Locked out of Windows 7

If the box has been added to a domain, then by default in the local administrators group on the Windows 7 PC, the domain admins group should be listed. Thus, anybody with domain admin rights on the network, should in effect be able to log into this machine.

If the above method doesn't work, you can always backdoor it. It takes a while and is sort of a caveman method, but this will explain how to do it. I hope I don't get in trouble for posting this.


1) Get one of THESE.

2) Remove the hard drive from the computer and hook it up to your USB.

3) Go into the drive and navigate to C:\Windows\System32

4) Find the file "sethc.exe" (makes sure your folder and search options are set to show file extensions)

5) Take ownership of the file

--a. Right-click on "sethc.exe" and click "properties"
--b. Under "properties" click on the "security" tab.
--c. Under the "security" tab, click "advanced"
--d. Next, click on the tab that says "owner" and click "edit"
--e. Find your username in the list, and select it.
--f. Click "apply" and close the file's properties
--g. Re-open the file's properties (right-click, properties) and navigate to the "security" tab
--h. Click "edit", click "add", click "advanced", click "find now"
--i. find your username (if you're not sure which one, just select all of them
--j. under the permissions, select "full control" and click "apply" (if prompted, click "yes")

Now you should have ownership of the file.
6) Create a backup of the file (name it "sethc.backup") (if prompted, click "ok" or "yes")

7) Find the file "cmd.exe"

8) Create a duplicate of the file (copy/paste into the same folder.. simply click on the file and do "ctrl+c, ctrl+v)

9) Rename the "cmd-copy.exe" to be "sethc.exe"

10) eject the hard drive from your USB and put it back into the computer you got it from

11) start up the computer. when you get to the login screen, hit the shift key 5 times (like you would to do "sticky keys").. this should bring up the command prompt. You must do this at the login screen.

12) Type "net user" and hit ENTER.. this will bring up a list of users. Find the username of the employee who is using the computer. Write it down. For the sake of this example, suppose the user account is named "kbronski". REMEMBER THIS IS JUST FOR THE EXAMPLE.

13) type "net localgroup Administrators" and hit ENTER. This will bring up a list of system administrators. Find one administrator account, and write the username down. For the sake of this example, suppose the administrator account is named "sysadmin". REMEMBER THIS IS JUST FOR THE EXAMPLE.

Now you have two options..

OPTION 1

14) type "net localgroup Administrators /add kbronski" and hit ENTER. This will add the user as an administrator.

OPTION B

14) type "net user sysadmin /newpassword" (where it says "newpassord" simply enter a desired password) and hit ENTER. This will change the password for the administrator account.

-----

15) login (either the user, who is now an admin, or the administrator account whose password you changed)

16) go to town and install whatever you need to.


=====


Disclaimer: this should not damage the functionality of the system on the drive, so don't worry about that. In order to ensure that your employee will not tamper with anything, you will want to remove the user from the administrator group when you are done (if you had added them) by opening the CMD and typing "net localgroup Administrators /remove kbronski".
Also, you will want to go into C:\Windows\System32 and remove the newly created "sethc.exe" and restore the original (change "sethc.backup" to "sethc.exe") or keep it the way it is for future maintenance. I keep mine like this in case I get locked out.
If functionality is damaged, however, I cannot be held liable. If you're unsure about what you're doing, ASK. If you're still unsure, don't do it.

Leave the domain (you may need a domain administrator to do that, since a standard user cannot join or leave a domain) and reboot. You should then have access to your local machine admin account.

I add and remove computers from domains all the time. There's no loss of data, no problems, no issues at all. You just have an admin add you to the domain, and remove you if needed. Domain policy blocks the local admin account, so that's why you couldn't access it.

Pneuma said:

I can log into the machine through my domain account but not with admin rights and thus I can not install software or change settings on the PC.

Then you are not a member of the domain admins group which would have been added to the local administrators group. That's why you need a domain admin to login, then you can use that account to add whatever user you want to the local admins group directly on the machine. A user who is in the local admins group will have the ability to install software and make changes on the PC.