Reset Forgotten Pin Windows 10

[Zulema Estabrooks]

Whennondestructive PIN reset is enabled on a client, a 256-bit AES key is generated locally. The key is added to a user's Windows Hello for Business container and keys as the PIN reset protector. This PIN reset protector is encrypted using a public key retrieved from the Microsoft PIN reset service and then stored on the client for later use during PIN reset. After a user initiates a PIN reset, completes authentication and multifactor authentication to Microsoft Entra ID, the encrypted PIN reset protector is sent to the Microsoft PIN reset service, decrypted, and returned to the client. The decrypted PIN reset protector is used to change the PIN used to authorize Windows Hello for Business keys, and it's then cleared from memory.

Using Group Policy, Microsoft Intune or a compatible MDM solution, you can configure Windows devices to securely use the Microsoft PIN reset service, which enables users to reset their forgotten PIN without requiring re-enrollment.

You must replace TenantId with the identifier of your Microsoft Entra tenant. To look up your Tenant ID, see How to find your Microsoft Entra tenant ID or try the following, ensuring to sign-in with your organization's account::

To configure a device with group policy, use the Local Group Policy Editor. To configure multiple devices joined to Active Directory, create or edit a group policy object (GPO) and use the following settings:

The PIN reset configuration can be viewed by running dsregcmd /status from the command line. This state can be found under the output in the user state section as the CanReset line item. If CanReset reports as DestructiveOnly, then only destructive PIN reset is enabled. If CanReset reports DestructiveAndNonDestructive, then nondestructive PIN reset is enabled.

PIN reset on Microsoft Entra joined devices uses a flow called web sign-in to authenticate users in the lock screen. Web sign-in only allows navigation to specific domains. If web sign-in attempts to navigate to a domain that isn't allowed, it displays a page with the error message: We can't open that page right now.

If you have a federated environment and authentication is handled using AD FS or a non-Microsoft identity provider, then you must configure your devices with a policy to allow a list of domains that can be reached during PIN reset flows. When set, it ensures that authentication pages from that identity provider can be used during Microsoft Entra joined PIN reset.

For Azure Government, there is a known issue with PIN reset on Microsoft Entra joined devices failing. When the user attempts to launch PIN reset, the PIN reset UI shows an error page that says, "We can't open that page right now". The ConfigureWebSignInAllowedUrls policy can be used to work around this issue. If you are experiencing this problem and you are using Azure US Government cloud, set login.microsoftonline.us as the value for the ConfigureWebSignInAllowedUrls policy.

Destructive and nondestructive PIN reset scenarios use the same steps for initiating a PIN reset. If users have forgotten their PINs, but have an alternate sign-in method, they can navigate to Sign-in options in Settings and initiate a PIN reset from the PIN options. If users don't have an alternate way to sign into their devices, PIN reset can also be initiated from the Windows lock screen with the PIN credential provider. Users must authenticate and complete multifactor authentication to reset their PIN. After PIN reset is complete, users can sign in using their new PIN.

For Microsoft Entra hybrid joined devices, users must have corporate network connectivity to domain controllers to complete destructive PIN reset. If AD FS is being used for certificate trust or for on-premises only deployments, users must also have corporate network connectivity to federation services to reset their PIN.

Key trust on Microsoft Entra hybrid joined devices doesn't support destructive PIN reset from above the Lock Screen. This is due to the sync delay between when a user provisions their Windows Hello for Business credential and being able to use it for sign-in. For this deployment model, you must deploy non-destructive PIN reset for above lock PIN reset to work.

You may find that PIN reset from Settings only works post sign in. Also, the lock screen PIN reset function doesn't work if you have any matching limitation of self-service password reset from the lock screen. For more information, see Enable Microsoft Entra self-service password reset at the Windows sign-in screen.

I've got myself into a bit of a pickle and could really use your collective wisdom. I've been locked out of my Windows 10 computer (yeah, I know, should've written down the password) and I'm scratching my head on how to get back in. Has anyone here been through this and managed to reset their password without being able to log in?

I've seen a few methods online involving bootable USB drives and using command prompts, but I'm not super tech-savvy and a bit hesitant to dive into something that seems so complex. I'm looking for a more straightforward, beginner-friendly way to reset my password and get back to my files.

[Edit] A few folks asked me if the problem was solved? Yes. The password was reset with the help of Passcue Windows Password Recovery software. Thanks Jack888 for the recommendation!

Once, I also encountered a situation where I forgot Windows 10 password of local account. I was really a little panicked at that time. After all, all the important files were in that account. I remember that I really didn't want to use those complicated technical means at that time, and wondered if there was a simple way to solve it.

So, I saw a "Reset Password" link on the login screen. Although I hadn't noticed it before, I decided to click it this time. After clicking it, the system prompted me to answer the security questions I had set before. I was quite glad that I didn't fill in some random answers at that time. The question was the name of my elementary school. I remembered that I set the name of my alma mater and answered it without hesitation. Then the system actually let me enter the interface for setting a new password.

After entering and confirming the new password, I was able to log in smoothly. This experience made me realize that setting security questions is really useful, especially when you forget Windows 10 password.

@zcbadeedee Ophcrack is not recommended if the password was strong enough. Ophcrack relies on rainbow tables to recover the forgotten Windows 10 passwords. These tables are precomputed lists of possible passwords and their corresponding hashes. If a password is complex (long, uses special characters, or is otherwise not common), it may not be included in the available rainbow tables.

In addition, Ophcrack has not been actively updated to handle newer hashing algorithms or security measures implemented in Windows 10 and 11. Newer versions of Windows have strengthened password security. So it is no longer a good choice to reset Windows 10 password when the computer is locked due to forgotten password.

Once, I also encountered a situation where I forgot my Windows 10 password. I was really anxious at the time, after all, all my important documents and work data were on that computer. I tried various possible password combinations, but none of them worked. At this time, I remembered that I had a backup consciousness before and made a Windows 10 password reset disk.

I quickly rummaged through the boxes and found the USB drive and inserted it into the computer. I restarted the computer and went to the login screen. I saw a link to "Reset Password" and clicked it without hesitation. The system recognized my password reset disk and began to guide me step by step.

A Windows 10 password reset disk is a special type of disk that allows you to reset Windows 10 user account password if you forget it. This disk is created while you still have access to your account and can be used in case you get locked out. The below tutorial shows you how to reset Windows 10 password without logging in:

Once, I forgot Windows 10 password and it felt like the end of the world. I tried all possible passwords but none of them worked, and I became more and more anxious. However, I suddenly remembered that a friend once told me about a way to reset Windows 10 password using the command prompt. I didn't pay much attention to it at the time because it seemed too complicated, but now it has become a lifesaver.

So, I decided to give this method a try. First, I needed a Windows installation disk or a bootable USB drive. Fortunately, I had an old Windows installation disk at home, so I immediately found it, inserted it into the computer, and restarted to enter the installation interface.

Step 5. Open the Command Prompt: At the login screen, click the "Accessibility" icon (usually a small circle icon) in the lower right corner. Now, the Command Prompt should open instead of Accessibility.

Although this method sounds a bit complicated, it is actually quite smooth to follow the steps. After the operation, I successfully logged in to the computer with the new password, and the big stone in my heart finally fell. I really recommend that if you are also locked out, you can try this method, but you must be careful in operation, after all, it involves modifying system files.

You can still use the rename cmd to utilman. Although I also just enable the built-in administrator with net user and then boot and login. I actually just tried this on my machine to confirm and it still works. I am on 20H2.

I have used this trick before when users have forgotten their passwords. There are even ways to reset Microsoft account passwords by using this method. This is why we enable encryption on all our drives. (I suspended it while I tried this bypass.)

3a8082e126