The “sticky keys” technique for resetting the password on a Windows system is described in many places around the web, but all tend to over-complicate the steps. I’m describing it here for my own reference, so I have a reminder of how it works.
The technique basically provides access to a command prompt from the Windows login page – the page right at the start with an icon for each user. This page appears to run with administrator privileges, so the command prompt can be used to reset any password of any user without knowing any further details.
The command prompt is invoked by moving cmd.exe into the place of the command that handles the “sticky keys” functionality in the login page.
The steps are:
- Rename c:windowssystem32sethc.exe out of the way (to sethc-bak.exe for example).
- Copy c:windowssystem32cmd.exe to c:windowssystem32sethc.exe
- Boot up the PC to the account selection screen.
- Press the shift key five times. This will bring up a command prompt window.
- Reset the password at the command prompt: net user your_user_name new_password
- Log in using the new password.
- Remove c:windowssystem32sethc.exe and restore the saved sethc-bak.exe
The first step involves getting to the file system on the machine. If you just have one machine and Windows 7 install disks handy, then you can boot up the recovery console to a command prompt and rename the files from there.
You may not be able to do step 7 until after a reboot. You may not be able to remove sethd.exe while Windows is running, but you should be able to rename it to sethd-delete.exe or similar to make room to restore the original file.
When I’m recovering the passwords for a laptop, however, I find it easier to just slip the hard drive out and pop it into another machine by USB and rename and copy the files from Windows Explorer. One of these USB-to-SATA docking stations comes in very handy for doing that:
Since posting this, I was given a Windows Vista machine to repair, with which to reset the password. I was unable to rename the files on removing the hard drive and mounting it on my Windows 7 laptop. Windows simply would not let be change anything in the C:Windows folder, complaining about a security issue each time I tried.
In this instance it was necessary to enter the recovery console command prompt, which is pretty much a hidden feature.
To do this, boot from a Windows 7 CDROM then select “Repair Computer”. Once booted, you will be given the option to restore from a previously saved version of Windows. Select that option. Ignore all the errors it gives you about no saved versions being available, but continue until you are able to “Cancel” the process. Once you hit Cancel, you will be presented with this menu:
Right at the bottom of the menu is the option to enter the command prompt, and that is where you can rename the system files to turn on the sticky keys hack.