Locked out of Windows 10, Administrator Account disabled and Bitlocker enabled

1

My Windows 10 Pro laptop (local account) has been locked out and I'm unable to login. To make matters worse my Administrator account is disabled and my drive has Bitlocker enabled!

How can either re-enable the Admin account or unlock the local account?

Wayne

Posted 2018-10-13T10:59:35.190

Reputation: 39

Question was closed 2018-10-13T17:03:02.097

Is this really your machine? – Michael Harvey – 2018-10-13T12:16:33.840

I'm curious about how you solved this. How could you open command prompt and do the commands in your answer if you are locked out and unable to login? – reben – 2018-10-13T12:50:35.577

Just updated my answer and highlighted the steps that I followed. Hope that clears it up – Wayne – 2018-10-13T13:08:23.880

Answers

2

I managed to get it working following the steps in Enable Built-in Administrator without Logging In.

Basically I did;

  1. Restarted Windows holding down Shift, this allowed me to enter Advanced Startup
  2. Selected Advanced Options and enter a Command Prompt startup
  3. Entered my Bitlocker Recovery Key to gain access to my drive. Note: my drive was now marked as D:
  4. Changed directory to D:\Windows\System32
  5. Made a backup of Utilman.exe (Ease of Access) using the following command; copy utilman.exe utilman1.exe
  6. Replaced the Utilman.exe with cmd.exe; copy /y cmd.exe utilman.exe
  7. Rebooted
  8. At the login page, I clicked the Ease Of Access button, which now opened up my command prompt
  9. Here I used the following command to enable my admin account; net user Administrator /active:yes
  10. Rebooted again
  11. Logged in with my admin account
  12. Unlocked my account

Back up and running like a charm. Just remember to copy back the original Utilman.exe if case you ever need it back.

Wayne

Posted 2018-10-13T10:59:35.190

Reputation: 39

1While this link may answer the question, it is better to include the essential parts of the answer here and provide the link for reference. Link-only answers can become invalid if the linked page changes. – Tetsujin – 2018-10-13T11:37:40.517

Thanks, I took your advice and labeled the steps that I followed. – Wayne – 2018-10-13T13:07:51.210

I have problems understanding how this could be possible, since this is an old exploit, now patched in Windows 10. See my comments in another thread; https://superuser.com/questions/1366251/how-to-access-a-pc-when-the-domain-is-not-available-and-previous-logons-were-del

– reben – 2018-10-15T17:20:35.670

@reben I'm using the latest Win10 build 1809 and it did work exactly as mentioned – Wayne – 2018-10-16T18:12:54.383

I'm very puzzled by this since it seems clearly defined as a threat now. Could you try running such a disguised cmd.exe on your system? What do you see in Windows Defender? I saw it identified as the following virus; Trojan:Win32/AccessibilityEscalation.A , plus that when attempting to run; 'The system cannot execute the specified program.' (cmd.exe disguised as utilman.exe) – reben – 2018-10-17T07:01:18.677

There are several other reports on the internet that this exploit is no longer available, like in https://4sysops.com/archives/reset-a-windows-10-password/

– reben – 2018-10-17T07:09:22.187

I'm not using Windows Defender, I have BitDefender installed. Perhaps that's why I could do it? Also, I booted into Safe Mode Command Prompt when I did the rename, so I would think BitDefender may not have started by then? Just a guess? – Wayne – 2018-10-18T08:09:27.763

I'm not using Defender either, but Norton. But Defender is built into Windows and not easily disabled, and, as it seems now, active at boot. What did the system say when you run these disquised commands when your are logged in? – reben – 2018-10-19T11:10:32.173

Asked: 2018-10-13T10:59:35.190

Viewed: 4 486 times

Active: 2018-10-13T17:04:26.537