It can be quite unsettling and nerve-wracking when a situation of an emergency arises and you find that the built-in Administrator account on your Windows Server has been inaccessible. This guide explains a method that is safe and can be repeated to get a new password for the Administrator account on Windows Server 2022 by restarting the server with a Windows installation DVD/ISO (through IPMI / remote KVM), opening the recovery Command Prompt to make a copy of cmd.exe over utilman.exe so that you can access the Command Prompt from the login screen, and finally logging in with the newly created password.
Prerequisites and safety notes
Before you begin, ensure you have:
- Through the IPMI or a remote KVM, you can access the server (hence you can mount the Windows Server 2022 ISO and interact with the console).
- Using the IPMI virtual media, you can have access to a bootable Windows Server 2022 ISO image.
- You are physically or remotely authorized and permitted to access and perform an emergency recovery on the server.
- Knowing completely that this operation is to temporarily change the accessibility binary, you have to change back the original binary after the operation to keep the system intact.
Some important safety measures: do it during the maintenance windows or when it is possible to have a service interruption. Do not execute commands that you do not understand on production systems without backups. The instructions below are based on the assumption that the Windows system drive is D: when accessed from the Recovery Environment, make sure that the drive letter is the same in your environment before going on.
Step-by-step procedure
1. Boot the server from the Windows Server 2022 ISO via IPMI
- Mount the ISO using your IPMI virtual media tool.
- Reboot the server and press F11 (or the vendor-specific boot menu key) during POST to choose the virtual CD/ISO as the boot device.
- When the Windows installation window appears, click Next.
- Select Repair your computer – Troubleshoot – Command Prompt.
2. Identify the Windows system volume
In WinRE, the drive letters may differ from what you expect. The example below assumes the Windows installation appears on D: in recovery mode. If C: is your system drive in normal operation, but D: appears in WinRE, use the actual letter shown on your system.
3. Prepare the Ease of Access replacement (from Recovery Command Prompt)
At the Command Prompt, run the following commands exactly as shown:
d:
cd Windows
cd System32
move Utilman.exe Utilman.exe.bak
copy cmd.exe utilman.exe
net user administrator /active:yes
shutdown -r -t 0
- move Utilman.exe Utilman.exe.bak changes the name of the original Ease of Access executable that can be restored later.
- copy cmd.exe utilman.exe puts a copy of the command shell in the location where Ease of Access is expecting its executable, thus if you open Ease of Access, it will be a shell with system privileges that gets opened.
- net user administrator /active:yes makes sure that the built-in Administrator account is enabled (if it was disabled).
- shutdown -r -t 0 is used to restart the server right away, so you can use the new method at the login screen.
4. Reset the Administrator password from the login screen
- After the server reboots to the login screen, press Win + U (or click the Ease of Access icon). A Command Prompt will open.
- At that prompt, run:
net user Administrator your-new-password
exit
- Replace your-new-password with a strong password that meets your domain or local policy. exit closes the prompt and returns you to the login UI.
- Log in using the Administrator account and the new password.
5. Restore the original utilman.exe (important cleanup)
- After successful login, reboot into the Windows Recovery Environment again (via IPMI + ISO or native Advanced Startup) and open Command Prompt, then run:
d:
cd Windows
cd System32
del Utilman.exe
ren Utilman.exe.bak Utilman.exe
shutdown -r -t 0
- This deletes the temporary utilman.exe (the copy of cmd.exe) and renames the backup to restore the original Ease of Access application. Reboot (shutdown -r -t 0) returns the server to normal operation.
Risks, best practices, and troubleshooting tips
This method should only be used as a last resort to gain emergency access. Their use should be documented in the audit logs and change control. Once the credentials have been reset, it is a good idea to look at local / domain security policies, account lockout settings, and event logs to make sure that there have been no unintended changes.
In case the system drive is not D: in WinRE, please use the correct drive letter. If the move or copy operation fails because of permissions or file locks, check that you are really in the Recovery Command Prompt environment and that the Windows partition is available.
It is very important to always put back the original utilman.exe after you are done; if you leave cmd.exe there, it is a very serious security risk, as anyone with access to the console could get elevated access.
Using an ISO and the Windows Recovery Environment to reset the Administrator password for Windows Server 2022 is a well-functioning rescue method in case both remote and local administrator credentials are lost. The process involves remote IPMI access, the installer’s recovery tools, and temporarily replacing utilman.exe with cmd.exe to get a command shell with elevated rights at the login screen, hence allowing password reset via the net user command. Do not forget to put the original utilman.exe back right away to keep the system safe and to comply with your change-control procedures.
ServerAdminz is a good option if you want professional support: they provide quick emergency access facilitation, safe remediation for restoring system binaries and account policies, and proactive hardening to lessen the occurrence of emergency password resets in the future.
If you need any support on Windows Server 2022 password recovery, emergency access, or server performance optimization, contact us for expert assistance.
