Offline activate the built-in administrator on Windows 10 without signing in

If you no longer have access to a Windows 10 computer, say because you forgot the password of your Microsoft account or because the trust relationship between the workstation and the Active Directory domain failed, you need a local account with administrator rights. If you haven’t used the local account for a while, you also might not remember its name and its password. It is also possible that no other local account exists on the computer for security reasons.

In such situations, you can follow the procedure described below to offline activate the built-in administrator account.

1. Boot from your Windows 10 setup media. You might have to change the boot order in the BIOS of the computer if Windows 10 starts after you inserted the media. After Windows setup has started, you have to press SHIFT+F10 to open a command prompt.
   
2. Next, find the drive letter of the drive where Windows 10 is installed. The drive letter might be different from the one you use when you boot up Windows 10. The Windows setup media is usually on X: and, in most cases, Windows 10 is located on drive D:. To get an overview of the available drives you can run echo list volume | diskpart. You can recognize the correct drive by viewing its contents with the dir command (dir d:\users). The date of your profile folder should show the last date you logged on.
   
3. You can now replace the utilman.exe file with cmd.exe in the system32 folder of the Windows 10 system directory. But first you have to create a copy of utilman.exe so that you can restore it after you activate the administrator account. Make sure you use the drive letter that you found in step 2:
   
   
   

   move d:\windows\system32\utilman.exe d:\ copy d:\windows\system32\cmd.exe d:\windows\system32\utilman.exe

   1 2	move d:\windows\system32\utilman.exe d:\ copy d:\windows\system32\cmd.exe d:\windows\system32\utilman.exe

   
   
4. Now, remove the boot media and reboot:
   
   
   

   wpeutil reboot

   1	wpeutil reboot

   
   
5. Wait until Windows 10 boots up, press a key, and then click the Accessibility options A command prompt should open on the login screen. At this point, you have full access to your Windows 10 installation without having signed in. You could also reset the password of any account.
   
6. You can now enable the built-in administrator account. You should also set a password because, by default, the administrator account password is blank:
   
   
   

   net user administrator /active:yes net user administrator <your password>

   1 2	net user administrator /active:yes net user administrator <your password>

   
   
7. After you close the command prompt, you can sign in with the newly activated administrator account. If the computer does not belong to an Active Directory domain, you can just enter “administrator” as the user name after you click Other user. If the computer is a domain member, you should add “.\” in front of the name (.\administrator) to ensure that you log on locally:
   

After you sign in, you might want to restore the original utilman.exe. To do so, you have to boot again from your Windows 10 setup media and open a command prompt as explained in step 1. Then, you have to enter this command to restore utilman.exe:

move /y d:\utilman.exe d:\windows\system32\

1	move /y d:\utilman.exe d:\windows\system32\