As you probably know, to log onto a computer running Microsoft Windows, you need a user account with a password. You can also use a PIN, fingerprint reader or other device if you do not want to use a password. And as long as you don’t forget your password, everything should be fine. But you may run into a situation where your password or PIN no longer works, or Windows itself has an issue that prevents you from logging on to your computer.
If you have another user account on the PC, you can generally use that account to log on to your computer and try and fix your other account. But if it’s the only account you have on your computer, then you have a serious problem. In this article, we will be showing you how to enable and log in with the built in Windows admin account if you can’t log on to your computer.
How the Accessibility Shortcut Hack Works
This method is often referred to as the “Utilman Hack.” Utilman (Utility Manager) is the Windows process responsible for the accessibility options on your login screen. By using the Command Prompt in the recovery environment to replace the Utilman executable with the Command Prompt executable, we can “trick” Windows into giving us an administrative command line before anyone even logs in.
Once we have that command line access at the login screen, we can launch the Registry Editor or use “Net User” commands to unlock the hidden Administrator account, giving you a back-door entry into your system to recover your files and fix your primary account.
On a side note, Windows comes preconfigured with an administrator account that is named Administrator, but it is disabled by default. If you want to use this account on your computer even when you are not having issues, you can enable it via the command line when run as administrator.
To enable the built in Administrator account.
net user administrator /active:yes
To disable the built in Administrator account.
net user administrator /active:no
Preparation: Entering WinRE
If your computer is frozen or the “Shift + Restart” method doesn’t work, you can force Windows into the Windows Recovery Environment (WinRE) by following these steps:
- Turn the computer off.
- Turn it on, and as soon as you see the Windows logo or the manufacturer logo (Dell, HP, etc.), hold the power button down until it shuts off again.
- Repeat this 3 times. On the fourth start, Windows will say “Preparing Automatic Repair” and then give you the “Advanced Options” button to reach the Troubleshoot menu.
Step 1: Booting Windows Into the Recovery Options
The first step in enabling the built in Windows admin account so you can use it to log into your computer requires you to hold down the Shift key on your keyboard while clicking on Restart from the power options at the lower right corner of the login screen.
This will boot Windows into the recovery options interface that has a variety of tools you can use to try and repair your computer if it is not starting properly or having other issues.
On the first screen, you will need to click on the Troubleshoot option.
On the next screen, click on Advanced options.
In the Advanced options section, click on Command Prompt.
Step 2: Configuring Utilman.exe from the Command Line
Once you are at the command line, you will need to find out which drive letter is being used for Windows. By default, Windows will use the drive letter X at the prompt but for most systems, Windows uses the letter C for the Windows drive. But if you try to run the required commands using the drive letter C, they may not work if Windows is using a different letter.
If you have more than volume or hard drive in your computer, then there is an even greater chance that the letter C is not being used for the Windows drive so you will need to find out which letter is actually being used. And if you were wondering, this is only temporary, and your Windows drive letter has not actually been changed.
To find the correct drive letter needed for the next step, you can type diskpart at the command prompt. Then once the prompt changes to DISKPART>, you can type list volume to show what letters are assigned to what partitions\drives.
You may see a lot of volumes so you will need to know which one is for Windows. It may have a volume label but if not, you can also look at the Size column and find the one that matches the size of your Windows drive.
Once you have the correct drive letter, you will need to type the following commands but replace the letter C with the letter of your Windows drive if needed. Be sure to press enter after typing in each command.
move c:\windows\system32\utilman.exe c:\
copy c:\windows\system32\cmd.exe c:\windows\system32\utilman.exe
exit
Once you exit the command prompt, you will then choose the Continue – Exit and continue to Windows option.
Why Modify the SAM Hive?
The SAM (Security Accounts Manager) is a database file that stores user passwords and account permissions. Normally, this file is locked by the system while Windows is running. By using our “Utilman” Command Prompt trick, we can access the SAM hive directly.
The specific key we are looking for, 000001F4, is the unique ID for the built-in Administrator account. Modifying the binary data at offset 0038 is the manual way of toggling the “Account is Disabled” flag from “Yes” to “No.”
Step 3: Editing the Windows Registry
Once you are back at the login screen, you will need to click on the Accessibility icon to the left of the power icon.
This will then bring up another command prompt window where you will need to type in regedit to open the Windows Registry Editor.
From here, navigate to the following key.
HKEY_LOCAL_MACHINE\SAM\Domains\Account\Users\000001F4
Then in the right pane, look for the letter F and double click on it.
Using the down arrow key, place the cursor on the line 0038 before the number 11.
Press the delete key one time to delete the number 11 and then just type 1 which will then insert the number 10.
Click on the OK button and then close the Registry Editor and the command prompt windows. Then click the power button and choose Shut down.
Turn on your Computer again and at the sign in screen, click on the Administrator account to login with no password.
Once you are back in Windows, you can then try to fix your other user account, change its password, backup your files or create a new user account.
Important: Undoing the Hack (Security Cleanup)
Once you have regained access to your computer and fixed your main account, you must undo the changes made to the utilman.exe file. If you don’t, anyone with physical access to your PC can click the accessibility icon and have full command prompt access to your files.
- Boot back into the Command Prompt via the Recovery Options (Shift + Restart).
- Type the following command to move your original backup back into place:
copy c:\utilman.exe c:\windows\system32\utilman.exe - Type Yes to overwrite, then exit and restart.
This restores your accessibility options and secures your computer’s login screen once again.
Windows Administrator Account FAQ
I get an “Access Denied” error in Command Prompt?
This usually happens if your drive is encrypted with BitLocker. You will need to enter your BitLocker recovery key before Windows will allow you to modify the System32 folder.
Will this work on Windows 10 and Windows 11?
Yes, the location of the Utilman file and the SAM registry keys are identical in both Windows 10 and Windows 11.
Can I use this to reset a PIN?
Indirectly, yes. Once you log in with the built-in Administrator account, you can go to Settings > Accounts and remove or reset the PIN for your primary user account.
You can also use the Hirens Boot CD method to enable the Administrator account as an alternative option.
For additional training resources, check out our online IT training courses.
Check out our extensive IT book series.
