How to Gain Administrator Access in Windows Without a Password


Gaining Administrator access in Windows is easy, and it can be accomplished within a few minutes on Windows 7, Windows 8 and Windows 10. This guide is entirely for educational purpose. Please do not attempt to break Administrator access to a device you do not own unless you have the explicit permission of the owner.


Local or Microsoft Account?

The following methods will only work for local accounts. If we use our Microsoft account to log in the PC on Windows 8.1 and Windows 10, we can reset our password through Microsoft.

How to gain administrator access with a Windows Boot DVD/USB

There are a plenty of applications to help us gain administrator access to Windows. If, however, we already have a Windows installation DVD or USB, we don't need any third-party applications, we can use the installation medium to do a clever hack.

Even if we don't have a Windows installation media available, it's easy and legal to download Windows 7, download Windows 8.1 or download Windows 10 from Microsoft website. We can then create a Windows Installation Disc or USB.

We have created this guide using a Windows 10 installation DVD. It should work the same with a Windows 8.1 DVD or USB, but Windows 7 is slightly different, we will point out the differences through the guide.


Boot with a Windows DVD/USB

It doesn't matter on which version of Windows we want to gain administrator access; any installation medium will do. A Windows 7 DVD can be used to gain administrator access to Windows 10 and vice versa.

The next step is to change the BIOS or UEFI settings or use a boot menu to boot from the installation medium.

Open the Windows -> System 32 Folder

After we boot from the installation medium, we need to press any key on the keyboard when prompted, to enter the Windows Installation environment.

On the "Install now" screen, we select the "Repair your computer" option.

There, we click on Troubleshoot.

Advanced options.

System Image Recovery.

Don't worry if you have never created a System Image, we won't use this feature to gain administrator access.

We select the target operating system.

Since we don't have a System Image to recover, we cancel the initial prompt.

Then, we click next with "Select a system image".

We click on "Advanced"

Select "Install a driver"

Click OK

By the way, if we used a Windows 7 DVD or USB, we would get the same "Install a driver" option right after we clicked on "Repair your Computer".

That's Microsoft for you, making the simple complex.

The "Load Drivers" button will open a Windows Explorer Window, which will give us access to any and all of the system files.

We just double click "This PC" and then open the Local Disk containing Windows.

If our PC has a System Reserved Partition, the correct Local Disk containing Windows might be D:

Inside the Local Disk, we navigate to Windows -> System32

Modify the proper files

At this point, we need to be careful. If we mess with the wrong files, we could make the Windows installation unbootable.

In the System32 folder, we look for the cmd application. The fastest way to find it is to type "cmd".

We make a copy of the file with Ctrl+C, paste a copy of it with Ctrl+V and then press F5 to refresh. If we did it correctly, we get a "cmd - Copy" file.

After that, we need to find the "Utilman" application and press F2 to rename it.

We rename it to "Utilman 1", "Utilman Bac", or anything else, and confirm with Enter, we must again press F5 to refresh and see the change.

Finally, we go back to "cmd - Copy", press F2 to rename it, change its name to "Utilman" and press F5 to refresh. If we get any error, it probably means that we haven't renamed the original Utilman correctly.

After that, we can reset our PC from the reset button most PC towers have. If it is a laptop, we can press the power button until it shuts down. Don't worry, this will have no adverse effects on your system.


Gaining administrator access

We boot from the hard drive to the installed Windows. At the login screen, we click on the Ease of Use icon.

On Windows 7 and Windows 8.1, we will find it on the left side.

The "Ease of Access" panel uses Utilman.exe to run. But since we have replaced Utilman.exe with a cmd.exe file, the Ease of Access button will open the command line. Neat.

Now, to gain administrator access, we the username of an administrator account. We just type:
net localgroup Administrators
Remember, we can only gain administrator access to a local account. So accounts that also show their email on Windows 8.1 and Windows 10 are off-limits.

In our example, we can gain administrator access only with the PCsteps account, not with my personal Microsoft account.

On Windows 7, where there is no option to log in with a Microsoft account, we won't have such a problem.

Now, the only thing left to do is type:
net user (user name) *

If the username is two words, we need to have it inside quotation marks " ". The system will prompt us for a new password.

We can leave the new password blank, by just pressing Enter twice, for the password and confirmation.

We now just have to click on the administrator account and Sign in without a password.

And that's it. We have successfully gained Administrator access in Windows.

If we are not using the Ease of Access features, there is no haste to change the system files back.

Whenever we want, we can repeat the process, delete the Utilman CMD executable, and rename the Utilman 1 back to Utilman.


How to gain administrator access with Lazesoft "Recover My Password"

An alternative method to gain administrator access to Windows, using Lasesoft's "Recover My Password" software.

Install "Recover My Password"

On another PC than the one we need Administrator access on, we download the latest version of Lazersoft's software from

The installation is safe; it won't attempt to trick us into installing toolbars, adware, spyware, or browser hijackers.

Create bootable media

After the installation, we run the program and click on "Burn Bootable CD/USB Disk Now!".

We can leave the default "DO NOT Specify the Windows version" option.

The app gives us three choices: immediately burn a CD or DVD, create a bootable USB flash, or create an ISO image to use later. For the example, we will create a bootable USB flash.

The Recover My Password application will first download the WinPE components from Microsoft.

Then, it will ask to format the USB drive. This procedure will delete any files on the USB, so make sure to check before you click on "Yes".

After that, the Lazesoft app will begin creating the bootable drive. It shouldn't take more than a couple of minutes.

Soon, the disk will be ready.

It's best to remove it safely, so we avoid any chance of data corruption.

The Recover My Password bootable environment

Back on the PC where we need administrator access, we must set up the BIOS or UEFI to boot from the bootable medium and boot from the Lazesoft installation media.

We will get a "Windows Boot Manager" screen, where we select the Lazesoft Live CD or Lazesoft Live USB option, depending on the medium.

On the recovery environment, we leave the default "Reset Windows Password" option.

If Lazesoft doesn't recognize our hard drive, we need to download our motherboard's SATA drivers and load them with the Load Drivers button.

The Recover My Password Home Edition is completely free only for non-commercial use, so we have to confirm that we aren't using it in a production environment.

Lazesoft will ask us to select the Windows installation - in case we are multibooting - and will give us the option to reset the local password.

On the next screen, we can select one of the Windows accounts.

As with the Windows Installation DVD / USB method to gain Administrator access, we can't reset the password on a Microsoft Live ID account.

The best course of action is to select the Administrator account, which is disabled by default.

Recover My Password will enable the Administrator account, and reset its password to a blank password.

With this, we are done, and we now have administrator access on the current PC. We just have to reboot the computer.

Remember to remove the bootable media, so the system doesn't reboot back into the Lazesoft environment.

On the next boot, we will find the "Administrator" user.

We just click on it, wait for a couple of seconds for Windows 8.1 or Windows 10 to set up the account.

And we now have administrator access.

We can go to Local Disk (C:) -> Users -> (our main account username) and copy anything from our personal folders and files.

If any of the above mentioned steps didn't work for you as explained, and you are unable to gain administrator access to your Windows installation, please write to us in a comment box and we will give you a workaround.

No comments:

Powered by Blogger.