3

I'm aware of the hack where you can copy cmd.exe to the program that launches the sticky keys GUI, thereby giving you command line admin access from the Windows lock screen after pressing Shift five times.

I'm curious if there's a similar way to add a different key sequence to launch cmd.exe from the Windows lock screen using a different key sequence. This would allow an easier and quicker method of resetting a user's password, remoting into another machine, changing a text file without having to log in, etc.

Ben N
  • 42,308
user38537
  • 219

2 Answers2

1

You can change any .exe (narrator, sticky keys, magnifier)that is avaiable from a locked windows box.

I'll show you how to change the magnify.exe

You can change the magnify.exe hotkey (Winkey and +) so it will use cmd.exe with the built-in system account.

  1. You can do this with a Windows setup Media. Just download the appropriate ISO file, insert and reboot.

  2. When rebooting, press a key to access the installation.

  3. Choose to repair the computer, and press `Shift+F10' to open a command prompt.

  4. Look for the drive where Windows is installed on, by pressing C:, D: etc.

  5. When the drive is found, browse to the System32 directory by typing cd windows\system32

  6. First make a back-up of the magnify.exe in the C:\Windows directory, by typing copy magnify.exe ..

  7. Now overwrite cmd.exe with magnify.exe with the following command Copy cmd.exe magnify.exe

  8. Finally reboot the machine. and press the hotkey WindowsKey and + at the locked Windows screen to launch cmd.exe as the system account. (ability to enable/disable admin account, create new admin accounts etc.)

enter image description here

  1. To revert the Magnify.exe hotkey, run the following command from an elevated command prompt. Robocopy C:\Windows C:\Windows\System32 magnify.exe /B

  2. Now when locking again, and hitting the hotkey, you get the good old magnifier tool again: enter image description here

doenoe
  • 1,183
1

You can use an Ubuntu Live CD to make the Ease of Access Center shortcut (Win+U) open CMD instead. Under /Windows/System32, rename Utilman.exe to something else and rename/copy+rename CMD.exe to Utilman.exe.

This will let you open CMD by pressing Win+U, and it will work everywhere.

Jawa
  • 3,679
TheWanderer
  • 903