Bypass Windows PasswordBy Dag, on December 30th, 2016
I usually use Kon-Boot, PCUnlocker(much preferred, works awesome for both local and MS accounts) and other tools to bypass passwords, whatever is fastest for the computer I'm working with. But sometimes almost nothing works because of weird BIOS or just unavailability, and I'm left with manipulating sticky keys. You simply find a windows based install medium and boot from it. On the first screen I press shift+F10 to open CMD. This bypasses any password checking that you get if you try recovery mode on 8 or 10.
Then navigate to c:\Windows\System32\ and do the following:
C:\WINDOWS\system32> ren sethc.exe sethc_bak.exe C:\WINDOWS\system32> copy cmd.exe sethc.exe
After rebooting into the OS, you can now press shift 5 times and get up CMD with administrative access. To reset a users password, do this and press enter twice to confirm empty password:
C:\WINDOWS\system32> net user myuser *
After you're into your system again, you can change back the filenames to remove the backdoor you just created. Note that this will only work for local accounts. The easiest way to convert an MS account to an offline account is to activate the administrator account first, and do it the normal way.
After a reboot you can now log in as the administrator. Turn it off again afterwards with
C:\WINDOWS\system32> net user administrator /active:yes