Offline enable the Windows built-in administrator account (fixed by Microsoft)
Posted: Fri May 10, 2019 2:00 pm
Offline enable the Windows built-in administrator account (fixed by Microsoft around 1903)
Boot from the Windows boot media
After Windows setup started press SHIFT+F10 to access a command prompt
looks like this no longer works - tried on 1903 and did not work - see option 2 further down
copy /y d:\windows\system32\sethc.exe d:\windows\system32\sethc-orig.exe
copy /y d:\windows\system32\cmd.exe d:\windows\system32\sethc.exe
Remove the boot media and restart Windows
At the login screen, hit the SHIFT key five times until the command prompt appears
Type net user administrator /active:yes. This enables the built-in administrator account in Windows
Reboot the computer. When the logon screen appears, click the arrow on the left
option2
Boot from the Windows boot media
After Windows setup started press SHIFT+F10 to access a command prompt
regedit
Highlight the HKEY_LOCAL_MACHINE key
file load hive
%windir%\system32\config\sam
call offiine
navigate to HKEY_LOCAL_MACHINE\Offline\SAM\Domains\Account\Users\000001F4 (should be administrator, can check in names as should have 1f4)
double tap "F"
down arrow to line 0038 (looks like 11 02 00 00 00 00 00 00) (the 11 was 15 in 1903)
press delete once which will remove the first char which is 11 or 15
type in 10
press ok
highlight offline
file unload hive
close windows and restart
administrator should be back
you can also create a new admin user if required
net user /add user-name user-password
net localgroup administrators user-name /add
don't forget to turn it back off after you have added new users
boot back onto boot media as before and copoy back the sethc.exe
select correct drive letter
c:
cd windows\system32
copy /y sethc-orig.exe sethc.exe
net user administrator /active:no
Boot from the Windows boot media
After Windows setup started press SHIFT+F10 to access a command prompt
looks like this no longer works - tried on 1903 and did not work - see option 2 further down
copy /y d:\windows\system32\sethc.exe d:\windows\system32\sethc-orig.exe
copy /y d:\windows\system32\cmd.exe d:\windows\system32\sethc.exe
Remove the boot media and restart Windows
At the login screen, hit the SHIFT key five times until the command prompt appears
Type net user administrator /active:yes. This enables the built-in administrator account in Windows
Reboot the computer. When the logon screen appears, click the arrow on the left
option2
Boot from the Windows boot media
After Windows setup started press SHIFT+F10 to access a command prompt
regedit
Highlight the HKEY_LOCAL_MACHINE key
file load hive
%windir%\system32\config\sam
call offiine
navigate to HKEY_LOCAL_MACHINE\Offline\SAM\Domains\Account\Users\000001F4 (should be administrator, can check in names as should have 1f4)
double tap "F"
down arrow to line 0038 (looks like 11 02 00 00 00 00 00 00) (the 11 was 15 in 1903)
press delete once which will remove the first char which is 11 or 15
type in 10
press ok
highlight offline
file unload hive
close windows and restart
administrator should be back
you can also create a new admin user if required
net user /add user-name user-password
net localgroup administrators user-name /add
don't forget to turn it back off after you have added new users
boot back onto boot media as before and copoy back the sethc.exe
select correct drive letter
c:
cd windows\system32
copy /y sethc-orig.exe sethc.exe
net user administrator /active:no