Windows 7 Security Flaw
So a lot of you out there probably want to know how to get administrator privileges on Windows 7. There will be no downloads or surveys in this method, this is NOT a scam on the web. That's what I'll be talking about here. But first of all I want to explain how this works. Windows 7 has a security flaw - it starts up with administrator permission. This 'hack' exploits that.
Are you ready? Here we go:
1. Complete shutdown. Just go to the Start Menu and press "Shut down".
2. Boot up.
3. When you see "Starting Windows", hard shutdown (hold the power button until the screen goes black).
4. When you see the screen asking you if you want to run system restore appears, choose to start system restore.
5. Wait.
6. A notification pops up asking you if you want to restore to an earlier time. Click "No" or 'Cancel".
7. Now it should say something like "Looking for additional errors..."
8. Wait.
9. It will prompt you with something like "The system has found no errors". Click "Show Details" instead of "Cancel".
10. Scroll to the bottom and click on the "Read the privacy statement offline" link. It should open a notepad document.
11. Click "File".
12. Click "Open".
13. Now there are two ways to do this, the two streams will be marked 'a' and 'b'. A is for people who want an easier method now but will have to face the wait again if they do not complete this correctly. B is for people who want to backup just in case they make a mistake, even if it does make things harder (just a tiny bit). But if you use B and someone has access to your computer (even locked), they can delete your account, create their own, and get administrator permission in less than a minute. It is definitely less secure.
14a. Right-click "cmd.exe".
15a. Click 'Run as Administrator'. If a prompt appears, click "Yes".
16a. Type in "net user" at the command line. Hit "enter".
17a. If you use domain or network accounts and there are no names under the --------- line except for Administrator (also $ysmgr sometimes) and Guest, you will have to create a new account. Type in "net user (your username here!) (your password here!) /add".
18a. Now type in "net localgroup Administrators (your new account or your old one's name here!) /add".
19a. If it says "Command Completed Successfully" then you are done. Close all windows and click "Cancel" and "Yes" to any prompts.
14b. Right-click "sethc.exe".
15b. Click "Rename" and type in "sethc.bak" or "sethc-bak.exe" or anything else.
16b. Right-click "cmd.exe".
17b. Click "Rename" and type in "sethc.exe".
18b. You have just replaced the Sticky Keys menu with the Command Prompt.
19b. Complete steps 14a-19a.
20b. Now if you find it has not worked, you can just go to the lock screen, press shift five times in quick succession, and you will have the administrator command prompt again!
21b. To undo what you did (or else some programs will not work and you will have effectively removed any means of getting to Sticky Keys), rename what is now "sethc.exe" back into "cmd.exe" and rename "sethc.bak" or "sethc-bak.exe" or whatever you renamed it to back to "sethc.exe".
Are you ready? Here we go:
1. Complete shutdown. Just go to the Start Menu and press "Shut down".
2. Boot up.
3. When you see "Starting Windows", hard shutdown (hold the power button until the screen goes black).
4. When you see the screen asking you if you want to run system restore appears, choose to start system restore.
5. Wait.
6. A notification pops up asking you if you want to restore to an earlier time. Click "No" or 'Cancel".
7. Now it should say something like "Looking for additional errors..."
8. Wait.
9. It will prompt you with something like "The system has found no errors". Click "Show Details" instead of "Cancel".
10. Scroll to the bottom and click on the "Read the privacy statement offline" link. It should open a notepad document.
11. Click "File".
12. Click "Open".
13. Now there are two ways to do this, the two streams will be marked 'a' and 'b'. A is for people who want an easier method now but will have to face the wait again if they do not complete this correctly. B is for people who want to backup just in case they make a mistake, even if it does make things harder (just a tiny bit). But if you use B and someone has access to your computer (even locked), they can delete your account, create their own, and get administrator permission in less than a minute. It is definitely less secure.
14a. Right-click "cmd.exe".
15a. Click 'Run as Administrator'. If a prompt appears, click "Yes".
16a. Type in "net user" at the command line. Hit "enter".
17a. If you use domain or network accounts and there are no names under the --------- line except for Administrator (also $ysmgr sometimes) and Guest, you will have to create a new account. Type in "net user (your username here!) (your password here!) /add".
18a. Now type in "net localgroup Administrators (your new account or your old one's name here!) /add".
19a. If it says "Command Completed Successfully" then you are done. Close all windows and click "Cancel" and "Yes" to any prompts.
14b. Right-click "sethc.exe".
15b. Click "Rename" and type in "sethc.bak" or "sethc-bak.exe" or anything else.
16b. Right-click "cmd.exe".
17b. Click "Rename" and type in "sethc.exe".
18b. You have just replaced the Sticky Keys menu with the Command Prompt.
19b. Complete steps 14a-19a.
20b. Now if you find it has not worked, you can just go to the lock screen, press shift five times in quick succession, and you will have the administrator command prompt again!
21b. To undo what you did (or else some programs will not work and you will have effectively removed any means of getting to Sticky Keys), rename what is now "sethc.exe" back into "cmd.exe" and rename "sethc.bak" or "sethc-bak.exe" or whatever you renamed it to back to "sethc.exe".
Comments
Post a Comment