I came across a novel way to reset a forgotten Win7 password the other day, and as it uses Linux for a small part of the procedure I thought I’d post it here … I know this isn’t new, but it’s as much for my memory, as it may be of interest to others.
First let me explain something … sethc.exe is the Windows executable that is run when you hit the shift key 5 times, that allows you to enable/disable sticky keys.
It can be run BEFORE logging on by hitting the shift key 5 times (bit of a security flaw there) … so we’re going to temporarily replace it with cmd.exe, therefore allowing you to open an administrative shell where you’ll enable the Administrator account, log onto it, change the password … then undo everything.
Anyway … here’s the procedure:-
boot to a Livux liveCD/Live USB
copy C:\windows\system32\sethc.exe to somewhere safe (C:\Storage\sethc.exe)
copy C:\windows\system32\cmd.exe to C:\cmd.exe
rename C:\cmd.exe to C:\sethc.exe
move C:\sethc.exe to C:\windows\system32\sethc.exe (overwriting the original)
Reboot to Win7
At the login screen, hit the shift key 5 times … an admin command prompt should open.
in the command prompt enter:
net user administrator /active:yes
close the command prompt … reboot
you should now be able to log in as Administrator without a password.
Reset the users password
hit the shift key 5 times
net user administrator /active:no
close command prompt … reboot to Linux liveCD/USB (though this can probably also be done from within Windows)
copy C:\Storage\sethc.exe to C:\windows\system32\sethc.exe (overwriting the original)
Reboot to Win7 and login with new password
delete C:\Storage\sethc.exe and C:\sethc.exe