Hi there, Its jack, i got locked of my machine 10 minutes before posting this, i thought maybe this post might help some folks out 🙂
TL;DR (2 minutes)
- Boot into Windows Recovery Environment (WinRE).
- Swap
utilman.exewithcmd.exeon *C:*. - On the login screen, hit Ease of Access → instant SYSTEM cmd.
- Run:
net user "YourUser" NewPass123!. - Log in, then restore
utilman.exeto close the backdoor.
Done. No USB sticks, no reinstall.
Copy/Paste Cheat Sheet
:: WinRE Command Prompt (assumes Windows on C:)
bcdedit | find "osdevice" :: optional sanity check
copy C:WindowsSystem32utilman.exe C:WindowsSystem32utilman.bak
copy C:WindowsSystem32cmd.exe C:WindowsSystem32utilman.exe
exit :: reboot
:: Login screen → Ease of Access shell
net user :: list users
net user "YourUser" NewPass123!
exit
:: After logging in (Admin cmd)
copy C:WindowsSystem32utilman.bak C:WindowsSystem32utilman.exe
Why This Works (30 seconds)
utilman.exe (Ease of Access) runs before you sign in. Replace it with cmd.exe, click the icon on the login screen, and you get a SYSTEM shell. SYSTEM can change local passwords. Afterwards, put utilman.exe back. Boom.
⚠️ BitLocker alert: If the drive is locked with BitLocker, you’ll need the recovery key before you can touch
C:WindowsSystem32.
Step 0: Force Windows Into WinRE
Can’t log in? Crash it into recovery:
- Power on.
- When you see spinning dots, hold power to force shutdown.
- Do it twice. On the third boot: Preparing Automatic Repair → Advanced options.
Then: Troubleshoot → Advanced options → Command Prompt.
You’ll land at something like:
X:Sources>
Step 1 (Optional): Verify Windows Drive Letter
It’s usually C:. If you want to be sure:
bcdedit | find "osdevice"
Sample output:
osdevice partition=C:
If it says C:, keep following as-is. If not, swap the letter in the commands below.
Step 2: Backup utilman.exe & Drop In cmd.exe
Commands (assuming Windows is on C:):
copy C:WindowsSystem32utilman.exe C:WindowsSystem32utilman.bak
copy C:WindowsSystem32cmd.exe C:WindowsSystem32utilman.exe
Overwrite prompt? Type Yes.
Type exit and reboot.
Step 3: Pop a SYSTEM Shell From the Login Screen
At the login screen, click the Ease of Access icon (bottom-right). Instead of accessibility tools, you get Command Prompt as SYSTEM.
List users so you don’t guess wrong:
net user
Reset the password (exact username, wrap in quotes if it has spaces, e.g. Jack):
net user Jack MyNewPassword
You should see: The command completed successfully.
Close the window, log in with the new password.
Step 4: Restore utilman.exe (Don’t Leave a Door Open)
This step is optional, since it doesn’t mess up your system, but security wise, its recommended to do.
Inside Windows, open Command Prompt as Administrator:
copy C:WindowsSystem32utilman.bak C:WindowsSystem32utilman.exe
Y to overwrite.
That closes the backdoor — the Ease of Access button works normally again.
Troubleshooting & Gotchas
“Access is denied” / Error 5
You didn’t get a SYSTEM shell. Make sure you clicked Ease of Access after the swap.
Username typos
Run net user first. Match the exact name, or wrap it in quotes.
Messed up the wrong file / forgot to restore
Boot back to WinRE and reverse it:
copy C:WindowsSystem32utilman.bak C:WindowsSystem32utilman.exe
BitLocker prompt
No key, no access. Period.
Microsoft or Domain accounts
- Microsoft account: Use the online reset: https://account.live.com/password/reset
- Domain machine: Talk to your admin. This only resets local accounts.
Final Notes
- This is a break-glass move, not routine hygiene. Use a password manager, link a recovery email/phone, or create a reset disk so you don’t need this again.
- If this saved you time/money/your sanity, drop a thanks — and document your own “oh crap” fixes for Future You.
Hope i could help you 🙂
Happy un-locking 👊