I had a call some time ago from a client who’d forgotten his PIN and was locked out of his Windows 10 computer. I fully expected to have regained access to his laptop within a few minutes of looking at it. Normally it would be a straightforward case of logging in using his Microsoft account password instead of his PIN. In the event that he had forgotten his Microsoft account password this could be readily reset and access to the computer granted using the password. However, the scenario I was presented with made it impossible to resolve in the normal manner.
No Microsoft account password option
When I looked at the Windows log-in screen the immediate problem was that my client wasn’t being presented with any option to log in using his Microsoft account password. The only option was to enter a PIN, which he had entered incorrectly numerous times. He was being presented with a ‘challenge’ where he first had to type A1B2C3 and then try entering his PIN again. No other options were provided.
Reset Microsoft account password
I began by using another device to reset his Microsoft account password. This was straightforward enough as he did have access to his recovery email address. I then logged in to his Microsoft account on that device and was hoping there might be something in the security settings which would allow me to remove or reset the PIN for his own laptop.
I was able to find his laptop under the Devices tab in his Microsoft account. I would have thought it would be possible to reset the PIN for his laptop there. However, there is no such option in the Security & protection settings. In fact it was really only possible to see what was happening with the device, rather than to actually change anything.
My next thought was to boot his laptop into safe mode. Normally, when a Windows 10 computer has been set up with a PIN for log-in, it reverts to the Microsoft account password when booted into safe mode. I was fairly confident that I would be able to gain access in this way. However, after booting into safe mode with networking, the only option presented was once again the PIN.
Create local administrator account
I then decided I would have to gain access to the device through the back door and see if I would be able to do anything with my client’s account from there. So I proceeded to create a local administrator log-in account using the following steps.
1. Disable secure boot in the laptop’s UEFI settings and boot from a Windows 10 installation flash drive
2. Press Shift-F10 when Windows installation reaches the screen prompting for the language to install, time and currency format etc
3. Type regedit <Enter> in the resulting command prompt window
4. When the registry GUI appears, click on HKEY_LOCAL_MACHINE and then select File/Load Hive
5. Browse to \Windows\System32\config and open the file SYSTEM
6. When prompted for a Key Name enter any name (in my case I used my name Norm) and click OK
7. In the left pane, expand HKEY_LOCAL_MACHINE, followed by Norm
8. Click Setup
9. In the right pane, edit the CmdLine value to be cmd.exe and the SetupType value to be 2
10. After entering these values, click on Norm in the left pane, go to File/Unload Hive and click Yes
11. Restart the computer
12. After restarting, a command prompt window appears. Type the following two commands: net user admin /add <Enter> followed by net localgroup administrators admin /add <Enter>
13. Type exit <Enter> in the command prompt window.
The computer then proceeded to the log-in screen and I was able to log in by clicking on the admin account.
I had now gained access to the computer with an administrator account and, if all else failed, it would be possible to remove my client’s account from there and create a new log-in for him. However, I didn’t really want to do that as it would have meant setting everything up for him again in his new account. Had I done so I could then have copied his files across from the account to which he had lost access.
Reset security settings?
However, I first wanted to ascertain whether I could reset the security settings of his account whilst logged in as an administrator. This would have been possible if the account he had been trying to access had been a local account rather than a Microsoft account. Unfortunately, with a Microsoft account, the only options presented under Manage another account are to change the account type, or delete the account. This meant there was no way I could either reset or remove the PIN from my client’s log-in.
Success at last!
I tried switching to my client’s account from the Windows start button, in the hope that I would now have the option of signing in with a password as opposed to the PIN. Unfortunately I was still presented with the PIN as the only option, and with the challenge A1B2C3 as before. I tried signing out as opposed to just switching but I was presented with the same scenario. Then I restarted the computer and this time, at the log-in screen for my client’s account, there was an option for I forgot my PIN. I couldn’t believe my luck!
I clicked on I forgot my PIN and was then able to receive a verification code at my client’s recovery email address which I entered and was finally able to reset his PIN and regain access to his account on the laptop. I then deleted the admin account I had created, restarted the computer again and logged in successfully.
A stroke of luck
Whilst I attempted everything possible to regain access to my client’s account on his laptop, I would truly consider my success at the end to have been a stroke of luck. I believe that the initial inability to access the computer using a password as opposed to a PIN was a glitch in the computer's Windows installation. And when I finally did gain access there was no particular rationale behind my success, although I had exhausted just about every other option by that stage.
In the worst case scenario, I would have ended up reinstalling Windows 10, and what I thought was going to be a five minute job would have taken much longer. One of my guiding principles is to always provide the client with a solution. I’m glad to say that the solution provided here was exactly what my client required, even though I had to jump through quite a number of hoops to get there.
If you're somewhere in Brisbane, Ipswich, Logan or the Redlands and you're struggling with an issue like this one, please don't hesitate to get in touch. I'd be more than happy to help.