
Reset Your Windows Password Using the Sticky Keys Trick
Have you ever found yourself completely locked out of a machine without remote access, and you need to reset your Windows password? More times than I’d like to admit, I’ve found myself working on a client’s domain-joined machine that I ended up locking myself out of. Whether it was a GPO preventing blank passwords or Duo timestamp issues, I have found myself using this sticky keys trick more than a few times.
Shoutout to Michael Pietroforte, who originally posted on this topic in his article, “Forgot the administrator password? The Sticky Keys trick.” I can confirm that this trick still works on Windows 10 and 11.
Disclaimer
This guide is purely for educational purposes and is intended for managed IT providers. It is not intended for unethical purposes and in no way does this blog advocate for that use.
Important Considerations
Before we dive into the steps, it’s crucial to note that resetting the password from an account other than the corresponding user account will result in the loss of credentials stored in the Windows Vault, Internet Explorer passwords, and files encrypted with the Encrypting File System (EFS). If you have backups of these credentials or have exported the private EFS key, you can restore them after resetting the password.
Prerequisites
To reset the password, you will need to boot your system from a second operating system such as a bootable Windows PE (Preinstallation Environment) USB stick or Windows RE (Recovery Environment). You can start Windows RE by booting from a Windows Vista or Windows 7 setup DVD and selecting “Repair” instead of “Install Windows.” Note that the Windows XP boot CD is not suitable for this purpose because its Recovery Console requires a password for the offline installation.
Step-by-Step Guide
- Boot from Windows PE or Windows RE and Access the Command Prompt
- Insert your bootable media and start your computer. Access the command prompt from the recovery options.
- Identify the Windows Installation Drive
- Find the drive letter where Windows is installed. In Vista and Windows XP, it’s usually C:, while in Windows 7, it’s often D: because the first partition contains Startup Repair. You can determine the correct drive letter by typing
C:
(orD:
) and looking for the Windows folder.
- Find the drive letter where Windows is installed. In Vista and Windows XP, it’s usually C:, while in Windows 7, it’s often D: because the first partition contains Startup Repair. You can determine the correct drive letter by typing
- Backup the Sticky Keys Executable
- To create a backup of the Sticky Keys executable (sethc.exe), use the following command (replace “c:” with the correct drive letter if necessary)
copy c:\windows\system32\sethc.exe c:\
This creates a copy of sethc.exe to restore later
- Replace Sticky Keys with Command Prompt
- Replace the Sticky Keys executable with the command prompt executable
copy /y c:\windows\system32\cmd.exe c:\windows\system32\sethc.exe
- Reboot and Access Command Prompt via Sticky Keys
- Restart your computer and boot into the Windows installation where you forgot the password. At the login screen, press the SHIFT key five times. This will open a command prompt.
- Reset the Local Account Password
- In the command prompt, type the following command to reset your local account password
net user your_user_name new_password
If you don’t know your user name, just type net user to list the available user names.
- Log In to Local Account
- Now that the local account password has been set, we can go ahead and log in.
- Restore the Original Sticky Keys Executable
- After successfully logging in with your new password, it’s advisable to restore the original Sticky Keys executable to avoid leaving your system vulnerable. Boot into Windows PE or RE again and run
copy /y c:\sethc.exe c:\windows\system32\sethc.exe
Conclusion
This method is a reliable and straightforward way to regain access to your Windows system without third-party tools or complex registry hacks. It’s a handy trick to have up your sleeve for those times when you might forget your administrator password. Remember to always keep your credentials backed up and secure.
If you have any questions or run into issues, feel free to leave a comment below or reach out for further assistance.
Leave a Reply
You must be logged in to post a comment.