If you have forgotten the local administrator password, the orthodox methods approved by Microsoft requires the password reset disk, or a complete reinstallation of the OS. Sometimes the hardware manufacturer have built the factory recovery to be loaded at bios and you can use the function keys to activate. Other times if it is integrated into the Windows Repair, then you could be out of luck because access Windows Repair will require the administrator password as well.

This method uses a vulnerability in Windows 7 using the sticky key function. The idea is that the sticky key program active before user log in and thus we can use it to run the command prompt in administrator mode to reset the password. One requirement though: we will need the Windows OS installation or boot disk for this trick. Steps as follows:

Restart the computer to boot using the CD. Once the GUI loads, press SHIFT+F10 to bring up the command prompt. Using the command prompt, we will make a backup of the sticky key sethc.exe program first, and then override it with cmd.exe using the following commands.

// d: drive is actually the system drive, normally c: drive in Windows.
// But booting using the CD, it becomes some other drive letter, like d: drive.
// Hence you need to try several drive letters first. if you cannot find it at once.

// make a backup of sethc.exe
copy d:\windows\system32\sethc.exe d:\ 

// override with cmd.exe
copy d:\windows\system32\cmd.exe d:\windows\system32\sethc.exe 

Once this is done, restart the computer and let it boot up to the windows logon screen normally. At the Windows logon screen, press the SHIFT key 5 times repeatedly and the cmd.exe will run. If it does not work, use the mouse to find the accessibility icon on the bottom left and turn on the sticky key feature.

In the command prompt, we will reset the password using the following commands”

// list users
net user

// reset password with net user <username> <new-password>
net user admin Xna24iK

Now you can log in with the new password.

Remember to restore the sethc.exe from the backup to prevent others from easily changing your password!