SEARCH

How-To Geek

How to Reset Your Forgotten Windows Password the Easy Way

image[2]

Forgetting your password is never any fun, but luckily there’s a really easy way to reset the password. All you need is a copy of the Windows installation disk and one simple command line trick.

Resetting Your Forgotten Windows Password

Boot off the Windows disk and select the “Repair your computer” option from the lower left-hand corner.

image

Follow through until you get to the option to open the Command Prompt, which you’ll want to select.

image

First you’ll want to type in the following command to backup the original sticky keys file:

copy c:\windows\system32\sethc.exe c:\

Then you’ll copy the command prompt executable (cmd.exe) over top of the sticky keys executable:

copy c:\windows\system32\cmd.exe c:\windows\system32\sethc.exe

image

Now you can reboot the PC.

Resetting the Password

Once you get to the login screen, hit the Shift key 5 times, and you’ll see an administrator mode command prompt.

image

Now to reset the password—just type the following command, replacing the username and password with the combination you want:

net user geek MyNewPassword

image

That’s all there is to it. Now you can login.

Of course, you’ll probably want to put the original sethc.exe file back, which you can do by rebooting into the installation CD, opening the command prompt, and copying the c:\sethc.exe file back to c:\windows\system32\sethc.exe.

Lowell Heddings, better known online as the How-To Geek, spends all his free time bringing you fresh geekery on a daily basis. You can follow him on if you'd like.

  • Published 11/1/11

Comments (66)

  1. Vrymel

    Does this work on Windows XP?

  2. Rob Mc

    This is a neat idea and I’ll hide it away in my aresenal of tools but I personally find a simple linux password reset disk the easiest of all available options. Since the SID of the Administrator password hasn’t changed since 98 (Maybe even earlier) it is also very backwards compatible.

  3. UltimatePSV

    Isn’t this also a way for someone to hack into your computer? How would you keep someone else from changing your password?

  4. Bobro

    UltimatePSV… dont let people sit at your computer un attended with a windows disk at hand…

    good documentation, could of used it about 2 mins ago, as i just had to reset a password on a laptop but i used a windows password recovery cd… all very good and quick

  5. kael

    before, i reset my password on win7 with a integrated utility in hiren’s boot disc, so rapid and so powerful.

  6. trm96

    You could use this little trick in Vista, it’s surprising Microsoft did not fix this critical flaw in Windows 7.
    BTW I used the trick on someones computer I worked on who forgot to tell me they had a password on…

  7. magnus

    “, it’s surprising Microsoft did not fix this critical flaw in Windows 7″?????

    if you take any operation system and replaces a system file with a “tweaked” on you can not hardly call that a flaw,, eh?

  8. Edward Pawlik

    Hi: Does this work on all versions of Windows 7?

    Thanks

  9. funnyarab

    The subtitle to this article really ought to be: Yet another reason to switch to GNU/Linux …

  10. Simon

    Shher genius- the number of times I have customers call me up saying “Help I’ve forgotten my password” this is so neat and simple, I love it.

  11. PELiK

    Hiren BootCD does the job faster :)

  12. Dave Araya

    Good info! I also wanted to add that there are other utilities that you can use with a graphical interface where you only need to select the User and then set a new password.

    For example: Kon Boot, and Windows Password Unlocker Professional.

  13. iam_urz

    too much work. i’ll just keep using my CD to reset the password.

  14. Matt

    I completely agree with everyone who said this is a security flaw. Whats the point in putting a password on your computer if it can be removed by anyone?

    Bobro said: dont let people sit at your computer un attended with a windows disk at hand…

    Ugh! So, what if someone steals your computer and just happens to have their own Windows disc?!

    I’m curious, does this mean that people could even access your encrypted files once they have changed your password?

    This is really really bad news.

  15. Xhi

    Three questions.
    1. Wouldn’t it be easier simply to rename the file sethc.exe oo say, sethc.old rather than copying it to C:?
    2. Can’t you do the replace (copy back or delete and rename back) while within a normal windows cmd prompt after the boot works rather than using the install disk procedure again?
    3. If you never use sticky keys anyway why not just leave it?

  16. Rick

    I need one that can by pass the extra security (ctrl+alt+delete) on windows 7 Professional 64-bit. Some cannot bypass the extra security screen. I tried Hiren Boot CD but it does not do the job.

  17. naviathan

    http://www.pogostick.net/~pnh/ntpasswd/

    This one has removed the password and unlocked accounts on every machine I’ve ever used it on. Everything from secure business machines running XP to new Windows 7 Professional systems. That includes machines requiring Ctrl+Alt+Del as well.

  18. The Geek

    Just to keep things in context, you can reset a Linux password in similar fashion, and even more easy.

    See here:
    http://www.howtogeek.com/howto/linux/reset-your-forgotten-ubuntu-password-in-2-minutes-or-less/

    And here:
    http://www.howtogeek.com/howto/linux/reset-your-ubuntu-password-easily-from-the-live-cd/

  19. bjaramil

    To keep anyone from doing this password protect your bios and disable boot from cd.

  20. John C

    @bjaramil

    Good point!!!

    I never put a password on my BIOS incase I ever get it wrong! By, i don’t have anything that sensitive to worry about anyway.

    To get Geek – great tip.

  21. Josh O

    @Matt

    In the past I have reset passwords using reset disks, not with this method, but encrypted files cannot be opened after a password reset! So I would assume that this type of password reset does not give access to encrypted files.

    Has anyone actually tried accessing encrypted files after resetting the password this way?

    I agree it is a potential security flaw, but there are other measures that can be put into place as has been pointed out – bios level security (which, of course, can also be bypassed). However, give someone time and access, and they will be able to get into your system. My solution would be to encrypt any important files and keep them behind a locked door :)

  22. Shinigamibob

    Is there a way to “bypass” the the password entirely temporarily? Like, login to the account without knowing the password or changing it?

    I ask because some of my clients believe that I’m an all knowing password guru who can get into their computer to fix things even if they don’t give me the password… I can change their password, but when they come back, the hassle is not worth it.

  23. Oldtimer88

    @ Kael and Pelik: Could you please be kind enough to provide the Hiren BootCD version and the name of the Utility you recommend?
    Many of us will appreciate that. Thanks.

  24. toad

    @Oldtimer88……….
    Google it

  25. Enduser

    Why do we copy them to c:\ ??!!

  26. keltari

    BIOS passwords are useless. Remove the CMOS battery, wait a few minutes… no more BIOS password.

  27. rich

    “one simple command line trick”
    Just to keep things in numeric context, your instructions involved 3 text commands (not counting the reversal of the initial file replacement), plus the keystroke command of Shift key times 5.

  28. Owen French

    Im Going to use this to hack into my brothers pc muhahahahaha!!!

  29. Gilbert

    What if your computer came preinstalled with windows and you don’t have the windows disc?

  30. The Unspoken

    @Shinigamibob – As far as I know there is no way to “bypass” a password and login to an account without the user knowing in some way.

    I think what you are asking is to be able to login to their account so you can update the system or load software for them? If that is the case and the network is small why not just login locally and do your administration. There is a How-To on here that shows how to enable the Administrator account. Better yet, make an account for yourself and give it administrative rights.

    If the users are experiencing problems and they are never around for you to fix them, that is a flaw in your helpdesk solution. The users need to understand that the problems will persist until they assist in resolving them (i.e., being at their computer).

    The Unspoken

  31. The Unspoken
  32. The Unspoken

    @Enduser: Wouldn’t it make sense that is where the registry is configured that when you hit shift 5 times to enable sticky keys that it would initiate that .exe. So by replacing the .exe with cmd.exe you hit shift 5 times and bingo bango your cmd prompt comes up. I don’t know if it would work somewhere else (i.e., your D:/), because like I said, sticky keys is a O/S thing and is probably driven from the registry.

  33. Az

    Nice trick! I take it, that you have to use the CD to be able to replace the file without going through the whole ‘permission’ thing in Windoww when Windows has started up fully. I wonder if this trick still works when I have disabled the stick keys (or maybe the whole Easy to Access menu) in Logon screen.

  34. George

    Hmmm… I see this as being a hack and security hole.. maybe not from a remote location though…

  35. Oz3dcgi

    From an IT professional perspective…any PC, no matter the OS, can be “hacked” if physical access is available. “Many” OS can be hacked even if networked. The only way to guarantee security of a machine is to ensure that it is physically secured and isolated (not networked).

    As to the whole “hacking”/security flaw issue is concerned, given what I siad above, it depends on what the hacker’s objective is – do they want to access the computer’s data without detection or simply access the data? Computer/data security depends on the nature of the attack, so OS becomes semi-irrelevent.

    IMHO, data encryption using recognised security tools (e.g. Bestcrypt, MS Bitlocker etc) with strong passwords are the better option.

  36. Brandon C

    Wow this was really cool I tried this on two other computers and It worked fine. Thanks so much as a computer tech this wil be very helpful.

  37. 7th sniper

    just disable your usb & dvd drive,& lock your computer, when your not at home, its that simple.

  38. jco1971136

    To those of you who insist this is a security flaw because of the fact that anyone can do it if they have access to you installation cd, KEEP your CD safe … and you’ll be safe. It amazes me how every good idea gets criticized by someone and everyone has a “better” way to do everything!

  39. me

    you can also press f8 when booting instead of using the cd

  40. Rick S

    I don’t know enough to criticize anybody but as a hobby fixer I do know a better way. lol.
    I boot in safe mode then create an administrator account and with that I remove the password then reboot and I’m in. This won’t work on Windows 7 because it is more secure.
    For Windows 7 I use Password Breaker Pro. Cost a few bucks to download and burn on a CD but it works great. Used it on Win 7 this morning. Even reading the instructions while I went it took less than a minute to get in. It uses DOS for the work around. I also use Spotmau disc and it also works great. I believe Spotmau uses Linux. There are other ways like using a live Linux CD. Ya I cheat lol.

    Oldtimer88 READ THIS. Been reading your posts and you seem like the kind of guy I would like to share this info with. I’m old too. Hahaha.

    I like doing things this way because I can’t screw up somebody’s computer this way.
    Owen French. Don’t do it! If he pays you back for lack of respect you may be without a computer till you do a reinstall.

    I give this info out so people can get their old computers running again or get somebody out of a jam.
    If you use this info for nasty stuff your computer will be cursed and it will fail you. Karma. lol.
    Darn, How am I going to look like a Guru if everybody can do it. Oh well.

  41. Brad Hoschar

    Correct me if Im wrong, But I know with XP, if you start in safe mode, and log into administrator, then just go in and delete the password from the user that ur trying to login with. Not so sure about Win 7 tho
    But, I could be wrong!

  42. Brad Hoschar

    Just saw Rick S’s post….sorry

  43. Anil

    @Oldtimer88

    use NTPWEdit from Hiren or any live boot cd. you can reset the password.

  44. Anil

    @Oldtimer88 : use NTPWEdit from Hiren Boot CD or from any Live windows cd.

    it is graphical and easy to use.

    @Shinigamibob: you can copy the sam file to some other place and reset the password, access the system and then copy back the original sam file copied earlier to revert the change.

    i mean first you have to copy the original Sam.sam file from C:\WINDOWS\SYSTEM32\CONFIG\SAM
    to any part say to your pen drive

    then reset the password of admin or user. which will allow you to acces the system.

    finally copy back the origanal SAM.sam file from your pen drive to C:\WINDOWS\SYSTEM32\CONFIG\SAM to revert the changes of password you have made. it will restore the original password of the windows.

    all the steps you have to do either from Hiren boot cd or from any of live windows cds.

    Note link for NTPWEdit: http://cdslow.webhost.ru/en/ntpwedit/index.html

    have fun.
    it took me one year to find a correct program and easy to use program to reset window password.

  45. Cliff

    Oh, NOW you tell me! I reinstalled Windows this weekend, then forgot the passsword. (Don’t know why I just didn’t use the old one again.) I tried lots of different combos of numbers, symbols, upper and lower-case letters before I finally gave up and re-reinstalled Windows. But I’ll save this for next time.

  46. Diskbox

    @ Shinigamibob: Yes. Unfortunately, or fortunately depending on your stance, it is possible to log into a Vista/Win7/Win8 machine as a user without knowing or changing their password.

  47. Anonymous

    I don’t know about you, but I prefer to do it even easier with KonBoot:

    http://www.piotrbania.com/all/kon-boot

    No command line junk to remember or files to move.

    ;-)

  48. brian

    is it not just as easy to log in as the administrator and reset password for user? that is if you keep a separate admin account?

  49. Brian T.

    When you change a password with this method (or through something like the AD Users+Groups tool, or a password reset disk, etc) encrypted files will not be accessible. Part of the key is the password and you can’t decrypt the originals to re-encrypt them without that part of the key. This is naturally assuming you are using windows encryption and not a 3rd party solution.

  50. fredneedle

    I too have used many versions of the Hiren boot disc. It is very useful and dangerous too as you can completely screw up the entire system if you are not 100% sure what you are doing.

    If you want to access an account without the password and without having to change the password, then you can just choose Konboot from the boot menu. This will remove the need to enter a password for the user account and will restore the password when you shutdown or reboot the computer. I’ve used this method succesfully on Windows XP, Vista and 7.

    If you want to change the account password then you can use Offline NT Password Changer to either remove, replace or make the user change their account password on next boot.

    All the details of what the Hiren boot disc includes and what you can use it for can be found here: http://www.hiren.info/pages/bootcd

    Als, it’s so simple to reset the password of a Linux system too as mentioned in other posts. If you have very sensitive data then consider encrypting your entire hard disk or at leat that folder or partitions which contains your sensitive information. I use truecrypt and have a hiddden partition with an entire clone of my system. That way I can give access to my machine, if required, but the other partition remains annonimous. There is a really good tutorial on the truecrypt website on how to setup and use truecrypt and hidden partitons.

    Good luck!

  51. Chris

    This might work but when you hit the repair button it will pop a screen asking for an password of one of the administrators. At least that has been my experience. That is when I use my password reset cd. As far as it being a problem when one of my customers doesn’t leave me a password to work on their system, I remove it & then put it back when they come in to pick up the pc…no big deal.

  52. dark_passenger

    @UltimatePSV: Hacking into someones computer is very easy, you don’t even need to do this to have access to his files. You can boot from a linux live cd and you will have access to all the files. Bypassing the BIOS password is very easy too. The best thing to do is create a virtual encrypted disk with truecrypt and put your important files there, and make sure you create a strong password, and nobody will ever access those files!

  53. Syed Arif

    Wow these is great idea. I will try but its works all versions of windows 7.

  54. Al Howrad

    @bjaramil

    If it’s a desktop all they would have to do to remove the BIOS password is remove the jumper to clear it out. Laptops can be removed too, but a little harder.

  55. Enduser

    @The Unspoken: thank you for explaining.

    It is supposed to work on all NT versions of windows, I’ve tested it on XP and it did work!

  56. CU

    Will this work with Windows server 2008 as well?

  57. Enduser

    @CU: yes indeed,

    The whole process in defined by replacing the sticky keys initiator (sethc.exe) with the command prompt (cmd.exe) in order to initiate the command (net user…)
    so If you can replace that initiator with the command prompt with any means the whole process will be plausible!

  58. Journeyman

    Another in which has yet to let me down is “Offline NT Password and Registy Editor”.

  59. David

    How to reset a password without a cd. Now use the your Windows disk. I thought the article said change the password without a disk.

  60. Mike

    Is there a way to search How to geek old newsletters? I missed a couple some how and want to get them?

  61. nabin

    its awesome tric i really appriciate that………………

  62. Norman

    Bob

    Be honest with your clients, you clearly are not the guru they think you are ;)

  63. Jeff

    When I tap SHIFT 5 times I get a sticky keys dialog, not a command prompt.

  64. locas

    Why it cannot work on my windows 7?
    Now I use “Windows Password Rescuer” to recover my lost password, it is efficient.
    What a pity so good free way! Though it can not help me.
    I will make this article to my bookmarks, Thanks a lot!
    Merry Christmas!

  65. Unknownshayne

    @Matt- The use of passwords are just to keep honest people a bay.
    @Josh- you are correct that password reset delete all N.T.F.S. encrypted data, as does “Net User” When used as ” net user [name of acount password to be reset] * “. This command allows you to specify the new password. With that said Once again -if the user has encrypted data you will lose this information for ever! There is a warning screen!

    Windows has a key in the registry called Image File Execution Options. This key does… stuff. One of the many things it does is allows for a per executable specific debugger. The thing is, it doesn’t actually check if the executable is actually a debugger, it just launches it instead. Malware use this key as one of the ways to launch themselves. We’re going to use it for a different purpose.
    Windows has a key in the registry called Image File Execution Options. This key does… stuff. One of the many things it does is allows for a per executable specific debugger. The thing is, it doesn’t actually check if the executable is actually a debugger, it just launches it instead. Malware use this key as one of the ways to launch themselves… Instead of copying sethc.exe-Go into regedit from the boot disk.
    Create a key under HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options. Name it sethc.exe. Under sethc.exe make a new REG_SZ (string) value, name it Debugger. Edit the value to be “C:\windows\system32\cmd.exe”.
    Any ways just my .02 cents worth..

  66. jksatya

    Thanks a lot .. It helped me.

Get Free Articles in Your Inbox!

Join 134,000 newsletter readers

Email:

Go check your email!