for Windows 7, which I haven’t seen on the web so far, so I thought I should publish it. Be aware that I can’t offer or provide any warranty, support, or assistance with this procedure, apart perhaps from clarifying any part of the instructions that aren’t clear. It’s always worked for me, but that’s all I can promise.
Additional note 13 June 2012: see also this question on superuser.com, which provides a number of alternatives.
This procedure also works on Windows Vista; the underlying technique works on Windows XP as well but is not usually feasible because the Windows XP install CD does not contain a command-line recovery option.
One important caveat: since this resets the password rather than letting you find out what it is, any encrypted files belonging to the user will be permanently lost.
This is the short version, for advanced users and sysadmins:
- Boot to Windows 7 from the installation or repair DVD, or from Windows PE 3 boot media, or from a Windows 7 installation on another HDD. If the target OS is Vista, use the Vista installation DVD, or Windows PE 2, or another Vista installation. (Booting to a mismatched version of Windows might work, but I’ve never tried it; if the registry file formats aren’t exactly the same between versions, this could result in a corrupted registry and an unbootable system.)
- Load the SYSTEM registry hive from the target OS. Back it up first.
- In the Setup key, change SetupType to 2 and CmdLine to cmd.exe.
- Boot the target OS. You’ll get a command-line window in system context.
The long version, for everyone else:
- Boot to your Windows 7 or Windows Vista installation DVD, whichever matches the installed OS. If you purchased your computer from a responsible vendor, they’ll have provided you with one, although unfortunately many vendors don’t.
Additional note 8 September 2011: In Windows 7, there is an option in the Start Menu (under Maintenance) to Create a System Repair Disc. The CD or DVD this option creates is perfect for the job. However, you have to be an administrator to use it, so unless you’ve done it ahead of time or can use a friend’s Windows 7 machine you’re out of luck.
Additional note 1 September 2011: If your computer is 64-bit capable (you don’t need to actually be running a 64-bit OS) then you can use the install disk for Microsoft’s free server product, Hyper-V. You can find it here. Note, however, that it is a fairly big download, a little more than a gigabyte.
Additional note 5 May 2011: Nommo was kind enough to point me to this post on Microsoft Answers which provides a link to downloadable repair disks for Vista and Windows 7. I can’t from my own knowledge confirm that these disks are legitimate, and Microsoft aren’t telling, so use only at your own risk. Indications are that they are probably OK. (Personally, I wouldn’t use the charged-download option until I’d checked how much my OEM was going to charge to provide an installation disk. Make sure the OEM knows you need a Windows installation disk, not a system recovery disk.)
A vendor system recovery disk might offer the same functionality, and in some cases you can order an installation DVD from your vendor (or from Microsoft?). - Select your language options on the first screen and press Next to continue.
- Choose “Repair Your Computer”.
- Choose “Use recovery tools…” and select your OS. Make a note of which drive letter it is on, e.g., C: or D:. This might not be the same drive letter you see when booted normally.
Additional note 1 September 2011: if you get an error message when you press Next, this might be because the install disk you are using is not compatible with the version of Windows you have installed. This will happen, for example, if you are using the Hyper-V install disk. Don’t panic. Just press SHIFT-F10 to open a command prompt and skip ahead to step 6. - Select Command Prompt.
- In the command prompt window that appears, type “regedit” and press ENTER.
- Select HKEY_LOCAL_MACHINE and then choose Load Hive from the File menu.
- Find and open the file named SYSTEM on the drive you noted in step 4. If Windows is in the default configuration, this will be in windows\system32\config.
- Enter a key name, e.g., “xxx”.
- Click the plus icon to the left of HKEY_LOCAL_MACHINE to open this key. Select the xxx key.
- Select Export from the File Menu. Change the Save as type to Registry Hive Files. Type a name for the backup, for example, systembackup, and press Save. (This step creates a backup of the unmodified SYSTEM registry hive as a precaution.)
- Open the xxx key, and select Setup.
- Double-click on SetupType in the right-hand pane. Enter 2 and press OK.
- Double-click on CmdLine. Enter cmd.exe and press OK.
- Close Registry Editor. Type “regedit” and press ENTER to open it again. (This step does not appear to be necessary in Windows 7, but in Windows Vista if you do not do this the next step might fail with an Access Denied error.)
- Open HKEY_LOCAL_MACHINE, select xxx, and choose Unload Hive from the File Menu. Push Yes.
- Close the command window and the Registry Editor. Remove the installation DVD and select Restart.
- When your computer boots up, another command window should appear.
- Type “net user foo bar”, replacing foo with the username of the account whose password you want to reset, and bar with the new password. For example, you might type “net user Administrator letmein”. Press ENTER.
- If you want to use the built-in Administrator account, you will probably need to enable it: type “net user Administrator /active:yes” and press ENTER.
- If you don’t know what the administrative username(s) are, type “net localgroup administrators” and press ENTER to find out.
- Type “exit” and press ENTER.
- When the logon screen appears, use the username and the new password to log in.
Note that if the entire disk is encrypted, this procedure will not work at all. System administrators who want to prevent users from using techniques like this one to reset passwords should consider disk encryption. [2] Another option is to configure the system BIOS to disallow booting from removable media, although if the user can open the case of the machine this can usually be reset.
Hope this helps.
Harry.
[1] Well, for some definitions of straightforward, anyway.
[2] I’ve heard tell of some administrators whose “solution” to this issue is to use the network firewall to block access to any web sites with instructions on resetting passwords! Whether they also inspect all printed material entering the building, and ban anybody they think might be smart enough to just remember how to do it, I don’t know.
Harry Johnston's Blog 
March 28, 2010 at 12:00 pm |
really I astonish of this wonderful idea hope U continue giving informations to public,really thank U very much
April 2, 2010 at 8:27 am |
Concerning the long Version, could you provide a little more detail on Items 8, 9 and 12 concerning where the key name, e.g., “xxx” is to be established. Reference item 13, what does the value 2 specify for key SetupType?
April 4, 2010 at 2:29 am |
When you load a registry hive you have to give it a name. We can’t call it SYSTEM since that would conflict with the active system hive. I use xxx as this is conveniently short and easy to type, but it makes no difference what name you use, so long as it is a legal key name and doesn’t conflict with any of the already loaded hives, such as SOFTWARE or SYSTEM.
As for the significance of the value 2 for the SetupType key:- that’s a good question. As far as I know the official meaning is not documented, but if I remember correctly, SetupType is set to 2 during the installation of Windows XP updates. This is so that if the system unexpectedly reboots during the update process, a recovery tool will run to remove the partially installed update. So I imagine that the value 2 translates to “installing updates” or “additional setup tasks” or something to that effect.
As a historical note, it was the behaviour of update.exe that originally led me to suspect this would be an efficient way to gain system access.
April 10, 2010 at 11:34 am |
I lost my admin password. What can I do?
May 5, 2010 at 5:54 am |
Lifesaver dude. Thanks so much for the write up. I tried the “net user administrator /active:yes” through F8 and the Win7 DVD’s recovery consoles and it didn’t do anything at all. This worked like a charm.
May 21, 2010 at 10:55 pm |
Thank you so much! this method worked perfectly for me and I am so relieved and grateful – my thesis was on this account and thanks to you I can now access it again!
May 23, 2010 at 9:42 pm |
You’re most welcome. Glad this helped.
May 25, 2010 at 2:56 pm |
I get to step 18 with a comand prompt I believe c:windows/sysem32/config: . What am I doing wrong?
May 25, 2010 at 9:31 pm |
If you are seeing a window with the text “c:\windows\system32\config>” or a similar path it is working as expected. What do you see?
July 24, 2010 at 3:37 am |
I was FUBAR’d bigtime.
u r da man
Thanks
August 24, 2010 at 3:25 pm |
Just to say a big thank you for the advice
I have just managed to get into my daughters laptop because she had forgotten her password
The only thing that I could not manage was to to create backup
any reason for that?
PS Windows 7 operating system.
August 24, 2010 at 7:47 pm |
Nothing springs to mind. Did it give you an error message?
In any case, the backup is just a precaution. Since you got in OK and the system is still running, don’t worry about it.
September 1, 2010 at 1:51 pm |
Great. Works like a charm …
September 3, 2010 at 6:02 pm |
Worked great on a windows 7 laptop I have. Thanks!!!!
September 5, 2010 at 9:17 am |
what if my laptop has a built in partition for recovery and system restore instead of disc? Then how could I remove or reset my Admin Password ……also I do remember my old that I was using 3 weeks ago before I changed it to something in a rush is there anyway for me to do something knowing my old login pw? I only have 2 other account profiles setup but they are standard and I have them limited for my children so I get prompted everytime I try and do anything under their account. Thank you for your time.
September 5, 2010 at 8:14 pm |
I’m not aware of any way to use the old password to assist in changing the new one.
If you have another computer (running Windows 7) you can burn yourself a repair DVD. Go to control panel, select “Back up your computer” (look underneath System and Security) and select “Create a system repair disc” in the left panel. You could get a friend to do this for you if you don’t have a suitable computer yourself. (Unfortunately you need administrator access to do this, so you can’t use the laptop you’re trying to fix.)
September 23, 2010 at 12:08 pm |
Thanks, it worked
October 9, 2010 at 5:21 pm |
Worked like a charm…a lifesaver for sure. Just a quick question. After I am back in do I need to do anything to the regs?
October 10, 2010 at 6:03 pm |
No. The only necessary change happens automatically.
October 13, 2010 at 7:05 pm |
You rule man! worked like a charm.
October 22, 2010 at 11:42 am |
thank your very much, i just spend 2 days searching for a solution, and your’s the only one that worked, thanks again
November 12, 2010 at 1:11 pm |
you are a lifesaver – thank you soo much
November 14, 2010 at 1:28 am |
Since setup is also locked behind a password, I cannot change the computer to look for the DVD/CD drive first.. is there another option?
November 14, 2010 at 6:02 pm |
If you didn’t set the BIOS password yourself, I presume this is a second-hand computer. Ask whoever sold you the computer to provide you with the password, or look in the manufacturer’s instruction manual to find out how to disable it. Manuals are sometimes available on-line if you weren’t provided with one.
December 19, 2010 at 7:18 am |
In the 11th step, after typing a name for the backup and if i press save button it displays:
“cannot export E:\Windows\System32\config\systembackup:Error writing the file. There may be a disk or file system error.”
Now what to do…
Please help…
January 4, 2011 at 9:37 pm |
Sorry for the delay, I’ve been on holiday. In case you haven’t already sorted something else out:
This could be due to file system corruption, although I’d double-check that the path is valid first. Is the reason you need to reset the password related to trouble with the computer that could have been caused by file system corruption, or perhaps a faulty disk drive?
Perhaps you could save the backup to a USB stick instead? If not, try saving it on the root of the drive, or (if this is Windows 7) to the root of the system drive. Once you’ve gotten in, making a backup should be a priority – the last time I saw an error like that the drive failed completely a few weeks later.
December 29, 2010 at 2:02 pm |
t Thanks so much – I wish the world had more people like you!
January 24, 2011 at 4:05 pm |
You are a true gentleman good sir. I almost came to blows with my pc before I found this guide. I didn’t even know a password COULD up and decide to bugger off and stop working… With microsoft making W7 tell you to back-up and burn disks and so on you’d have thought the password recovery file would have been included in the list of things to save. Unless it was and I missed it. Heh. Anyway I am now a happy pc user again, thanks matey 🙂
February 8, 2011 at 8:16 pm |
Okay my chick change the password to the account n we broke up she don’t want to give me the password I tried repairs but it ask for the password what can I do is a laptop windows 7 home premium toshiba the hint to the password she left me was lol so what can I do thanks
February 8, 2011 at 9:49 pm |
These instructions should get you in. If you’re not confident that you can follow them correctly, you might like to seek assistance from a local expert.
February 22, 2011 at 8:25 pm |
it worked (Win 7) with no problems. Thanks
March 4, 2011 at 1:24 am |
Unfortunately this did not work for me – stopped at Step 17 when i rebooted pc (windows 7) it did not reboot at a command prompt- it just opened up a log in window and back to the same problem of asking me for a password i could not remember
March 4, 2011 at 5:40 pm |
It should work. Are you sure you followed all of the steps? (In particular, did you unload the hive in step 16? It seems redundant, but is necessary.)
It might be worth trying again, just in case there was a typo or something.
March 7, 2011 at 9:02 pm |
Thanks Harry, it worked ….
March 11, 2011 at 1:36 pm |
Hi Harry
Thanks for the password reset technique so far. Can you help? I have followed the full instructions and have retraced my steps a number of times and checked the entries carefully however on re-boot I dont get the new command window? I briefly get a windows UI screen which flashes quickly saying “running windows for the first time” then dumps me to the origional sign in password screen asking for the lost password. any ideas would be appreciated.
System Win7 Starter Samsung N150 Netbook
Thanks again for the easy to follow instructions.
Paul
March 11, 2011 at 1:50 pm |
It’s possible that Windows Starter doesn’t work the same way.
At the command prompt window (just after step 5 and before step 6) type this:
dir d:\windows\system32\cmd.exe
(assuming that D is the drive letter of your OS, otherwise change the letter accordingly). What do you get?
Try this:
copy x:\windows\system32\cmd.exe d:\cmd.exe
(again assuming that D is the drive letter of your OS)
and then continue from step 6, except at step 14 type c:\cmd.exe instead of just cmd.exe. Note that in this case we specify drive C regardless of which drive letter the maintenance tools use for your OS. 🙂
Please let me know whether or not this worked …
March 16, 2011 at 11:45 pm |
hi sir harry..
i was able to change the username/passwrd and use it to log in,
it says..
“The User Profile Service service failed the logon.
User Profile cannot be loaded.”
did i missed something in the process?? thanks in advance.
March 17, 2011 at 7:40 am |
That suggests that the file system has become corrupted, which might (or might not) indicate that the disk drive is failing. Once you’ve gotten in, it would be a good idea to make sure you have a full backup.
Repeat the process, but instead of changing the password at step 19, create a new account:
net user newadmin password /add
then add it to the administrators group
net localgroup Administrators newadmin /add
then you should be able to reboot and log in with that account. (Let me know if that doesn’t work either.)
If you then need further assistance with getting your original account fixed or replaced, I suggest you try the Microsoft forums – a blog isn’t the best place for extended troubleshooting sessions. 🙂
March 29, 2011 at 8:01 am |
Hi Harry, followed the steps but all it did was create a secondary account that is now called administrator with the password of letmein. The old account is still unaccessable And the new account has none of the files I need? Any suggestions?
March 29, 2011 at 8:12 am |
Never mind.. Figured it out. Ur a friggin genius
May 1, 2011 at 1:46 am |
Here’s another version of this problem & a solution.
This is when your admin account is guest and the only other user is standard & you can’t enable hidden administrator account or create/edit existing accounts and various other issues…
I just wrote it up on my seldom updated blog after spending about 72 hours on and off cracking it & thought I would share: http://www.convergency.co.uk/blog/2011/04/vista-guest-is-admin-user-account-is-standard-cant-add-or-edit-users-or-activate-hidden-administrator-account/
Hope that helps somebody!
May 5, 2011 at 9:50 am |
Editors note: Nommo also provided me with this link which may be of interest.
July 15, 2011 at 1:36 am |
Will this help my problem, you think? My prob- windows 7- 2 accounts- me (Admin) and husband (his own name) I changed Admin p/w and cant remember. still remember old one. Attempted a system restore back to when old p/w was valid and it worked all the way to almost the end when it said it couldnt continue system restore because of error Os8000fff.
Do you think yours will help me? I havent had the computer long, there’s not anything I cant find again and get (mostly pics) Thank you in advance for your time. Cheryl
July 15, 2011 at 8:02 am |
If the system restore hasn’t broken anything, then yes, you should be able to reset the Admin password this way.
July 17, 2011 at 1:25 am
Thank you for your quick reply! I’m gonna try it (carefully….though, I get nervous messing about w/the registry)
I’ve been looking for a solution online and found ones that were either questionable or you had to pay for. I like yours because of the comments that said how well it worked and how you answered everyones’ replies if they had a ? Thanks again. Cheryl
July 19, 2011 at 4:23 am |
Mr. Harry Johnston: YOU ARE THE MAN! A Million Gazillion Thank Yous!!!!!!! I got to the end, typed in the new p/w and covered my eyes. When I saw my old desktop picture come up I almost cried. Like I said, I tried yours because of the comments and your helpfulness.
One small thing, like Dean and Aravindh, at step 11 it wouldn’t let me make a backup. I went ahead anyway and it worked, but as you advised, I made a backup right after.
THANK YOU AGAIN. There should be more like you out there, you are truly a good soul.
Gratefully,
Cheryl
July 19, 2011 at 9:31 am |
You’re welcome. Thanks for pointing out the issue with step 11. I think this is because I forgot to tell you to select the new key first; I’ve updated step 10 accordingly, so hopefully it will work for the next person. 🙂
September 20, 2011 at 7:51 pm |
My niece was able to forget her password to her Win7 laptop and that laptop had her entire school project on it. Using your method I was able to reset her password and gain entry saving her two weeks worth of work. Thank you so much!!!
October 2, 2011 at 5:18 am |
i don’t get the another window when restart the laptop please give me the reason why the window are not open in my laptop.and what change i have to done to open that window.
thanks in advance
Patel Hardik
October 3, 2011 at 10:52 am |
Do you get the usual logon prompt instead? I’m afraid there’s no way for me to tell what might be going wrong. I can only suggest you try the procedure again, and if it still doesn’t work you may need to seek in-person assistance from an expert.
October 12, 2011 at 3:09 pm |
Could not use my computer for over 10 days, after spending many hours and a few dlls. I found your advice and in just a few minutes I recovered acces to my account. Thanks so very much.
Erube Carreno
December 22, 2011 at 11:44 am |
Just a note:
If your username has a space in it the it should be quoted as follows
net user “i leave a space” password
without space
net user ileaveaspace password
April 10, 2012 at 6:33 am |
Thanks so much. The instructions were easy to follow and the results were great. My nephew can finally get back into his laptop.
May 29, 2012 at 2:00 pm |
I was at my wit’s end (not that that’s necessarily a long trip!) but with your help I was finally able to help my granddaughter get back into her computer! Many thanks!
June 26, 2012 at 6:41 pm |
Thanks for your help. I hope you are still answering to questions. I have managed to go up to step 11, in step 12 however, when I open the ‘xxx’ file I can not see the ‘set up’ file. Is there a way around it?
All i can see is control panel, keyboard layout and software. What could be wrong
June 28, 2012 at 12:37 pm |
Sounds like you opened the wrong file at step 8, perhaps DEFAULT instead of SYSTEM. (The DEFAULT hive contains Control Panel, Keyboard Layout and Software keys.)
March 16, 2013 at 7:03 pm |
thx harry. that was wonderful suggestion. It helped in gaining access to my laptop. u r genius
September 30, 2018 at 5:32 am |
[…] I realize you’re going to cover this later, but as it stands this post gives the erroneous impression that using remote network logon connections to a compromised host is safe. If your domain hasn’t been reconfigured to require SMB Signing, SMB Relay attacks may be a serious risk. There was some discussion about this recently, e.g., http://www.room362.com/blog/2012/2/11/ms08_068-ms10_046-fun-until-2018.html If SMB signing is not required on your network, only local administrator accounts should be used with potentially compromised machines. If you don’t have the password, or if the same password is shared by multiple machines, use offline methods to reset it, e.g., https://harryjohnston.wordpress.com/2010/03/09/resetting-a-password-in-windows-7-or-windows-vista/ […]