I have no access to a Windows PC (Windows 10, I believe; Dell OptiPlex XE3) I inherited at work. There are two login accounts/domains. Account1 prompts for a password and Account2 prompts for a PIN. I don’t know either. I can’t just reset the password because it prompts for answers to ID questions I don’t have. The previous user is not available and the potential login info they left on a sticky note doesn’t work (and possible permutations and guesses I’ve tried like digits in the org’s phone #, address, and zip code for the PIN).
This computer was independently purchased to stand alone/apart from the organization’s network and is not supported by the organization’s IT team, so they won’t help. The organization does not allow installation of non-approved software on its computers. I’m not allowed to even enable Windows Subsystem for Linux (WSL) on my regular, approved computer, which is what I need to use on this PC. The organization even blocks tech support web pages to Microsoft and Dell because they don’t want non-IT employees troubling-shooting their PCs. (The computer was/will be used to do bioinformatics data analysis which means I need a lot of specific third-party tools.)
I tried doing a reset by restarting while holding down the shift key and resetting with the keep files option. After it resets, it still shows the original two account domains to choose to log into and I’m back to where I started. I don’t have an option to add a new account. I would prefer not to do a complete reset to gain access because I’m going to continue to do what the previous user did and would like to at least see what software/tools they were using.
Is there any way I can gain access as an administrator? I searched the SDMB and found this possible solution:
ChatGPT tells me that the Command Prompt solution won’t work, though (I haven’t tried yet).
Any suggestions before I have to do a complete reset?
These might be solutions. I have not personally tried them so please don’t blame me if it doesn’t work or something goes wrong (Read: Try at your own risk):
You can use a Windows 10 installation USB to reset local account passwords:
What you need: A Windows 10 bootable USB (create one using Microsoft’s Media Creation Tool at Download Windows 10)
Steps:
Boot from the USB (press F9, F12, or Esc during startup to access boot menu)
At the installer, select “Repair your computer” → Troubleshoot → Advanced Options → Command Prompt
Find your Windows drive (usually C: or D: when booted from USB)
Back up and replace the Ease of Access utility:
cd \Windows\System32
copy utilman.exe utilman.exe.bak
copy cmd.exe utilman.exe
Restart and remove the USB
At the login screen, click the Ease of Access icon (bottom-right) — this now opens Command Prompt
Reset the password:
net user YourUsername NewPassword
Log in with the new password
Important: Reverse the change by booting from USB again and running:
copy utilman.exe.bak utilman.exe
If all else fails and you cannot recover access:
Hold Shift while clicking the Power icon on the login screen, then select Restart
Select Troubleshoot → Reset this PC
Choose Keep my files (removes apps/settings but preserves personal files) or Remove everything
I had to deal with a computer like this. I was hired to refurbish and upgrade it. I wound up using Hirens BootCD on a USB drive, and one of the programs lets you remove the requirement for a password on one of the accounts, for a single log in. From there I made my own account with a password I knew.
I should add I read that Windows Defender may block the utilman.exe method mentioned above. The suggested solutions using the utilman hack might not work if Windows Defender is active since it detects usage of renamed utilman.exe. - SOURCE
It seems if the system is up-to-date on security updates this is not likely to work. The more out of date it is the better your chances.
Again…try at your own risk, I have not done this myself. There is a reason passwords exist and should not be gotten around easily. If you cannot do the usual password recovery stuff you are very limited (as it should be).
If you do try any of this please report back on how it went. Good or bad I am very curious.
Interesting. I would not have expected Defender to be relevant since you’d be running it on a Windows USB installation, rather than a live system.
My method I can guarantee works, as I used it on the very computer I am typing on right now. I can give full details and walk the OP through it. I just didn’t because I’d have to look into things a bit to remember where I got the BootCD, how I made it into a USB, and then which specific program on it I used – it’s one of the ones in the password recovery tools, but it comes with three of them.
An alternative would just be to reinstall Windows 10 from scratch of course, assuming you can install all the drivers. I did ultimately also do that, albeit, I installed Windows 11 for support reasons. (I don’t want to try to support an older OS.)
Yeah but it is trying to change the password on an existing install which, almost certainly, has Defender. Defender may not run in this case but it might have arranged things so this attack will not work.
I sincerely hope the OP comes back and tells us what was tried and what did or did not work.
I’m surprised and a bit aghast that this is possible. I was under the impression that if someone stole my laptop, my data would be safe, as both my accounts are PIN/password protected, and the drive is protected by Bitlocker. I’m especially concerned about Chrome which is always logged into my google account and has all my passowrds.
This (should) foil any possibility at access without the proper passwords. Full stop. If you forget your password/access key then just don’t bother. You’re screwed (stopping something like this is exactly what it is meant to do). Erase everything and re-build form scratch. All data on that drive is gone unless it was backed-up somewhere else (lesson there).
Unless you are the NSA. They might be able to do it.
Ah, then I’m reassured. And yes, I have my Bitlocker key stored somewhere else, and I do regular backups. I’m still surprised that without Bitlocker, you can hack so easily into a pw protected Windows account. (according to @BigT )
Ah, yes. I forgot about Bitlocker. It may indeed be enabled on this PC, especially since it is a business computer. (The one I’m working on is a gaming laptop.) @Whack-a-Mole’s solution wouldn’t work either in that case, as any USB booted OS would be unable to access the data on that comptuer without your encryption key.
Without Bitlocker, you can literally just open up the files on that drive, so of course you can hack it to let you log in. It just requires changing some files. It’s not like it’s that big a different in security. If they can access your data, they don’t actually need to log into your account. It’s just a convenience.
So I will amend my statement to the OP: if you don’t have Bitlocker, I know my method will work. If you do, then there is but one recourse:
Reinstall Windows from scratch. Fortunately Windows will likely be able to install the critical drivers automatically. Unfortunately, you may lose activation status if the computer is volume licensed.
IIRC, at least in Windows 11 Bitlocker is active on default. I think that’s actually a good thing because most people wouldn’t activate it on their own, but OTOH during installation, Windows doesn’t inform the user about it and how to save the encryption key to another medium, which is a crass omission that must have bit thousands in the ass.
I’m not as much concerned about the files on my system drive as I’m about a bad actor gathering access to my Google account where I have stored all my passwords by getting into my local Windows account. You all know what a nightmare this could mean.
My point is that, if they can access your files, they can access that information as well. Logging into your account just makes it easier to do so.
It was also not my experience when installing Windows 11 that Bitlocker was turned on by default. And it was not turned on by default when I installed Windows 10 or lower in the past.
I think discussing the value of opt-out encryption of data would be beyond this thread. I will simply note that there are factors to consider, and I would personally prefer users to be given the ability to make an informed choice.
Thanks for the replies. I won’t be back at work until Tuesday.
I tried the Reset and Keep Files option and that just got me back to square one with the same profiles present. I think I’ll see if IT can get me a bootable USB for Windows 10 to try on the sly but they don’t support this PC and does the Windows license come into play? If I have to create one, I’ll have to do it from my home laptop.
ChatGPT told me that “net user [username] [newpassword]” wouldn’t work but I think I’ll try that before a reboot or complete reset just to be sure.
Not the end of the world if I have to reset; I just wanted to see what bioinformatic tools had been installed. The PC came with an external 10TB SSHD with a keypad so I imagine that’s where the actual data lives (and there is a sticky note with a PIN!). I was forwarded the email chain related to buying the PC and its drive is only 500GB.
I’ve done the sethc.exe exploit many times, which is basically the same as utilman but uses the Sticky Keys app instead (the one that you accidentally turn on if you hit Shift 5x). Works fine in Windows 10, Bitlocker is just another layer to deal with. May not work in 11, I haven’t had to do much there.
I get this, but you should always realize that safety is an illusion convenient for us, but if someone has physical control of your computer then they can do more. These exploits are a long term Windows exploit, Mac has had similar bypasses. Bitlocker closed some but also as mentioned above has made things a major pain in others, locking down a system under regular use. I suspect OP and I have similar use cases - dealing with problems created by coworkers.
I might suggest in your case at least doing a password on Chrome or something or use a password manager. If it ever was stolen (and you were aware at the time!) immediately change password on another device.