« Posts tagged Windows Vista

Howto: Five keystrokes to a Command Prompt from anywhere

April 15, 2009 / posted in "It's a Feature", Beta Testing, Hack, howto, Troubleshooting, Windows 7 Beta / 1 Comment

There are already a number of articles out there about this hack, but what the hell.

<Shift key><Shift key><Shift key><Shift key><Shift key>. What does this bring up on your computer? Chances are, a StickyKeys window. However, if you’re running Windows XP/Vista/7 (and possibly 2000, although I’ve never tested it), you can quickly turn this quick series of keystrokes in to a shortcut to a Command Prompt. Note that in Vista/Win7, it’s possible to get an Elevated Command Prompt (one with full Administrative privileges) from the Welcome (login) screen, or from the Secure Desktop (the faded screen you see when a User Account Control prompt appears) even if UAC is turned on.

Why?

Sure, you can get a Command Prompt in most places with a quick <Windows Key> + <R>, then cmd and <Enter>, but this doesn’t work if Explorer isn’t running, or if you’re at, say, the Welcome Screen. It’s also very handy if you’ve forgotten the password to the Administrator account on your system and need to reset it, but don’t have a copy of the NT Offline Password Editor kicking around.

How?

The process for setting this up is very simple.

From Windows:

  • Open the system32 folder
  • Take ownership of sethc.exe, and then grant yourself Full Control permissions (note: if you don’t understand this step, or don’t know how to do it, you probably shouldn’t be doing this!)
  • Rename sethc.exe to anything else (I usually choose sethc.exe.bak)
  • Copy cmd.exe, and name the copy sethc.exe.

This can also be done from the Windows Recovery Console (boot from a Windows XP install CD) or WinRE (Windows Recovery Environment – boot from either a Vista or Windows 7 DVD). From the Command Prompt in either of these, run the following commands:

  • c:
  • cd windows\system32
  • ren sethc.exe sethc.exe.bak
  • copy cmd.exe sethc.exe

Then reboot in to Windows.

Uses Explained

I typically use this for resetting passwords. When I used to work in a local computer shop, if someone forgot to tell me their Windows user password, and I couldn’t reach them by phone, I’d use this trick. Then, at the Welcome (login) screen, I could simply pull open a Command Prompt by hitting <Shift> five times, type control userpasswords2 which brings up the old-style User Accounts control panel, and then reset the users password to blank without needing the old one.

This is also handy for troubleshooting if Explorer continously crashes, or if the UserInit registry value is shot and you can’t login anymore. Just fire up a Command Prompt and open regedit from there.