Reset Windows 7 Passwords
If you forget the password to an account on a Windows 7 machine,
there's a simple way to reset it. All you need is the standard
Windows 7 recovery CD (the one that lets you get a command prompt
window open after booting from the CD).
So, calm down - you've got this. Before rushing through the steps,
read the next few paragraphs so that you understand WHAT you are
about to do and WHY it works the way it does. Trust me - a clear
understanding of what's going on here and how we're going to game
the system will keep your stress level down and keep you from
getting confused and making mistakes.
This approach depends on how Windows 7 deals with a little executable
named sethc.exe in the Windows\System32 directory. This is
some kind of accessibilty program in Windows, and I'm not sure
exactly what it's for. The important thing is how Windows launches
it - at the password prompt on login, hitting the shift key
five times in a row executes sethc.exe even though you're not
Windows executes sethc.exe immediately, with administrator
privileges, without checking to make sure sethc.exe is actually
the correct executable program for the accessibilty feature.
Experienced users are grinning at this point, because they
can see what's coming next.
Right beside sethc.exe in the Windows\System32 directory is
cmd.exe - the Windows command line program. This is commonly
called the DOS prompt, and when you're on the command line interface,
you can execute all kinds of interesting and useful programs that
don't use Windows-ish graphical interfaces. Things like utility
commands for setting passwords on user accounts, for example.
Tricking the system
So, we have a Windows mechanism that launches a specific program
even if you're not logged in, and we've got a command-line utility
that lets you set the password on a user account. How are we going
to put these two things together?
The Windows Recovery CD
Grab a Windows 7 recovery disk (any one will do - it doesn't
have to be one you created on your system). Configure your
machine to boot first from the CD, or figure out how to make
your machine boot from CD during the startup process. Boot from
the CD. Select the option to repair your computer, then the option
to get a command prompt.
Now, you're looking at a black window with a command-line prompt.
Your prompt will probably show some weird drive like X: instead
of the familiar C: or D: - this is because you're running Windows
(sort of, in a limited capacity) on a ramdisk instead of your
regular C: or D: drive. Here's the magic - you can make changes
on your C: or D: drive from this command line. You can copy files,
for one thing.
What's your letter?
You need to know which drive letter corresponds to your Windows
installation (the real one, not the temporary repair environment
running on drive X:). This will typically be either C: or D:,
but might be something weird like H: depending on your particular
setup. Figure out your Windows drive letter. For this article,
my assumption is that your machine is fairly generic and has
its Windows software installed on the C: drive.
Find your sethc.exe program
In the command prompt window, switch drives to the one that
contains your Windows installation. This is a very easy thing
Now, go to the Windows\System32 directory:
Look before you leap
Before you start changing things, look and see how sethc.exe
and cmd.exe are sitting side-by-side in the directory:
These commands will show you that sethc.exe and cmd.exe
are two different programs (the file sizes are different - first
What are we going to do, again?
Here's the plan - we're going to make a backup copy of sethc.exe,
replace the sethc.exe file in \Windows\System32 with
a copy of cmd.exe for a few minutes, and use the 'hit the
shift key five times at the login prompt' trick to launch
a command-line window with administrative privilege. In that
window, we're going to set the password on a user account.
After we've set the account password, we're going to restore the
correct sethc.exe file from the backup copy we made.
Got all that? Slow down, think it through, and don't proceed
until it all makes sense to you.
Back up sethc.exe
Make a copy of your original sethc.exe file. Put it somewhere
safe, like the top folder of your C: drive:
copy sethc.exe c:\
We'll use this copy to restore the correct sethc.exe file
to the Windows\System32 directory after we have solved the
problem of the forgotten password.
Replace sethc.exe with cmd.exe
Copy cmd.exe over sethc.exe, replacing the
little accessibility program with the full-blown Windows
command line interface:
copy cmd.exe sethc.exe
When asked if you want to overwrite sethc.exe, respond
After doing this, your Windows machine will now launch
the command-line interface when you hit the Shift key
five times in a row.
Take the recovery CD out of your machine, shut it down,
and boot it up normally.
Open the command-line interface
At the login prompt (you know, the one with the forgotten
password), hit the Shift key five times in a row instead
of providing a password. The command line interface window
Set the password on a user account
You've got a command line interface open with administrative
privileges - so, you can issue the command that sets the
password for a user account. Let's assume the user account
is called Fred and set Fred's password to password (he'll
change it later to something he can remember).
net user Fred password
Now, Fred can log in by typing password as his password.
What a relief!
Don't forget sethc.exe - clean up after yourself!
OK - you've solved the problem of the forgotten password,
but you're not quite done. You really don't want to leave
your machine set up to launch an administrator command line
window without even logging in, and you might actually want
to use the little accessibilty utility someday.
Put the recovery CD back in, shut down your machine, and boot
from the CD. Bring up the command prompt window like you did
Switch to your Windows drive and go to the Windows\System32
directory, just like before:
Copy sethc.exe from the backup location back into
its proper place in Windows\System32:
copy c:\sethc.exe sethc.exe
When asked if you want to overwrite sethc.exe, respond
with Yes and your sethc.exe file will be restored to
the state it was in before we undertook this effort.
Take out the recovery CD, shut down and restart your machine,
and you're good to go!
Oh - and remind Fred to change his password to something