5

Local computer with Windows 7 Professional was connected to domain XXX.local. I switched it to local group YYY.

After reboot I have one account ZZZ with no admin rights. When I try to open UAC or other settings that require Administrator account it fails. Windows prompt window opens but I assume that it cannot find administrator account and it doesnt show password prompt and button Yes is disabled.

When I check users that are in this computer there is Administrator (disabled) and ZZZ. I cannot turn on Administrator account or change ZZZ group because I cannot run it because it requires Administrator rights :)

What can I do to grant user ZZZ administrator rights?

papryk
  • 53
  • 1
  • 5
  • Your computer had no local Administrator enabled when it was joined to domain, and now that you dis-joined it, you also removed Domain Admin rights from your computer. However, you can [enable your local Administrator account through registry](https://www.howtogeek.com/75470/how-to-enable-the-hidden-windows-7-admin-account-using-the-registry/) (a bootable media is needed). – NetwOrchestration May 02 '17 at 09:45
  • Just download the Windows 7 ISO instead of Windows 10 otherwise the process is identical – Ramhound May 02 '17 at 12:00

1 Answers1

7

There are a few ways you can go here.

1. Rejoin domain

If you can rejoin the pc back to the domain, you can then use an account with domain credentials to give ZZZ administrative rights.

2. Reinstall windows

An obvious answer is to wipe everything and start over.

3. Hack your way into the system

It is possible to hack your windows system and grant your user administrative rights. In order to do this, you will need to boot using a windows installation medium. This can be windows 7 or windows 10.

From the setup, open a command window (SHIFT-F10) and execute the following command:

copy c:\windows\system32\sethc.exe c:\windows\system32\sethc.exe~
copy c:\windows\system32\cmd.exe c:\windows\system32\sethc.exe

Reboot your computer and make sure you end up at the logon screen. If it automatically logs you in, log out first.

Now press shift 5 times to open a command prompt.

From here, you can use the following command to gain administrative privileges:

net localgroup administrators ZZZ /add

From here you can also reset your password or create a new user.

Don't forget to boot back into the windows setup and execute the following commands from a command window:

copy c:\windows\system32\sethc.exe~ c:\windows\system32\sethc.exe

This will restore the sticky keys functionality and patch the security vulnerability we created.

EDIT: Just to clarify, this only works for windows 7. Windows 8 and 10 have different methods that works nearly the same but this specific instructionset on option 3 will not work.

LPChip
  • 59,229
  • 10
  • 98
  • 140