Usually, a Windows password can be changed using an administrator account or from the account itself if you have the current password. However, in some situations, you may need to access the user but you are unable to change the password using the conventional methods.
Of course, there are tools that can do the job but in case you didn’t have the tools, or you love to do it by yourself, you can to the methods we will explain now. Some people will ask: why to do it yourself if you can get the tools, I would answer: because I can.
NOTE: This tutorial is for educational purposes and I am not responsible for any consequences that can occur in case you try it.
First, you will need a Windows DVD, just to access the terminal, any other bootable terminals will do the job, but the command s may differ slightly. Windows 10 is preferable because it has fewer issues with loading drivers and getting you in without a user account password
1- Boot from the DVD, when the setup reaches the Install now page, click repair my computer, then choose to troubleshoot, then Command Prompt
2- Once the command prompt is ready, use the dir command to locate your operating system partition by trying different letters, ex dir c: , dir d:
Once you find the Program Files and Windows folder, then this is the partition. During the rest of this tutorial, the drive letter will be referred to as <windowsdrive> and the username that you will reset the password for will be referred to as <username>
3- Type in the following command in the given order and be careful as any mistake can delete important files and lead to a corrupt system:
copy <windowsdrive> :\windows\system32\sethc.exe <windowsdrive> :\
copy <windowsdrive> :\windows\system32\cmd.exe <windowsdrive> :\
del <windowsdrive> :\windows\system32\sethc.exe
rename <windowsdrive> :\windows\system32\cmd.exe sethc.exe
copy <windowsdrive> :\ cmd.exe <windowsdrive> :\windows\system32\
4- Close the command prompt and continue to start windows, and once you reach the login screen, press shift for 5 consecutive times, a new command prompt windows will open
5- Type net user <username> * , you will be asked to type the password and confirm, keep in mind that as you type, nothing will appear, so do not think that something is wrong, this is just how the command works
Once done, log in with the newly changed password, and you are done, however, to keep things clean, you should reverse the changes by rebooting from DVD and entering the command prompt and typing the following commands:
del <windowsdrive> :\windows\system32\sethc.exe
copy <windowsdrive> :\ sethc.exe <windowsdrive> :\windows\system32\
Ok great, but what did we do here? In brief, there is a utility in windows called sticky keys, that comes up when shift is pressed 5 times consecutively. The useful thing, in this case, is that sticky keys can be used in the login page, and since it is on the login page, it will have system privileges. In this tutorial, we backed up cmd and sethc to the local drive, then we renamed cmd to become sethc, this way when Shift is pressed 5 times, we will have access to cmd with system privileges and can use it to reset the password.