Resetting Password on Modern Laptop with Windows 8

I just had to reset the password on a modern Windows 8 laptop and learned the following things.

First, to recogize the USB device I had to turn off Fast Boot mode in the BIOS. Then I had to turn off secure boot and choose CSM mode instead of UEFI so it would boot the MBR partition on the USB drive.

In the past I would just make a USB drive or CD with NTPasswd on it. This didn’t work because the drive uses GPT and NTPasswd does not support it.

I found a neat trick to change your password. On the Windows login screen you can press SHIFT 5 times and it will show the dialog asking if you want to enable sticky keys. Apparently this program is sethc.exe. You can replace sethc.exe with cmd.exe. Then when you press SHIFT 5 times you will get the command prompt window running as administrator and you can do what you want.

So I need to get read-write access to the drive to copy cmd.exe to sethc.exe. This can be done with a Windows rescue disk. Just open command prompt from there. Or you can boot some kind of Linux which has GPT support and NTFS read-write support.

I found this neat Linux distro called sysresccd that fits the bill: http://www.sysresccd.org/Sysresccd-manual-en_How_to_install_SystemRescueCd_on_an_USB-stick

I booted that, mounted the partition, made the change, unmounted and rebooted.

These are roughly the commands:


# Verify it picked up the partitions:
dmesg | grep sd

mkdir /mnt2

# Need to look for the partition with the windows dir

# Mount the first partition:
mount /dev/sda1 /mnt2 --options=rw
ls /mnt2
umount /mnt2

# Try the second partition:
mount /dev/sda2 /mnt2 --options=rw
ls /mnt2

# found it
cd /mnt2/windows/system32
# Make a backup copy of sethc.exe
cp sethc.exe ../../
# Overwrite sethc.exe with cmd.exe
cp cmd.exe sethc.exe
cd /
umount /mnt2
reboot

Boot into Windows again and do the SHIFT x 5 times trick. The command prompt window opens. You can then run net user Administrator NEWPASSWORD and it changes the password. Then you can login with the new password.

You should then reboot your computer into Linux again and put back the right sethc.exe or you will leave a backdoor open on your computer.

Leave a Reply