To take advantage of these recovery options, you'll need bootable media, preferably for Windows and Linux.
(that will not be covered in this article)
The abbreviated reference is first; skip to the full instructions if you are new to this.
WINDOWS: Boot to recovery media, open CMD, and navigate to "C:/Windows/System32"
'copy sethc.exe ..'
'copy cmd.exe sethc.exe'
'copy utilman.exe ..'
'copy cmd.exe utilman.exe'
Reboot in Safe-Mode to circumvent Defender protection, and tap SHIFTx5 or click on Ease of Access.
'net user *existing_user* *new_password*' OR 'net user *new_user* *new_password* /add'
'net localgroup Administrators *existing_user* /add'
Reboot, and restore sethc & utilman
LINUX: Boot to Live Linux installation.
'sudo apt-get install chntpw'
Move to the "System32/config" directory of Windows drive.
'sudo chntpw -l SAM'
'sudo chntpw -u "*existing_user*" SAM'
Follow CHNTPW instructions for users you wish to edit; reboot system.
WINDOWS RECOVERY
1. Boot to Windows Recovery Media, and open a Command Prompt
2. Navigate to the system folder by entering
'cd C:/Windows/System32'
3. Move sethc.exe (Sticky-Keys) and utilman.exe (ease of access), and replace them with CMD. Use the following commands to do this.
'copy sethc.exe ..'
'copy cmd.exe sethc.exe'
'copy utilman.exe ..'
'copy cmd.exe utilman.exe'
Now, reboot your system & remove the Windows Recovery Media.
4. You'll need to access the system in safe mode. You can hold SHIFT when you click RESTART on the login screen; this should bring up the advanced settings menu. Select Troubleshoot > Advanced Options > Startup Settings > Restart.
5. When your system is booting up, it should ask which option you want. Select 4: Enable Safe Mode.
6. When you reach the Login screen, you should be able to click on the Ease Of Access icon or quickly tap SHIFT 5 times, and it will bring up the Command Prompt.
7. Use this to enter the following commands to change the password of a user (omit the ' ' and replace with proper info where the ** are)
'net user *existing_user* *new_password*'
For example, if you wanted to change the password of the user Joey to weird, the command would be
'net user Joey weird'
7.5. If you want to create a NEW user instead, use
'net user *new_user* *new_password* /add'
For example, if you wanted to add the user Georgie with the password silly, the command would be
'net user Georgie silly /add
8. Any new or modified users should be given Admin status to make sure they can properly change things in the system after this is done. Use the following
'net localgroup Administrators *existing_user* /add'
For example, if you wanted to make Joey an Admin, the command would be
'net localgroup Administrators Joey /add
Once all users have been either created or modified, reboot your system.
9. Log in with any of the credentials you setup; you should now be able to change any other user's passwords or info from the Control Panel. When all is done, don't forget to put the system files back the way they were, by opening CMD and entering the following code:
'Robocopy C:\Windows C:\Windows\System32 sethc.exe /B'
'Robocopy C:\Windows C:\Windows\System32 utilman.exe /B'
LINUX RECOVERY
1. Boot into Linux Live Media and open a Command Prompt, and ensure you are connected to the internet.
2. Install the password-changing software, called CHNTPW with the following command:
'sudo apt-get install chntpw'
3. When installation is complete, locate the Windows drive, and navigate to its windows/system32/config folder, then copy this, and paste it into the command prompt preceded by "cd" in the following manner
'cd /media/mint/SDJW7EKADSF7DS/Windows/System32/config'
4. Enter the following command to bring up a list of available Windows users:
'sudo chntpw -l SAM'
5. Figure out which user you need to modify, and enter the following:
'sudo chntpw -u "*user_name*" SAM'
This will now bring up a menu, where you can select which changes you wish to perform on that account. Options 1 (clearing password), 2 (unlocking user), and 3 (making user Admin) are usually all that's necessary to restore access to the system.
6. When modifications are complete, press 'q' to quit, confirm with 'y', then reboot your system & remove the Linux Live Media.
7. You should now be able to sign in, without need for password on modified accounts.
It is RECOMMENDED to add a password to those accounts after access is granted.
Original Article Here