Forgot the administrator password? The Sticky Keys trick

If you forgot the administrator password you can easily reset the password on Windows 7, Windows Vista and Windows XP with the Sticky Keys tricks. It works always.

Update: I published a new guide that explains how to reset the Windows 8 administrator password without the need of any third-party tools.

Forgot the administrator password? There are many ways to access a Windows installation if you forgot the administrator password. Today I’ll show you another procedure to reset the Windows password by replacing the Sticky Keys application. This program allows you to use the function keys SHIFT, CTRL, ALT, or the Windows key by typing one key after the other instead of pressing them simultaneously with the second key. The main advantage of this password reset method is that you don't need third-party software; another plus is that it is easy to carry out because no Registry hack is required, as when you offline enable the built-in administrator.

Forgot Administrator Password - Sticky Keys trick

Please note that resetting the password from an account other than the corresponding user account always means that the user loses the credentials stored in the Windows Vault, stored Internet Explorer passwords, and files that you encrypted with the Encrypting File System (EFS). Of course, if you have a backup of these credentials, you can restore them; likewise, if you have exported the private EFS key, you can import it again after you have reset the password.

Like with all other solutions that allow you to reset the Windows password without having an account on the corresponding computer, you have to boot from a second operating system and access the Windows installation while it is offline.

You can do this with a bootable Windows PE USB stick or by using Windows RE. You can start Windows RE by booting the Windows Vista or Windows 7 setup DVD and then selecting "Repair" instead of "Install Windows."

By the way, you can't use the Windows XP boot CD for this purpose because its Recovery Console will ask for a password for the offline installation. However, you can use a Vista or Windows 7 DVD to reset a forgotten Windows administrator password on Windows XP.

This works because Windows RE, which is based on Vista or Windows 7, will let you launch a command prompt with access to an offline installation without requiring a password.

To reset a forgotten administrator password, follow these steps: ^

  1. Boot from Windows PE or Windows RE and access the command prompt.
  2. Find the drive letter of the partition where Windows is installed. In Vista and Windows XP, it is usually C:, in Windows 7, it is D: in most cases because the first partition contains Startup Repair. To find the drive letter, type C: (or D:, respectively) and search for the Windows folder. Note that Windows PE (RE) usually resides on X:.
  3. Type the following command (replace "c:" with the correct drive letter if Windows is not located on C:):
    copy c:\windows\system32\sethc.exe c:\
    This creates a copy of sethc.exe to restore later.
  4. Type this command to replace sethc.exe with cmd.exe:
    copy /y c:\windows\system32\cmd.exe c:\windows\system32\sethc.exe
    Reboot your computer and start the Windows installation where you forgot the administrator password.
  5. After you see the logon screen, press the SHIFT key five times.
  6. You should see a command prompt where you can enter the following command to reset the Windows password (see screenshot above):
    net user your_user_name new_password
    If you don't know your user name, just type net user to list the available user names.
  7. You can now log on with the new password.

I recommend that you replace sethc.exe with the copy you stored in the root folder of your system drive in step 3. For this, you have to boot up again with Windows PE or RE because you can't replace system files while the Windows installation is online. Then you have to enter this command:

copy /y c:\sethc.exe c:\windows\system32\sethc.exe

Want to write for 4sysops? We are looking for new authors.

Read 4sysops without ads and for free by becoming a member!

8+
Share
320 Comments
  1. KaCee Williams 4 years ago

    I did everything right but when I tried to log in it says the user profile service service failed the logon. user profile cannot be loaded. please help me, idk what to do

    2+

  2. STRONG 4 years ago

    pls what do I do

    I saw user name {password : *} /ADD [options] [DOMAIN]

    WHAT NEXT

    4+

  3. Lew 3 years ago

    Now that I'm do I need to revert it back in case of vulnerability scans, and if so, what are the commands to do so.

    1+

  4. Zmiter 3 years ago

    I've managed to reset password using slightly modified tecnique:
    "pushd"-ed into offline system32 directory, renamed sethc.exe and made symbolic link to cmd.exe, like this:

    pushd <offline_system_drive_letter>\windows\system32
    move /y sethc.exe sethc.exe.bak
    mklink sethc.exe cmd.exe

    after password reset, rebooted into recovery environment (F8 boot menu), and

    pushd <offline_system_drive_letter>\windows\system32
    move /y sethc.exe.bak seth.exe

    That's all, worked on windows 7 x64 installation

    4+

  5. isaacUg 3 years ago

    access is denied error.I cannot rename/copy/delete anything in the system32 folder.how do I change administrator privileges using cmd?thanks mike!

    1+

  6. Felix 3 years ago

    Any thoughts on Pogostick?

    1+

  7. JS 3 years ago

    I apparently don't have a sethc.exe file in my System32 folder. Is it possible for this to have another name? Just for the record, the StickyKeys function works.

    1+

  8. Name (very creative ik) 1 year ago

    I am pretty confused on how this works can't you just rename the file if you're logged into an (actual) administrator and it should work?

    0

    • Author

      You can't modify files when you are logged on the the Windows installation that you want to change. That is why you have to change files after you boot up a second installation.

      0

  9. Dr MUHAMMADARIF SHAIKH 1 year ago

    Dear Sir,

    Very excellent way to bypass Administrative passwords using sticky notes trick. My problem is my administrative password is broken by my son only on our computers. So I want to prevent his ways of doing this using system32 folder and cmd.exe OR sethc.exe.

    Kindly show me prevention of  this my son's bravery.

    0

  10. SR 1 year ago

    Hi Michael, 

    I am not getting command prompt after hitting SHIFT key 5 times when going to windows login screen after restarting the system. Though I have followed all the steps. Can you pls help

    Mine is windows 7 ultimate OS.

    0

    • Author

      Hard to say what went wrong. You can try doing steps 1 and 2 and then compare the file sizes of cmd.exe and sethc.exe. If they differ, the copy procedure failed.

      0

  11. Michael keeney 4 months ago

    This literally fails at the first step. The command prompt loads files up but then just boots the laptop up, I cant intervene and input the steps mentioned.  

    I have access to a guest account but vsnt change anything within it 🙁 Due to admin rights etc

     

    I'm so lost. Can anyone assist?

    0

    • Hello Michael,

      can you be more specific please? You say it fails at first step, which is a boot from WinPE. 

      What exactly doesnt work for you? 

      0

Leave a reply

Your email address will not be published. Required fields are marked *

*

© 4sysops 2006 - 2020

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account