Found this on a friends site (which I recommend you read as he posts some great sys admin tips and tricks!)
We watched it, then tried it out, and it worked. It takes about 2 minutes to change the password on an account and gain access to any windows computer.
The basic steps:
- When your computer is booting, reset it during the splash screen
- The prompt to repair appears, durin gthe repair there is an option to show the details in Notepad.exe
- You can use it’s Open/Save dialog to rename your sethc.exe (sticky keys) and replace it with a copy of cmd.exe
- On the login, hit shift 5 times, and get a cmd.exe window
- Use the ‘net’ commands to reset a local admin password
- Login and profit.
It’s way way way too easy. Looks like the only way to secure your machine is to encrypt the entire drive so a password is required just to start the boot process.