Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Setch.exe Trick. Password Change in Windows 8/8.1 Hit and Miss

  • Please log in to reply
No replies to this topic

#1 thavionhawk


  • Members
  • 1 posts
  • Gender:Male
  • Location:Corvallis, OR
  • Local time:02:24 PM

Posted 26 November 2013 - 02:56 PM

Many of you may have used or heard about this trick. By replacing Setch.exe (The Sticky Keys Executable) in C:\Windows\System32\ with a renamed CMD.exe (Command Executable) all one has to do to run an Elevated Command Prompt is hit the shift key a few times at the Windows Login Page. From there it's a simple case of running (Net User "User Name" "Password") to change a User's password.


Now there are ways to stop this from working. The simplest is to set the system to disable Sticky Keys so that hitting shift does nothing thus blocking the load of the Setch.exe. The second and in the past not really practical or possible for most users is to setup the computer in a Domain so that a Domain Server handles the User Accounts and Passwords. Given that very few people actually care about Sticky Keys and that only Pro, Ultimate and Server level Windows distributions have really ever had Domain Access Capabilities it's been easy sailing as the Setch.exe trick just worked.


I can report that it still works in Windows 8/8.1 as ever though still stoppable via the aforementioned limitations but for one new hitch. Domain Access is enabled on a low level the moment a Windows 8/8.1 system is setup  MS Account. If the computer has only been configured with Local User Accounts then there is no change what so ever, but with an MS account you will be given a Permissions Error if you try and change a password this way.


The short of this is simple. If you're trying to be more secure then there is actually something to be gained from setting up Windows 8/8.1 with a MS account. The problem for most though is that if you forget your Password then you're more or less boned.


There is only one way I know of that can get access to a Windows 8/8.1 system to at least recover a missing password in this case and that is to use a tool like Ophcrack. That tool does work on Windows 8/8.1 with MS accounts, but just like with older versions of Windows a good long password will take a long time to crack if at all and may need large (Multy Gigabyte) Rainbow Tables to even have a chance of cracking.


The end of this is simply that all though one can still use the Setch.exe trick to do many things, "Net User" may nolonger be a viable option.



BC AdBot (Login to Remove)


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users