Lost Win11 HyperV Server2022 Password Fix

|

Loading

Lost HyperV Server2022 Password Fix

Boot the VM and immediately hit F8 to start a new install, then hit Repair and command prompt.

Since the VM, just a volume has no drive letter, we need to give it one manually so the command prompt can "talk" to it.

Follow these steps exactly in your current prompt:

  1. Enter Diskpart: Type diskpart and hit Enter.
  2. Assign the Letter: Type these commands one by one:
    • select volume 1
    • assign letter=v
    • exit
  3. Perform the "Utilman" Surgery: Now that the drive is mapped to V:, run the swap:
    • v:
    • cd windows\system32
    • ren utilman.exe utilman.exe.bak
    • copy cmd.exe utilman.exe
  4. Reboot: Type wpeutil reboot.

What happens next?

When the Server 2022 login screen appears:

  1. Click the Ease of Access icon (or press Win + U).
  2. A black Command Prompt window will open.
  3. Type: net user Administrator * /domain
  4. It will ask you to type a new password. Type it twice (Note: you won't see the characters moving while you type—this is normal).

Why this works: Even though it's a Domain Controller, the "Ease of Access" tools load before anyone logs in. By swapping the program, you are essentially "tricking" the system into giving you a System-level command prompt with the power to override the Active Directory admin password.

If net user says "The command completed successfully," you've won! Use that new password to log in.

Windows doesn't actually know you've performed "surgery" on its system files. As far as the OS is concerned, utilman.exe is now a program that happens to look and behave exactly like a Command Prompt. If you don't manually undo the change, your login screen will remain "compromised" (and slightly broken) forever.

### The "Frankenstein" State
After you successfully log in using the net user command you ran through the hijacked prompt:
1. **The Icon remains:** The "Ease of Access" button on the login screen will still be there.
2. **The Payload remains:** If you click that button again, it won't open the Magnifier or On-Screen Keyboard; it will still pop open a **System-level Command Prompt**.
3. **Security Risk:** This is a massive "backdoor." Anyone with physical access to your VM can now click that button and have full SYSTEM authority over your machine without needing a password.
### How to "Re-Stitch" the OS
Once you are back in and have confirmed your "Steve" password works, you must perform the reverse surgery to get the VM back to a healthy state.
**1. The Cleanup (Undo the Swap):**
You usually can't do this while Windows is running normally because utilman.exe (which is actually cmd.exe) might be protected by TrustedInstaller. You often have to boot back into that **Command Repair/Recovery** mode one last time.
**2. The Commands:**
Once you are back in the recovery console (where the drive is V:):
```bash
v:
cd windows\system32
del utilman.exe # Delete the "fake" Utilman (which was a copy of CMD)
ren utilman.exe.bak utilman.exe # Rename the original back to its real name

```
### Why we do it this way
In a lab environment, we use the utilman.exe trick because it's the fastest way to reset a local admin password without third-party tools. However, in a "Production" environment, a security auditor would flag this immediately.