{"id":707,"date":"2017-06-09T14:55:00","date_gmt":"2017-06-09T12:55:00","guid":{"rendered":"https:\/\/asenger.de\/blog\/?p=707"},"modified":"2022-10-13T15:57:26","modified_gmt":"2022-10-13T13:57:26","slug":"bypass-windows-logons-with-the-utilman-exe-trick","status":"publish","type":"post","link":"https:\/\/asenger.de\/blog\/bypass-windows-logons-with-the-utilman-exe-trick\/","title":{"rendered":"Bypass Windows Logons with the Utilman.exe Trick"},"content":{"rendered":"<div class='__iawmlf-post-loop-links' style='display:none;' data-iawmlf-post-links='[{&quot;id&quot;:543,&quot;href&quot;:&quot;https:\\\/\\\/www.technibble.com\\\/bypass-windows-logons-utilman&quot;,&quot;archived_href&quot;:&quot;http:\\\/\\\/web-wp.archive.org\\\/web\\\/20251204120836\\\/https:\\\/\\\/www.technibble.com\\\/bypass-windows-logons-utilman\\\/&quot;,&quot;redirect_href&quot;:&quot;&quot;,&quot;checks&quot;:[{&quot;date&quot;:&quot;2026-02-06 21:45:34&quot;,&quot;http_code&quot;:200},{&quot;date&quot;:&quot;2026-02-11 00:23:30&quot;,&quot;http_code&quot;:503},{&quot;date&quot;:&quot;2026-02-14 15:53:44&quot;,&quot;http_code&quot;:200},{&quot;date&quot;:&quot;2026-02-19 01:23:23&quot;,&quot;http_code&quot;:200},{&quot;date&quot;:&quot;2026-02-25 19:34:13&quot;,&quot;http_code&quot;:200},{&quot;date&quot;:&quot;2026-03-04 14:46:49&quot;,&quot;http_code&quot;:200},{&quot;date&quot;:&quot;2026-03-10 16:44:11&quot;,&quot;http_code&quot;:200},{&quot;date&quot;:&quot;2026-03-16 00:28:33&quot;,&quot;http_code&quot;:200},{&quot;date&quot;:&quot;2026-03-22 18:16:43&quot;,&quot;http_code&quot;:200},{&quot;date&quot;:&quot;2026-04-05 10:53:59&quot;,&quot;http_code&quot;:200}],&quot;broken&quot;:false,&quot;last_checked&quot;:{&quot;date&quot;:&quot;2026-04-05 10:53:59&quot;,&quot;http_code&quot;:200},&quot;process&quot;:&quot;done&quot;},{&quot;id&quot;:544,&quot;href&quot;:&quot;https:\\\/\\\/www.technibble.com\\\/author\\\/bryce-whitty&quot;,&quot;archived_href&quot;:&quot;http:\\\/\\\/web-wp.archive.org\\\/web\\\/20251113160127\\\/https:\\\/\\\/www.technibble.com\\\/author\\\/bryce-whitty\\\/&quot;,&quot;redirect_href&quot;:&quot;&quot;,&quot;checks&quot;:[{&quot;date&quot;:&quot;2026-02-06 21:45:37&quot;,&quot;http_code&quot;:200},{&quot;date&quot;:&quot;2026-02-11 00:23:33&quot;,&quot;http_code&quot;:200},{&quot;date&quot;:&quot;2026-02-14 15:53:44&quot;,&quot;http_code&quot;:200},{&quot;date&quot;:&quot;2026-02-19 01:23:23&quot;,&quot;http_code&quot;:200},{&quot;date&quot;:&quot;2026-02-25 19:34:16&quot;,&quot;http_code&quot;:200},{&quot;date&quot;:&quot;2026-03-04 14:46:51&quot;,&quot;http_code&quot;:200},{&quot;date&quot;:&quot;2026-03-10 16:44:11&quot;,&quot;http_code&quot;:200},{&quot;date&quot;:&quot;2026-03-22 18:16:46&quot;,&quot;http_code&quot;:200},{&quot;date&quot;:&quot;2026-04-05 10:54:01&quot;,&quot;http_code&quot;:200}],&quot;broken&quot;:false,&quot;last_checked&quot;:{&quot;date&quot;:&quot;2026-04-05 10:54:01&quot;,&quot;http_code&quot;:200},&quot;process&quot;:&quot;done&quot;},{&quot;id&quot;:545,&quot;href&quot;:&quot;http:\\\/\\\/www.ubcd4win.com&quot;,&quot;archived_href&quot;:&quot;http:\\\/\\\/web-wp.archive.org\\\/web\\\/20260203213856\\\/http:\\\/\\\/www.ubcd4win.com\\\/&quot;,&quot;redirect_href&quot;:&quot;&quot;,&quot;checks&quot;:[{&quot;date&quot;:&quot;2026-02-06 21:49:39&quot;,&quot;http_code&quot;:202},{&quot;date&quot;:&quot;2026-02-11 00:23:34&quot;,&quot;http_code&quot;:200},{&quot;date&quot;:&quot;2026-02-14 15:54:23&quot;,&quot;http_code&quot;:200},{&quot;date&quot;:&quot;2026-02-19 01:23:27&quot;,&quot;http_code&quot;:200},{&quot;date&quot;:&quot;2026-02-25 19:34:21&quot;,&quot;http_code&quot;:200},{&quot;date&quot;:&quot;2026-03-04 14:46:53&quot;,&quot;http_code&quot;:200},{&quot;date&quot;:&quot;2026-03-10 16:44:34&quot;,&quot;http_code&quot;:200},{&quot;date&quot;:&quot;2026-03-22 18:16:48&quot;,&quot;http_code&quot;:200},{&quot;date&quot;:&quot;2026-04-05 10:54:03&quot;,&quot;http_code&quot;:200}],&quot;broken&quot;:false,&quot;last_checked&quot;:{&quot;date&quot;:&quot;2026-04-05 10:54:03&quot;,&quot;http_code&quot;:200},&quot;process&quot;:&quot;done&quot;}]'><\/div>\n<p>Quelle:&nbsp;<a href=\"https:\/\/www.technibble.com\/bypass-windows-logons-utilman\/\">https:\/\/www.technibble.com\/bypass-windows-logons-utilman\/<\/a><\/p>\n<header class=\"entry-header\">\n<h1 class=\"entry-title\">Bypass Windows Logons with the Utilman.exe Trick<\/h1>\n<p class=\"entry-meta\"><time class=\"entry-time\" datetime=\"2012-04-20T18:50:52+00:00\">April 20, 2012<\/time> by <span class=\"entry-author\"><a class=\"entry-author-link\" href=\"https:\/\/www.technibble.com\/author\/bryce-whitty\/\" rel=\"author\"><span class=\"entry-author-name\">Bryce Whitty<\/span><\/a><\/span><\/p>\n<\/header>\n<div class=\"entry-content\">\n<p>Utilman.exe is a built in Windows application that is designed to allow the user to configure Accessibility options such as the Magnifier, High Contrast Theme, Narrator and On Screen Keyboard <strong><em>before<\/em><\/strong> they log onto the system.<br \/>\nThis was designed to help people who are hard of sight, hearing or mobility to log onto Windows themselves without the need of outside help. Its a great feature for disabled people but it opens up a security hole that we can take advantage of to bypass Windows logons.<\/p>\n<p>Bypassing the Windows logon comes in handy if our clients have forgotten their logon password, their user profiles were corrupted or malware was interfering with the system before login.<\/p>\n<p>This works because the user can trigger Utilman by pressing <strong>Windows Key + U<\/strong> before Windows logon. This will load up the Utilman.exe executable which resides in the Windows\\System32 directory. If you swap the Utilman.exe file with something else like cmd.exe, you have access to the command prompt running SYSTEM privileges. SYSTEM is an account with the highest possible privileges on Windows which similar to the root account on Unix systems.<\/p>\n<p>Here are the step by step instruction on how to do this.<br \/>\n<span id=\"more-10159\"><\/span><\/p>\n<blockquote><p><strong>WARNING: <\/strong><br \/>\nYou can do a lot of damage to a system if you dont know what you are doing. Technibble accepts no responsibility if something goes wrong.<\/p><\/blockquote>\n<p>First of all, we will need a way to access the file system to swap out Utilman.exe with something else like cmd.exe. There are a few ways to achieve this:<\/p>\n<ul>\n<li>Remove the operating system hard drive from the target system and slave it into another system with a working operating system. From there you can swap out the files on the slave drive<\/li>\n<li>Use a Boot CD like <a href=\"http:\/\/www.ubcd4win.com\/\">UBCD4Win<\/a> and use the file management software there<\/li>\n<li>Use the Windows Vista or 7 DVD<\/li>\n<\/ul>\n<p>In this example we will be using the Windows 7 DVD. To begin, boot from your Windows 7 DVD and when you reach the first screen asking about the language, currency and keyboard format, <strong>Click Next<\/strong>.<\/p>\n<p>On the next page, down in the lower left hand side, <strong>click on the \u201cRepair your computer\u201d link<\/strong>.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-10182\" title=\"Windows Repair\" src=\"http:\/\/www.technibble.com\/articlecontent\/2012\/04\/Windows-Repair.jpg\" sizes=\"auto, (max-width: 619px) 100vw, 619px\" srcset=\"https:\/\/www.technibble.com\/articlecontent\/2012\/04\/Windows-Repair.jpg 619w, https:\/\/www.technibble.com\/articlecontent\/2012\/04\/Windows-Repair-220x163.jpg 220w, https:\/\/www.technibble.com\/articlecontent\/2012\/04\/Windows-Repair-500x370.jpg 500w\" alt=\"\" width=\"619\" height=\"459\"><\/p>\n<p>&nbsp;<\/p>\n<p>Next, select the \u201cUse recovery tools that can help fix problems starting Windows. Select an operating system to repair\u201d option, choose an operating system from the list and <strong>Click Next<\/strong>.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-10181\" title=\"Windows Repair\" src=\"http:\/\/www.technibble.com\/articlecontent\/2012\/04\/Windows-Repair-2.jpg\" sizes=\"auto, (max-width: 619px) 100vw, 619px\" srcset=\"https:\/\/www.technibble.com\/articlecontent\/2012\/04\/Windows-Repair-2.jpg 619w, https:\/\/www.technibble.com\/articlecontent\/2012\/04\/Windows-Repair-2-220x163.jpg 220w, https:\/\/www.technibble.com\/articlecontent\/2012\/04\/Windows-Repair-2-500x370.jpg 500w\" alt=\"\" width=\"619\" height=\"459\"><\/p>\n<p>&nbsp;<\/p>\n<p>You will now have an option to \u201cChoose a recovery tool\u201d. <strong>Select Command Prompt<\/strong>.<\/p>\n<p>You should now have a Command Prompt Window open. Type in the following commands:<\/p>\n<p><code>C:\\<br \/>\ncd windows\\system32<br \/>\nren utilman.exe utilman.exe.bak<br \/>\ncopy cmd.exe utilman.exe<\/code><\/p>\n<p>This will navigate to the system32 directory, rename utilman.exe to utilman.exe.bak, make a copy of cmd.exe and name it utilman.exe.<\/p>\n<p>Remove the DVD and reboot the system.<\/p>\n<p>Once the computer boots up normally, press the key combination <strong>Windows Key + U<\/strong> and you should get a Command Prompt. If the Command Prompt doesnt appear, press Alt+Tab as the Command Prompt may appear behind the Logon screen. From here, you can run many (if not all) of the commands you can normally use in Command Prompt.<\/p>\n<h3>Resetting an Existing Users Password<\/h3>\n<blockquote><p><strong>WARNING: <\/strong><br \/>\nIf you reset a users account password. This will permanently lose access to the users encrypted files. Be sure to back these up.<\/p><\/blockquote>\n<p>To reset an existing users password, we need type the text below. In this example, we will be changing JohnDoe\u2019s password to \u201chunter2\u201d.<br \/>\n<code>net user JohnDoe hunter2<\/code><\/p>\n<p>You should be able to log in with this new password straight away.<\/p>\n<p>If you dont know what the username on the system actually is, you can see a list of the users by typing:<br \/>\n<code>net user<\/code><\/p>\n<h3>Creating a New User Account<\/h3>\n<p>To create a new user account in the Command Prompt (Username: NewGuy. Password: abc123), and add them to the Administrators usergroup type:<br \/>\n<code>net user NewGuy abc123 \/add<br \/>\nnet localgroup Administrators NewGuy \/add<br \/>\n<\/code><br \/>\nAgain, you should be able to login straight away with this new account.<\/p>\n<h3>Reverting Changes<\/h3>\n<p>To restore utilman.exe, in the Command Prompt type in:<br \/>\n<code>C:<br \/>\ncd windows\\system32<br \/>\ndel utilman.exe<br \/>\nren utilman.exe.bak utilman.exe<\/code><br \/>\nThen reboot the system.<\/p>\n<p>To remove the new user account you just created earlier, type in:<br \/>\n<code>net user NewGuy \/delete<\/code><\/p>\n<p>That\u2019s all there is to it.<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Quelle:&nbsp;https:\/\/www.technibble.com\/bypass-windows-logons-utilman\/ Bypass Windows Logons with the Utilman.exe Trick April 20, 2012 by Bryce Whitty Utilman.exe is a built in Windows application that is designed to allow the user to configure Accessibility options such as the Magnifier, High Contrast Theme, Narrator and On Screen Keyboard before they log onto the system. <a href=\"https:\/\/asenger.de\/blog\/bypass-windows-logons-with-the-utilman-exe-trick\/\" class=\"btn btn-link continue-link\">Continue Reading<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-707","post","type-post","status-publish","format-standard","hentry","category-allgemein"],"_links":{"self":[{"href":"https:\/\/asenger.de\/blog\/wp-json\/wp\/v2\/posts\/707","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/asenger.de\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/asenger.de\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/asenger.de\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/asenger.de\/blog\/wp-json\/wp\/v2\/comments?post=707"}],"version-history":[{"count":0,"href":"https:\/\/asenger.de\/blog\/wp-json\/wp\/v2\/posts\/707\/revisions"}],"wp:attachment":[{"href":"https:\/\/asenger.de\/blog\/wp-json\/wp\/v2\/media?parent=707"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/asenger.de\/blog\/wp-json\/wp\/v2\/categories?post=707"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/asenger.de\/blog\/wp-json\/wp\/v2\/tags?post=707"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}