Skip to content

Kon-Boot for Windows Official GUIDE

If you have purchased Kon-Boot for Windows or Kon-Boot 2in1 license this is the right place for you.

What's Kon-Boot for Windows?

Kon-Boot (aka kon boot, konboot) is an application which will silently bypass the authentication process of Windows based operating systems. Without overwriting your old password! In other words you can login to your Windows profile without knowing your password. Easy to use and excellent for tech repairs, data recovery and security audits. Fast, tiny and gets your job done!


Kon-Boot in action:

How to purchase?

Kon-Boot is currently the only solution on the market which can securely bypass Microsoft Windows / Appple macOS passwords.

We are doing our best to still improve Kon-Boot and we need your support to keep doing that. If you haven't purchased Kon-Booot already feel free to do so, thanks for your support!


After the purchase download link will be sent to your paypal associated e-mail.

Changelog

Date Version
20.08.2024 Version 4.7 released:
  • Fixed BSOD (Blue Screen Of Death) issue on Windows / Windows 11 64-bit (caused by recent MS updates)
  • Added support for Microsoft Windows Server 2016 / Windows Server 2019 (64-bit) / Windows Server 2022 (64-bit) all versions!
04.06.2024 Version 4.6 released:
  • Updates and fixes for Windows 10/11
  • Added new EXPERIMENTAL SecureBoot bypass method COMMERCIAL LICENSES ONLY (please note: whether it will work depending on the target firmware updates, currently it should support most of the modern systems - but we reserve the right to depracate this feature in the future).

09.04.2024 Version 4.5 released:
  • Updates and fixes for Windows 11
31.10.2023 Version 4.4 released:
  • Updates and fixes for Windows 10 and Windows 11
27.06.2023 Version 4.3 released:
  • Updates for Windows 10 and Windows 11
  • Fixed BSOD error on Windows 11
  • SecureBoot bypass feature is currently depracated
29.03.2023 Version 4.2 released:
  • Updates for Windows 10 / Windows 11
15.06.2022 Version 4.1 released:
  • Updates for Windows 10 / Windows 11
  • Updates for legacy BIOSes
  • Installer fixes
09.11.2021 Version 4.0 released:
  • Support for Windows 11
  • Added offline password reset option for local Windows accounts (UEFI)
  • Added support for Intel Tiger Lake (Core 11) processors with enabled Control-Flow Enforcement Technology (CET)
  • Installer fixes
01.06.2021 Version 3.9 released:
  • Added option to automatically bypass and disable Windows 10 Core Isolation / Memory Integrity - this feature when enabled was preventing successful Windows boot (UEFI)
30.03.2021 Version 3.8 released:
  • Fixed issues and blue screen errors with newest Windows 10 updates (20H2)
25.01.2021 Version 3.7 released:
  • Loader updates
  • Stability updates for Windows 10
07.10.2020 Version 3.6 released:
  • Installer updates
  • Windows 10 updates
10.06.2020 Version 3.5 released:
  • Secure Boot bypass added (commercial licenses only, PCs (excluding Apple computers))
  • Multiple installer updates and fixes
  • Added support for large USB pendrives (no longer need to meet the 16GB pendrive capacity requirement)
  • Various optimizations
07.04.2020 Version 3.4 released:
  • Updates for newest Windows 10 builds
  • Added detection for BitLocker (disk encryption) (UEFI)
26.11.2019 Version 3.3 released:
  • Updates for Windows 8, Windows 10 (Builds 18362 and newer)
  • Updates for legacy mode
12.10.2019 Version 3.2 released:
  • Stability improvements for Windows 10
  • Updates for Kon-Boot EFI/UEFI loader
17.06.2019 Version 3.1 update released:
  • Supplemental update for version 3.1 (some small fixes, legacy alternative added).
01.06.2019 Version 3.1 released:
  • Updates for Windows 8 / Windows 10 - May updates.
01.04.2019 Version 3.0 released:
  • Online account password bypass for Windows 10 (commercial licenses, UEFI only) is now STABLE (no longer experimental)
  • Improved stability
  • Installer fixes
17.11.2018 Version 2.9 update released:
  • Installer changes & fixes (improved stability and protocol changes - mandatory update)
06.10.2018 Version 2.9 released:
  • Multiple fixes for Windows 10 October update (1809), UEFI.
  • Installer fixes (added monitoring for USB devices map changes).
12.05.2018 Version 2.8 released:
  • SSL support for Kon-Boot installer
  • Added "new local admin account" feature for Windows 10 S MODE (although we recommend you to avoid such systems)
  • Added experimental Windows 10 (UEFI Systems) ONLINE PASSWORD BYPASS right now for Commercial licenses only.

03.02.2018 Version 2.7 update released:
  • Multiple Kon-Boot installer fixes
01.01.2018 Version 2.7 released (2.6 version was skipped to match the 2in1 version):
  • Additional features for Commercial version (automatically executed powershell scripts!) (UEFI part only for Windows 8/Windows 10 x64)
  • Multiple fixes for kon-boot stability (UEFI part)
  • Multiple installer fixes (USB installer now requires online activation)
  • CD version is deprecated and will no longer be maintained (last version with CD support is 2.5)
  • UEFI support for x86 bit Windows system is deprecated and will no longer be maintained (there are virtually no x86 UEFI systems out there anyway)
  • Entire documentation updated and moved to online form
07.08.2015 Version 2.5 released
  • Support for Windows 10 (local bypass only + ability to create new system account)
18.01.2014 Version 2.4 released
  • Support for Windows 8/8.1 online password bypass
18.01.2014 Version 2.3 released
  • More stable support for Windows 8/8.1 (local mode)
14.04.2013 Version 2.2 released
  • New loader
  • Fixed UEFI bugs on Lenovo systems
  • New installer
27.08.2012 Version 2.1 released
  • Sticky keys feature
  • Initial Windows 8 support

System Requirements

General requirements:

Pentium III compatible processor, 100MB free space on the hard drive. USB flash drive (prefered USB pendrive size is 16GB), keyboard. Compatibile BIOS version. Windows system is required for installer to run. USB flash drive is required for the UEFI version to work. Internet connection is required for the installer to work. Kon-boot can be only installed by using the original installer. One kon-boot license permits the user to install kon-boot on only one USB device (USB pendrive).

Not supported: Disk encryption, secure boot must be disabled., tablets and tablet hybrids, multiple operating systems installed on target computer, 3rd party loaders are supported, kernel debuggers, virtualization software (VMware, QEMU, VirtualBox) is not supported. CD and Floppy versions are deprecated.


Since version 2.7 kon-boot CD version is no longer available. We have left the old .iso images just for compatibility purposes. All versions starting from kon-boot 2.7 can be installed only on USB media.



Supported operating systems:

Operating system Supported?
Microsoft Windows XP all versions Yes (FULL SUPPORT)
Microsoft Windows Vista 32Bit/64Bit all versions Yes (FULL SUPPORT)
Microsoft Windows 7 32Bit/64Bit all versions Yes (FULL SUPPORT)
Microsoft Windows Server 2003 all versions 32Bit/64Bit Yes (FULL SUPPORT*)
Microsoft Windows Server 2008 all versions 32Bit/64Bit Yes (FULL SUPPORT*)
Microsoft Windows Server 2012 all Versions 32Bit/64Bit Yes (FULL SUPPORT*)
Microsoft Windows Server 2016 all versions 32Bit/64Bit Yes (FULL SUPPORT*)
Microsoft Windows Server 2019 all versions 32Bit/64Bit Yes (FULL SUPPORT*)
Microsoft Windows Server 2022 all versions 64Bit Yes (FULL SUPPORT*)
Microsoft Windows 8 and 8.1 all versions (32Bit/64Bit) Yes (FULL SUPPORT (normal BIOS + UEFI BIOS)).
Local and online authorization.
Microsoft Windows 10 all versions (32Bit/64Bit) Yes (FULL SUPPORT (normal BIOS + UEFI BIOS)).
Local and online authorization (depending on license).
Microsoft Windows 11 all versions Yes (UEFI mode, 64Bit - required by Windows 11 ).
Local and online authorization.
Local administrator account can be added automatically (USB only).

Online authorization bypass for Windows 11 and 10 available in commercial licenses (UEFI).
* Authorization through domain is not officially supported.


Important: Since kon-boot 2.7 there is a new feature present called automatic powershell script execution. This feature is present only in COMMERCIAL LICENSES (UEFI mode only (Windows 8 x64 / Windows 10 x64)).

Notable differences between personal and commercial version

Personal version Commercial version
Cannot be used by organizations, business entities and for any type of commercial work. Can be used for commercial purposes.
No Windows 10 / Windows 11 online account bypass support. Yes! Windows 10 / Windows 11 (UEFI) online account bypass support.
No Secure Boot bypass option. Yes! Secure Boot bypass available (UEFI / PCs (excluding Apple computers, limitations apply depending on the firmware updates).
No extra features. Yes! Extra feature present: automatic powershell script execution

Installation to USB


Since version 2.7 kon-boot can be installed only by using our GUI installer. Internet connecton is required for installer to work. Please note that all other installation options like CD installation are depracated (older kon-boot version is included in the package for compatibility reasons or in case of temporary lack of Internet connection).

We recommend using USB pendrive with less than 16 GB capactity, although it is not necessary (some older BIOSes have problems with kon-boot loading from larger USB pendrives).

Please use USB pendrive manufactured by reputable company like KINGSTON, SANDISK, SONY. Please don't use USB pendrives from "NO-NAME" companies - they may cause problems on various BIOSES.


Following video presents installation to USB pendrive media:

Manual installation to USB

Available for kon-boot v2.6 (if you use this feature in kon-boot v2.7 the older version (2.6) will be installed)


Requirements:

  • Your BIOS need to be configured to start from the USB media. If you don't know how to configure your BIOS please check external video tutorials - here
  • USB thumb drive (FAT32 filesystem)

Please note: files located on your USB thumb drive may be overwritten! Installation steps:

  1. Insert your target USB pendrive
  2. If you are using Windows Vista or newer system please right click on "usb_install_RUNASADMIN.bat" and pick "Run As Administrator" option. Otherwise just double click on "usb_install_RUNASADMIN.bat" file (bat files are located in the "kon-bootUSB" directory, so by default the entire path is "c:\kon-boot\kon-bootUSB")
  3. Follow the displayed instructions. USB Tutorial video is available here



Secure Boot Bypass

IMPORTANT: THIS FEATURE IS EXPERIMENTAL. There are limitations to this method: depending on the UEFI firmware updates it may not be supported (newest UEFI firmware updates often prevent the bypass from working because of the revoked signed keys, in this case you need to disable the SecureBoot in BIOS manually, see section below).

Following tutorial explains how to boot Kon-Boot while the Secure Boot option is enabled in BIOS:

  1. Prepare your Kon-Boot USB pendrive with Secure Boot Bypass option enabled (THIS STEP IS NECESSARY AND IMPORTANT) Secure Boot Enable Installation
  2. Boot your target computer with Kon-Boot pendrive

  3. Follow the steps explained on the images below: Secure Boot Step Secure Boot Step Secure Boot Step - Enroll key for 3 files Secure Boot Step - Enroll key for 3 files Secure Boot Step

  4. Reboot, Kon-Boot should be loaded automatically



Below is the procedure for the PREVIOUS depracated SecureBoot bypass:

  1. Prepare your Kon-Boot USB pendrive with Secure Boot Bypass option enabled Secure Boot Enable Installation
  2. Boot your target computer with Kon-Boot pendrive
  3. Enroll selected key as presented on the image below: Secure Boot Enroll Key
  4. Reboot, Kon-Boot should be loaded automatically





UEFI and Secure Boot feature

Starting from 3.5 version (commercial licenses) Kon-Boot is able to bypass Secure Boot protection on PCs (excluding Apple computers, limitations apply - depending on the UEFI firmware updates). See Secure Boot Bypass for details.

In order to use Kon-Boot in UEFI mode you need to make sure that the UEFI BIOS is not configured to use Secure Boot feature. Secure Boot feature is typically disabled however in case of any problems please enter the BIOS setup and disable the Secure Boot option manually (see examples below).

Disable Secure Boot option on ASRock motherboard Above: UEFI Secure Boot option on ASRock motherboard

Secure Boot option on Samsung motherboard
Above: UEFI Secure Boot option on Samsung motherboard


Disabling Secure Boot feature on Lenovo:

  1. Set Secure Boot option to disabled
  2. In the "Restart" tab, select "Disabled" for "OS Optimized Defaults" option and accept potential warnings
  3. In the "Restart" tab select "Load Setup Defaults" option and accept the displayed warnings
  4. Exit and save changes

Alternative approach:

  1. Set Secure Boot option to disabled
  2. Set the "OS Optimized Defaults" to "Other OS"
  3. Use the "Reset to setup mode" option in one of the BIOS tabs
  4. Exit and save changes


If you still have problems check out other youtube videos tutorials on this topic.

Disable virtualization support in BIOS

Newer Windows version use Virtualization-based Security (VBS) and/or hypervisor security. This can cause BSODs (Blue Screen Of Death) during loading Windows with Kon-Boot (Kon-Boot does not support virtualization). In order to prevent this from happening go to your BIOS setup and temporarily disable virtualization support (VT/VT-x) as presented on screenshots below.

This step is optional, try it if you experience Blue Screen of Death during booting your target Windows machine with Kon-Boot.

Following screenshots present how to disable virtualization support on various BIOSES (don't forget to SAVE the changed settings).

AWARD BIOS disable Virtualization Support

Phoenix TrustedCore BIOS disable Virtualization Support

AWRD BIOS disable Virtualization Support

GigaByte BIOS disable Virtualization Support

Disable Virtualization Support on DELL BIOS

Automatic Powershell Script Execution Feature

Starting from version 2.7 (commercial edition only) kon-boot allows user to run automatic powershell script just after the boot of target operating system. Powershell script of user choice is being run with full system rights. This gives excellent and very powerful opportunity for the forensics team to gather all the necessary data from the target system. Right now the feature works only in UEFI mode and on Windows 8 / Windows 10 systems (x64).

Following video presents this feature at work:


In order to use this feature just edit the "auto.ps1" file on your kon-boot USB media.

Will this feature be added to normal (legacy) BIOS mode?

It seems rather unlikely. Legacy BIOS Kon-Boot loader is very hard to maintain, additional unscheduled constant Windows 8 / Windows 10 security updates do not make things easier. Finally UEFI is now recognized as the BIOS replacement. Check our faq for more detailed answer on this topic.

Sticky Keys Feature

What's Sticky Keys Feature? Sticky keys is a new Kon-Boot escalation feature which allows user to spawn a console window with system admin rights before the user is logged in. Kon-Boot allows you to get console window while the Windows login screen is still active.

Requirements:

  • Windows operating system booted with kon-boot
  • Sticky keys must be enabled in your target Windows system (they are by default)
  • Kon-bootV2.1 and higher


Usage steps:

  • In order to activate sticky keys feature please tap SHIFT 5 times (FAST). (it should work with default Windows configurations)

Video tutorial available below:


Following commands should be typed manually in the console:

net user /add [username] [password]
net localgroup administrators [username] /add



How to change profile password?

Please note: this is only for local accounts:

To change your password you can try the following way (after booting with kon-boot):

  1. Navigate the Start Menu to Control Panel
  2. Select "User Accounts and Family Safety"
  3. If the User Account Control window appears click "Yes" and leave the password field empty
  4. Select "Create a new account"
  5. Create the account (pick a name) and set the permissions (administrator).
  6. Disconnect Kon Boot and restart the computer to restore original Windows authentication functionality.

After restart:

  1. Select your new User Account (the account you have created)
  2. Navigate the Start Menu to Control Panel
  3. Select "User Accounts and Family Safety"
  4. Select the target User Account (the one you want to change)
  5. Select "Change the password"
  6. Input the new information for the account and click "Change password"
  7. You are done

How to change profile password using console?


You can change your local account password by using the Sticky Keys Feature and using following commands:

net user username newpassword

where the username is the name of the local account and newpassword is the new password for this local account. Please note this is only for local accounts.

How to remove kon-boot account on Windows


You can delete your local Windows account by using the Sticky Keys Feature and using following commands:

net user username /delete

where the username is the name of the local account.

So in case of kon-boot account, type:

net user kon-boot /delete

and press enter.

Password expired

If you experience "password has expired and needs to be changed" error during your login attempt it simply means that your password has expired. This is caused by custom Windows password policy not a problem of Kon-Boot itself.

To fix this issue (after booting the target Windows OS with Kon-Boot):

  1. Use the Sticky Keys Feature to activate the administrator console
  2. Type: net user username /expires:never (where username is the target user name)
  3. If previous step was not enough, try typing: net user username newpassword (where username is the target user name)
  4. Reboot for changes to take effect

Locked account (account unlock)

It should be possible to unlock a locked Windows account by using the Sticky Keys Feature:

  1. Use the Sticky Keys Feature to activate the administrator console
  2. Type: net user username /active=yes (where username is the target user name)
  3. Reboot for changes to take effect

If this is a domain account please try:

  1. Use the Sticky Keys Feature to activate the administrator console
  2. Type: net user username /DOMAIN /active:YES (where username is the target user name)
  3. Reboot for changes to take effect

Please note Kon-Boot is a tool for bypassing passwords not really designed for unlocking so this information is just "extra".

Windows 10 Online Authorization Support

UPDATE 05.2018: Windows 10 online account authorization bypass was added to the 2.8 Kon-Boot Release (commercial licenses only, UEFI systems only).

Following video completely illustrates this entire process:



As for personal licenses:

Personal licenses does not offer online authorization bypass on Windows 10 systems. However user can still access the system as local administrator. In fact in the kon-boot v2.5 administrator account can be added automatically, as presented in the following scenario:

  1. Boot your machine with kon-boot on USB (usb version is required)
  2. Wait until your Windows 10 machine boots up
  3. You should see following message displayed on the screen MSGBOX
  4. If you want to get your new administrator account added click YES and follow the rest of instructions displayed on the screen

In case of problems (i.e. when message box was not displayed) you can add the administrator account manually using the sticky keys feature. Please see the Sticky Keys Feature for further details.


Windows HELLO login

If you account is an online (live) Windows 10 account and you have a commercial Kon-Boot license (commercial kon-boot licenses allow to bypass Windows 10 online/live passwords (UEFI)) you can bypass the Windows HELLO authorization as well.

WINHELLO

Please notice: for online/live password bypass option to work it is necessary to wait approximetely ~5minutes after Windows login screen appears (Kon-Boot message box should be displayed on the screen when things are ready).

  1. After selecting your target account, please pick Sign-in options
  2. Pick Microsoft account password option (or PIN alternatively)
  3. Put any password / pin (not blank) and press enter

BitLocker Recovery Screen

As stated multiple times on our website and here as well Kon-Boot does not support enabled disk encryption (BitLocker is disk encryption software). If you see screen similar to this below it means your hard drive is encrypted.

Bitlocker Recovery Screen

Please note: You may only see this screen when you are booting from external media ie. Kon-Boot USB. This is because of the TPM chip (Trusted Platform Module) which will detect changes to the system boot sequence. This will lead to change in the TPM's PCR values, and in the result TPM will not unseal the VMK (Volume Master Key).

Trouble creating USB / Trouble installing to USB

  1. Have you installed / extracted kon-boot package to c:\kon-boot ? if not please do so (do not install to external drives or remote locations)

  2. Please verify you have administrator access on the Windows installation machine, the lock error may be caused by either lack of administrator rights or different process (like antivirus) blocking access to usb device.

  3. Please make sure your Internet connection is working.

  4. If problem persists please try different USB port or different USB thumb drive (KINGSTON, TOSHIBA etc.). Recently we stopped recommending SANDISK ULTRA.

If problem still persists please contact support and attach the konlog.txt file from Kon-Boot installation directory.


Support

Please visit the Contact us / Support page for details.