Let’s get straight to it: how to reset an administrator password using CMD on Windows 11 is the right search—and the right solution—because Windows won’t show the old password in plain text for security reasons. The safest, supported way is to reset a local admin password with Command Prompt from an elevated session or from Advanced Startup (WinRE) if locked out. This guide is practical, policy‑aware, and packed with easy fixes and pro tips.
| Point | What it means | Why it matters |
|---|---|---|
| CMD can’t reveal passwords | Windows stores password hashes, not readable text | Don’t waste time on “show password” tricks |
| Reset works for local accounts | Use net user to set a new password | Fastest legit recovery without third‑party tools |
| Locked out? Use WinRE CMD | Command Prompt from Advanced Startup | Works even when no admin session is available |
| BitLocker may prompt | You might need the recovery key | Have it ready to unlock the drive |
| Microsoft accounts differ | Reset online; net user is for local accounts | Avoid dead ends and failed attempts |
Intro vibe and quick honesty
- No scare tactics here—just clear steps that work.
- Keep things legit: only reset passwords on devices owned or approved to service.
- If it’s a work device (domain/Entra ID), use the official helpdesk or SSPR.
Terms used naturally in this article include reset administrator password CMD Windows 11, Windows 11 recovery command prompt, net user change password, enable built‑in administrator Windows 11, Advanced Startup Windows 11, Safe Mode with Command Prompt, BitLocker recovery key.
What this guide covers
- Resetting a local admin password with net user (in‑session and locked‑out cases)
- Opening Command Prompt in Advanced Startup (WinRE)
- Handling BitLocker prompts and drive letter weirdness
- Fixing “Access is denied,” username typos, and policy errors
- Local vs Microsoft account differences
- Optional: enabling the built‑in Administrator temporarily
Why “show admin password in CMD” doesn’t work
Windows doesn’t store sign‑in passwords in readable text—it stores hashes. CMD can’t “print” the old password because it doesn’t exist in that form. The correct approach is to reset the local admin password.
How to reset from an elevated CMD (already logged in)
This is the fastest method if any admin account is available.
- Open an elevated Command Prompt:
- Press Windows key, type cmd
- Right‑click Command Prompt > Run as administrator
- List users:
- net user
- Reset the password:
- net user Username NewStrongPassword
- Or reset interactively (doesn’t show the password):
- net user Username *
- Look for “The command completed successfully,” sign out/in, and test.
Expert tips
- Use a long passphrase with a mix of characters.
- If the account is disabled:
- net user Username /active:yes
- Reset the password, then sign in.
How to reset when locked out (WinRE Command Prompt)
If there’s no way to log in, use Advanced Startup (WinRE).
Open Advanced Startup (WinRE)
- Shift + Restart from the Start menu or sign‑in screen
- Or go to Settings > System > Recovery > Advanced startup > Restart now
- Or run (if permitted): shutdown /r /o /f /t 00
Open Command Prompt in WinRE
- Troubleshoot > Advanced options > Command Prompt
- Pick an account if prompted; authenticate if required
BitLocker prompt?
- If the OS drive is encrypted, have the BitLocker recovery key handy.
Find the Windows drive letter
- In WinRE, Windows might not be on C:
- Try:
- C: then dir
- If no Windows folder shows, try D:, E:, F: with dir
Reset the password
- net user
- net user Username NewStrongPassword
- Or: net user Username *
- exit, Continue to Windows, and sign in with the new password
Also read: Telegram
Troubleshooting table
| Symptom | Likely cause | Quick fix |
|---|---|---|
| Access is denied | Not elevated / wrong context | Use admin CMD or WinRE Command Prompt |
| The user name could not be found | Typo or hidden/disabled account | Run net user to list exact names; enable if needed |
| Password complexity error | Local Security Policy rules | Use a longer passphrase with mixed characters |
| Still can’t log in | It’s a Microsoft account or wrong account | Do Microsoft online reset; confirm local vs MSA |
| Drive not visible in WinRE | Letter mapping changed | Try D:, E:, F: and run dir |
| BitLocker recovery prompt | Encrypted drive | Enter the recovery key to proceed |
Local admin vs Microsoft account
- Local accounts: net user resets work.
- Microsoft accounts: net user won’t change an MSA password—use the online reset, then sign in. Afterward, consider creating a backup local admin for emergencies.
Optional: enable built‑in Administrator (if allowed)
Use only temporarily and only if policy allows.
- Enable:
- net user Administrator /active:yes
- Set a temporary strong password:
- net user Administrator NewTempPassword!
- Sign in, fix the main account, then disable:
- net user Administrator /active:no
Safe Mode with Command Prompt path
If WinRE is fussy, try this:
- From WinRE: Troubleshoot > Advanced options > Startup Settings > Restart
- Press 6 (Enable Safe Mode with Command Prompt)
- Run the same net user commands to reset the local admin password
Also read: How to Get Rid of a Virus on Mac or PC
Common commands cheat sheet
- List all users:
- net user
- Reset password (direct):
- net user Username NewStrongPassword
- Reset password (interactive):
- net user Username *
- Enable built‑in Administrator:
- net user Administrator /active:yes
- Disable built‑in Administrator:
- net user Administrator /active:no
- Quick reboot to Advanced Startup:
- shutdown /r /o /f /t 00
Security and policy best practices
- Use unique, strong passphrases; avoid reuse.
- Prefer Windows Hello for daily sign‑ins; keep a known‑good password as backup.
- Store the BitLocker recovery key somewhere safe (cloud account, printed copy in secure storage).
- Disable the built‑in Administrator when done.
- On managed devices, document changes and follow policy; use helpdesk or SSPR when required.
Also read: Vertical Lines on MacBook Screen
Quick scenario playbook
- “I can log in with another admin”
- Admin CMD > net user Username NewStrongPassword > sign out/in
- “Totally locked out, BitLocker off”
- WinRE > Command Prompt > net user reset > exit to Windows
- “Totally locked out, BitLocker on”
- WinRE > enter recovery key > Command Prompt > net user reset
- “This is a Microsoft account”
- Online reset > sign in > optionally create a backup local admin
- “Company laptop (domain/Entra)”
- Use official support reset flows (don’t bypass policy).
Resetting a local admin password with CMD is straightforward once the environment is right. The usual gotchas are BitLocker and account type. Keep a backup local admin, store the recovery key safely, and don’t fight domain/Entra policies—use the official path. If stuck, double‑check the username, verify drive letters in WinRE, and try again.
