Adding a password to your user account is an obvious way to increase security and keep your data a little bit safer. You can either setup a password when creating the account or later on when you feel the need to. It’s quite easy and you simply go to the user account options in Control Panel or Settings and use the option a create a new password. From then on the password will be required to logon and by other users for elevated privileges if you are an administrator.
If you or someone else happens to forget their password or doesn’t know because the password has been changed, then it becomes a problem. While you can create a password reset disk in Windows, you can’t create the disk if you don’t know the current password. There are also other ways to change the password within Windows but you still need to know the current password before using most of them.
There’s also several third party methods to reset or change the password. Something like Kon-Boot can bypass the password completely during logon while a utility like Offline Windows Password Editor can clear the password. Here we’ll show some easy ways to reset or change the user password without knowing the current password.
These methods below will work on local user accounts for Windows XP, Vista, 7, 8.x and 10. They won’t work for users in Windows 8.x and 10 who are logged in with a Microsoft mail account. To change the password on the mail account, you would need to go through the online forgotten password process.
Note: For most of these methods you will need to know the password or be able to logon to at least one administrator account on the system in order to make password changes. If you don’t have this, another password reset method will be required. Use a third party password reset disk or the Command Prompt logon trick which is the final method on our list.
Change User Account Password With A Utility
An easy way to alter the user password is by running a small and simple tool that does it for you in a couple of clicks. Here are 2 portable programs for you to look at.
XP Password Manager
As you can probably tell by the name, this password changer has been around for years and was originally designed to change the passwords in Windows XP. As the method to change user passwords is the same now as it was then, this tool works also perfectly fine in Windows Vista, 7, 8, 8.1 and 10. The only requirement is right clicking and running the program as administrator if you don’t have full rights.
XP Password Manager works for the currently logged on user account only which does limit its usage somewhat. Just run the program and select whether to set a new password or delete the password which means you won’t need to enter anything. Enter a new password in the box if you are creating one and press the OK button. The option to hide typed passwords is useful if you wish to keep anyone from seeing what you are typing.
Raymondcc User Account Password Changer
This tool has been developed by ourselves and is inspired by Arash Veyskaram’s XP Password Manager above. User Account Password Changer has a couple of advantages apart from a more up to date interface and UI text. Firstly, this tool also works on other local admin or user accounts which you can select from a drop down list. Secondly, there is an option to create a random 8 character password if you believe another user is likely to know or guess a manual password.
Run the tool with administrator privileges, select the user from the drop down then choose to set a new or blank password. Enter a new password in the box or leave it empty to erase the current password. Alternatively, check the random box to create a random 8 character password which uses a combination of uppercase, lowercase, and special characters. Use the hide checkbox so no-one can see what you are typing. Press Change to commit the changes to the account password.
Note: Be aware that these tools can produce false positives in antivirus software and online scanners because they are trying to change user passwords. That is obviously classed as malicious activity but is in fact what you are intentionally trying to do.
Change Account Password From Computer Management
Other than using the tools above to change a user account password, it is surprisingly easy to do it directly from Windows through Computer Management.
1. Open Computer Management, you can do this several ways. Right click Computer/This PC and click Manage, type compmgmt.msc into the Win+R Run dialog box or go to Control Panel > Administrative Tools > Computer Management.
2. In Computer Management, go to System Tools > Local Users and Groups > Users. There you will see the list of users including the built in Administrator and Guest accounts. Right click on the user account for the password you want to change and select Set Password.
3. Take note of the warning popup and click Proceed when you are happy to continue. Then enter the new password twice in the boxes and click OK to save the changes. Leave the boxes empty and press OK to remove the current password.
Although this is a standard Windows interface you are not asked to supply the current password before clearing or changing. You do need administrator privileges to use this option if you are a standard user although administrators will not be prompted, even if User Account Control (UAC) is enabled.
Change Account Password From Command Prompt
This method is more suited to advanced users and can be used in scripts and batch files. It is also the method used in the background by the two utilities above for changing the password.
1. Open an Administrator Command Prompt by clicking on Start or pressing the Win key and typing cmd, then hold Ctrl+Shift and press Enter. Or right click on Start and choose Command Prompt (Admin) for Windows 8.1 or 10.
2. The password can actually be changed a few ways. Type one of the following commands into the prompt and press Enter. Type “net user” without arguments for a list of user names.
net user username password
This will simply change the password for the username you specify using the password you entered. For example, net user raymondcc 12345. Make sure to put the username or password in quotes if either contains spaces.
net user username *
Using an asterisk instead of a password will ask you to type the password into the console once and then again to confirm. You will not see any characters being typed while entering the password.
net user username ""
Entering double quotes as the password will remove the password from the account completely so you can logon or ask for administrator access without typing anything. This is obviously less secure.
net user username /Random
This last command will create an 8 character random password for you and display it in the console window. The new password will be a mixture of uppercase, lowercase and special characters so make sure you memorize or note it down exactly as shown.
If you receive an access denied error while using the net command it means you are not running the Command Prompt or any script as administrator.
Change or Reset User Password if You Cannot Logon
If you are the only user on the computer and don’t know or cannot remember the password to logon, the methods above will not work as they require access to at least one administrator account. This method allows you to open a Command Prompt window at the logon screen so you can remove a password, change a password or even add/remove a user before logging in.
1. First, you will need to boot your system to a media that can copy a few Windows files around. We will use a Windows install DVD although you can also use a Windows system repair disk or another utility disk such as Hirens BootCD, Gandalf’s WinPE, a Linux LiveCD or even another operating system in a multiboot system.
2. Boot to the Windows DVD and when the Setup screen appears, press Shift+F10 to open Command Prompt. You need to find the drive letter for your Windows system which will likely be D:. Type Dir D: and see if the Program Files, Users, and Windows folders are listed. If not try Dir C:, Dir E: and so on until you find the correct drive letter.
3. Type the following commands one after the other, change the drive letter to the correct one you found above if yours is not D:
Copy Sethc.exe Sethc.exe.bak
Copy Cmd.exe Sethc.exe
Press Y when asked to overwrite the file.
4. Close the setup window behind Command Prompt, click Yes or press Y to confirm and reboot to Windows. At the Windows logon screen when you are asked for the password, press the Shift key 5 times or Alt+Shift+PrintScreen to bring up the Command Prompt.
5. Enter one of the net user commands listed above to change the password. For a list of users simply enter “net user” without arguments. This command will clear the password completely:
net user username ""
6. Now all you have to do is click in the password box, optionally type the new password if you created one and press Enter to log in.
7. This last step is optional but recommended if other users have access to the computer. Boot to the Windows install DVD and open a Command Prompt again using Shift+F10. Type the following using the same drive letter you found in step 2:
Copy Sethc.exe.bak Sethc.exe
Press Y to confirm the overwrite and close the setup window to reboot.
That restores the original Sethc executable so no-one else can cause problems by bringing up a Command Prompt during logon. If you have used another method such as a Live Linux or repair/utility CD, just replace the Sethc executable with the original.
This trick has been around for ages and works because Windows uses accessibility features at the logon screen. Pressing Shift 5 times pops up the Sticky Keys option or Shift+Alt+PrintScreen offers to enable High Contrast. If you replace the accessibility shortcut keys launcher (Sethc.exe) with Cmd.exe, it will instead launch Command Prompt when you press those keys. No-one is logged in yet so administrator privileges don’t apply.
Final Note: Do be aware that changing the password using one of these methods should be a last resort. Forcing a password change in this way will render encrypted data like emails, files and internet passwords unreadable because they will now be protected by the wrong password. To try and preserve that kind of data, something like an account password cracker might be a better option first.