1

The following will guide on how to reset a password on a Windows 7/8 machine where you have no/forgotten the local administrator password.

WARNING: Resetting a password of a Windows account means that data that has been encrypted, such as Windows EFS or stored Internet Explorer passwords, will be history. Avoid this by resetting the password of an account that hasn’t been used, such as the built in “administrators” account (none of use that… right?). Do you use BitLocker to encrypt the drive? If so you will first have to unlock the the drive/partition.

If you didn’t use any Windows-based encryption you are safe to reset your password with this information.

Step 1: Boot from Windows 7/8 setup

Be sure that your BIOS boot order has your DVD/USB device as first boot device (for Dell, press F2 to enter BIOS) or if you have the ability to select a boot menu (F12 for Dell), then select the appropriate device listing for your case. If not using a Dell machine please refer to your manufactures directions for changing boot order.

Using your Windows 7/8 setup DVD or flash drive, turn on the computer, and wait for the message “Press any key to boot from CD or DVD” and press any key.

Step 2: Close Windows Setup

Close the Language windows by clicking the X in the in the corner and confirm to cancel the Windows installation.
Wait until you see the Windows 7/8 start screen.

Step 3: Getting the CMD Prompt

Windows 7/8 setup should greet you and encourage you to configure your language settings at this point Press SHIFT+F10 to open a command prompt, which should show you “X:\Sources”

In the CMD Window enter (without " 's) "copy d:\windows\system32\sethc.exe d:"
If you get the error message along the lines of “The system cannot find the specified path” try replacing “d:” in the command above with different drive letters (possibly “e:” or “f:”) until the error message disappears

Were now going to replace the “Sticky Keys” app on your machine with a CMD prompt, enter “copy /y d:\windows\system32\cmd.exe d:\windows\system32\sethc.exe” (without " 's)

Once accepted exit and restart and wait for the logon screen.

Step 4: Sticky Keys power… Activate

Press the SHIFT key five times. You should now see the command prompt

If your wondering what Sticky Keys are … Sticky keys - Wikipedia

Step 5: Find local users

Type "net user’ to get a listing of user names that reside on your machine.

Step 6: Pick a user to reset

From the list, choose a user name that you wish it reset and type “net user user_name new_password”, user_name is the one you picked from the table (net user) and new_password is… something you can remember

If the user name or password contains blanks, you have to set it in quotes I.E C:\Windows\system32> net user “Alan Pine” “My Remembered Password”

Step 7: TA DA!

You just reset your Windows 7/8 password. Close the CMD window and log on with the aforementioned set “net user” Name and password.

If you want to restore your “Sticky Keys” app, return to step one and walk through the process again and use this command in step 2: “copy /y d:\sethc.exe d:\windows\system32\sethc.exe” IN REPLACE OF “copy /y d:\windows\system32\cmd.exe d:\windows\system32\sethc.exe”

Now that your back in… this might be a good time to “create a password reset media” from the references below

37 Spice ups
2

This worked exactly as you described. Thank You very much.

3

Thank you :slight_smile: happy I had something worth sharing and is useful to someone

4

This is awesome, great job on compiling everything, much appreciated

5

I’ve always used the NT Offline Password tool on a bootable CD, but it is good to know that there is another way.

6

Erik -

Flash drives, CD/DVD’s and myself dont always get along. I tend to place them in my back pocket and for get about it till i hear CRACK or my wife saying… “Honey are you missing something? maybe something you left in your pocket… for the wash” OOPS!

My phone and tablets seem to survive my abuse much better.

Thanks for the comments :slight_smile:

P.S. Placing a flash drive in a cup of rice for several days, REALLY does work most of the time… and phones… 50% of the time :wink:

7

I just had to do this for a personal laptop a user brought in (CEO). Worked like a charm!

8

This worked perfectly! Thanks for the great detailed write up!

9

Perfect!
Now how do I stop a school full of hackers that can find the same info. on You Tube?
Given this flaw in M$ security and the method of access at a system level using built in recovery and user tools, how do we as system admins prevent people from getting in like this?

10

Graeme -
  
Its a good question? I’ve been doing beta tests for M$ products for some time and questions just like yours I’ve brought up along with other beta testers. Some of the responses I’ve seen have had me go hmmmmm.
 
What we see as a flaw like this security nuance, has some at M$ looking at it as … what if you take that “flaw” out and there is an computer owner change or an administrator change that does not have the information to get into an administrator level account, they they are forced to rebuild/reimage the device for something that could have been fixed easily if they had a way to gain entry, the “flaw” was designed to have an OS disk that not many people are just carrying around.
 
Personally my thoughts were if you cant get in then its probably a good time for a rebuild anyway, but looking at the M$ as if I were on the inside, I guess it comes down to “Your damned if you do and Your damned if you don’t”
  
So one solution could be to build a GPO to Disable all the local user accounts from each workstation that has them and maybe use the GPO deny logon locally (Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment) to prevent anyone except domain users from logging on to desktop computers targeted by such policy. Log On Locally approach should be tested on a test network beforehand
 
Another approach could be to turn off USB ports and CD/DVD drives from the BIOS along with adding an admin only password if your BIOS supports such.
 
You might push a script to remote all local user accounts at startup … http://gallery.technet.microsoft.com/scriptcenter/47ad1824-5af7-451e-a9f5-f6dd90421394
 
Finally, configure a password policy for your or a OU so that users using local user accounts have to enter a long (like the max 255), complex password and they have to change every day and enforce password history using its maximum value to prevent them from re-using their old passwords. GPOs that have password policies configured and which are linked to OUs will affect only local user accounts for machines in that OU, so users who try to use their old local user accounts will have to frequently change their passwords and one would expect they would get tired of changing or bypassing the restrictions.
 
It’s not a neat solution to the problem, but I’ve come to find that people eventually get tired of road blocks and can be “persuaded” into submission LOL

11

Hi
After step 2 it goes back to “normal” windows login screen, the one with the users.
What am i missing?
Thanks

12

Thanks for the post and detailed instructions!
I followed all steps and each step seemed to be successful. However, when I tried to login, it said the username or password was incorrect. Any ideas?

13

I had HP recovery media instead of the native Windows disks so I couldn’t perform this as described. However, I got it done another way. I arrived here due to a broken trust relationship on the computer due to a system restore. A previous admin disabled the local administrator accounts. I just unplugged the network cable and logged in as a previously logged in domain administrator, restored the local administrator account, and then could log in as local admin with the network plugged in and restore the trust relationship with the Computer/Properties/Advanced system settings/Computer Name/Network ID.
Again - scarry that this works once the trust relationship is broken. Yes, I prefer it didn’t work.

14

Just wanted to update to say how I resolved the problem.
I followed the instructions in this link:
https://4sysops.com/archives/forgot-the-administrator-password-the-sticky-keys-trick/
It goes through the same fix, however, it specified that a reboot was required after your Step 3, which I had not done. Here is the wording that helped me recognize my missed step.
“4. Type this command to replace sethc.exe with cmd.exe:
copy /y c:\windows\system32\cmd.exe c:\windows\system32\sethc.exe
Reboot your computer and start the Windows installation where you forgot the administrator password.”

You might consider adding that to your list. Thanks SO much for posting this!

15

I’ve been away for awhile…

Thanks for the catch on the restart Lizhlbg, I thought I had that in there already but yep, your right it was missing.

g33kp0w3r I think I can agree with you about not having the “back door” entry but at the same time, we are the same people that go looking for those back doors to make life easier and if they were not there we would be cursing up a storm that we couldn’t do it.
,
No matter how many times we tell people to “save your files to the server” someone inevitable does not; in my case I had a CEO that HAD to use their personal laptop to do work, had work files, personal files, pictures and who knows what else on that laptop and somehow managed to hose things up to where he could not log on.
,
First words out of my mouth were did you save the work files to the server? I got an “I dont know if they are all there” next words out of my mouth were "I’m going to have to rebuild your laptop, did you have these files backup up? The process will erase the hard drive. Next words were… “THAT’S NOT AN OPTION!”, I would have loved to slave the HDD and pulled the files and then imaged but the HDD was encrypted, needless to say CEO wins.
,
I was thankful that I knew there was a back door approach , but it did give me my moment to preach about using personal devices for such things and the need to back up the device…, I still got canned 3 days later, but I won my unemployment because we had written policy about such things, its all good, a short time later he got canned by the board of directors :slight_smile: seems they heard about the personal laptop with confidential company files on it, I still dont know how that happened.

16

I was locked out of my Dell laptop. I have tried all the usual methods. I have tried to boot from windows 7 disc, I have tried the recovery disc, but nothing works. A white screen says this password is protected please enter password. To be honest I don’t remember that I have made a password. Thanks to Windows Password Key. It allowed me to bypass the unknown Windows 7 password just in 4 minutes.

17

It’s a great article, but it does seem to be a security flaw, in my opinion. The process you describe is quite technical - if a user is able to do this, he/she might be able to boot from, say, a Linux live CD or flash drive and backup important files etc in preparation for a reload. It would be safer to close this hole by default and perhaps make it possible to open it deliberately. On the other hand, if you’re going to take time to open this hole, rather just make a password reset disk!

My vote: close it! In a world where digital crime is so prevalent, MS should rather err on the side of caution and not leave this “flaw” available to be exploited by would-be criminals.

18

Useful tips though a bit complex for me. I once accidentally lost logon password to my Windows 8 Sony laptop. It was really a disaster because I can do nothing without logon. Luckily I found a video guide and followed the steps in the video guide to reset the password. Here is the source: https://www.youtube.com/watch?v=3Obsv7x3Ydw

19

Hats off to you man! #Alan, its working… perfect (y)

20

Thank you very much for this info. It works perfectly.