Scribd
Upload
11 views2 pages

Bypass Admin Priviledges

The document describes a method to bypass admin privileges for a standard user by using Startup Repair and Notepad. It involves forcing the computer to enter Startup Repair, accessing the command prompt, and renaming system files to enable the hidden administrator account. This method allows the user to gain full control over the PC without needing an admin password.

Uploaded by

Rick Northorp
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
11 views2 pages

Bypass Admin Priviledges

The document describes a method to bypass admin privileges for a standard user by using Startup Repair and Notepad. It involves forcing the computer to enter Startup Repair, accessing the command prompt, and renaming system files to enable the hidden administrator account. This method allows the user to gain full control over the PC without needing an admin password.

Uploaded by

Rick Northorp
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 2

You can bypass admins privileges as a standard

user by just using Startup repair & Notepad?


Discussion
I did some poking around and I found a way to give a standard user with limited rights admin
privileges without the admin password or even network admin password. It involves enabling the
hidden admin via executing the command line (CMD) with admin privileges in the logon screen and it
begins with notepad. This is especially useful if your profile is heavily controlled and can't access
windows services without an Administrator password or if you want to remove a computer from a
network domain. As you may or may not know the 'Hidden Administrator' has complete control over
the PC and can override other admins, change passwords, elevate other user's privileges, etc. This is
how I did it...
1. Force shutdown the PC when the windows logo displays on startup. You can do this by
switching off from your UPS or mains power switch. (This works on desktop but I haven't been
able to confirm on a laptop.) Do this another 2-3 times until the PC launches into 'Startup
Repair' menu. (This is the only method that works as launching startup repair through
Settings>Update & Security>Recovery>Advance Startup will prompt for an admin
password when you try and access CMD)
2. When startup repair launches, click on the 'Troubleshoot' tab > Then click on the 'Advanced
Options' tab. > Then click on the 'Command Prompt' tab.
3. When command prompt opens, type 'notepad'.
4. When notepad opens, Click on the 'File' drop-down menu > Then click 'Open' > Then open
'This PC' > Then open your local drive.[It will most likely it will be Local Disk (C:) but in
startup repair, it will be moved a letter down and renamed Local Disk (D:) due to the boot drive
temporarily taking the position of Local Disk (C:)]
5. When you open your local drive open 'Windows', then open 'System32'. Ensure that it searches
for 'All Files' and not just '.txt' files. Then find the executable file called 'sethc' and rename it
the 'sethc-old'. Then find the executable file called 'cmd' and rename it to 'sethc'. ['Sethc' is the
executable for the accessibility feature called 'Sticky Keys'.]
6. Then exit Startup Repair and start the PC as normal.
7. When the logon screen appears, click the 'Ease of access' button which is to the left of the
Power button then switch ON the 'Sticky Keys' option. Then press the 'Shift' key five times
quickly and CMD should open with Administrator Privileges.
From here you can do pretty much anything if you're familiar with command line (CMD) commands.
8. If not you can enable the hidden admin account by typing net user administrator /active:yes then
give the new admin a password by typing net user administrator * then confirm the password and
voila! Close CMD and you can now login to the hidden admin account. You can access and manipulate
any account other on the PC to your will.
I wasn't sure what flair to give this post so forgive me if 'Bug' doesn't suit it.

You might also like