Windows Vista Password Recovery

Step 1: Recovery Command Prompt from Windows Vista Install Disk

Start the computer with the Vista install disk. At the Language/Time/Keyboard window press Next

At this window, choose Repair your computer

The Windows installer will take a few seconds to find the current Windows install. Once it does, select it and press Next

At this window, choose the last option; Command Prompt

This will run cmd.exe from the install disk. at this point permissions will be ignored on the Windows install, allowing you to replace and move files in protected Windows directories like files in C:\Windows\System32

Step 2: Replace Windows Accessibility Manager with a Command Prompt

A command prompt from inside Windows will run with whatever the current user’s permissions are. When trying to change the user or replace files in protected directories it requires administrator privileges. The exception in Windows Vista is that it will run the Windows Accessibility Manager before any user has logged on, running it as the “System” user which can write/copy/replace files in any directory. Windows does not check whether the Windows Accessibility Manager actually is that utility, so the executable (utilman.exe) can be replaced by any other executable, which can then be run as the system user without a username and password at boot, letting it enter commands that need administrator privileges to run.

utilman.exe is inside a protected system folder (C:\Windows\System32) which is why this has to be done from an install disk that will ignore file protections.

From the command prompt, enter the following commands.

c:

This will change the current drive from X: (the install disk) to C: (the drive Windows is already installed on).

cd windows\system32

This will change the directory to the directory with the command prompt and the Accessibility Manager executable.

ren utilman.exe utilman.exe.bak

This will rename the Accessibility Manager to something else for backup.

copy cmd.exe utilman.exe

This will replace the Accessibility Manager executable with the command prompt executable. When Windows tries to run the Accessibility Manager it will run a command prompt instead.

Remove the install disk and reboot the computer.

Step 3: Run the Command Prompt as System and Reset the Password

When the computer reboots press Windows Key + U

This is the key combination to start the Accessibility Manager before the user logs in. Since we replaced the Accessibility Manager with the command prompt, it will start that instead.

Enter the command net user to see the list of users on the computer.

Enter the command net user username newpassword (replacing “username” with the actual username, and “newpassword” with whatever you want the new password to be) to reset the user’s password.

Close the command prompt and login with the new password.