I came across a novel way to reset a forgotten Win7 password the other day, and as it uses Linux for a small part of the procedure I thought I'd post it here .. I know this isn't new, but it's as much for my memory, as it may be of interest to others.
First let me explain something .. sethc.exe is the Windows executable that is run when you hit the shift key 5 times, that allows you to enable/disable sticky keys.
It can be run BEFORE logging on by hitting the shift key 5 times (bit of a security flaw there) .. so we're going to temporarily replace it with cmd.exe, therefore allowing you to open an administrative shell where you'll enable the Administrator account, log onto it, change the password .. then undo everything.Anyway .. here's the procedure
boot to a Livux liveCD/Live USB
copy C:\windows\system32\sethc.exe to somewhere safe (C:\Storage\sethc.exe)
copy C:\windows\system32\cmd.exe to C:\cmd.exe
rename C:\cmd.exe to C:\sethc.exe
move C:\sethc.exe to C:\windows\system32\sethc.exe (overwriting the original)
Reboot to Win7
At the login screen, hit the shift key 5 times .. an admin command prompt should open.
in the command prompt enter:
net user administrator /active:yes
close the command prompt .. reboot
you should now be able to log in as Administrator without a password.
Reset the users password
hit the shift key 5 times
net user administrator /active:no
close command prompt .. reboot to Linux liveCD/USB (though this can probably also be done from within Windows)
copy C:\Storage\sethc.exe to C:\windows\system32\sethc.exe (overwriting the original)
Reboot to Win7 and login with new password
delete C:\Storage\sethc.exe and C:\sethc.exe