Recently an AskVG reader "zydrius sMiLe" contacted me and asked me how can he remove or hide "Get help" button from Windows Explorer's Command Bar (aka Folder Band or Toolbar) in Windows 7? You can see this button present at the extreme right-side of the Command Bar in Windows Vista and Windows 7 Explorer. Once you click on it, it opens Windows Help window.
I tried to find its code using my favorite Resource Hacker tool. I first tried to look into Shell32.dll file and it was the right file luckily. I found the code and removed it. I compiled and saved the file, restarted Windows and BOOM!!! Windows crashed at login screen and I couldn't log into Desktop. Since it crashed Explorer, I also couldn't access Task Manager. I had to enter into Recovery Console and restored the default file.
I again tried many times, I tried to modify the code but each time I restarted, it crashed Windows at login screen.
Anyway that's a different story but I'm sharing it with you all because this incident gave me an interesting idea. Since I was able to reach login screen but couldn't log into Desktop, I thought that wouldn't it be great if we could get access to Command Prompt at login screen so that we can restore files or run other commands in case we are unable to log into Windows.
Actually it happens many times when Windows crashes at login screen due to corrupt or missing system files and the only way to fix this kind of problem is to restore system or repair or reinstall Windows.
So it would be really great if we can launch Command Prompt at login screen and then we'll be able to restore default system files if our modified file doesn't work properly.
I know it would be a security risk and other people can execute commands to reset password, create or remove user accounts, etc using Command Prompt at login screen but it would not be the case if you are the only user of your computer.
Now the question comes how can we access Command Prompt at login screen? Simple! By changing "Ease of Access" button action. Windows login screen contains an "Ease of Access" button present at the bottom-left corner which launches Ease of Access window to help you in making your system easier to use by enabling narrator, magnifier, etc.
Actually its target file is stored in "Windows\System32" folder with the name "utilman.exe" so if we replace this file with Command Prompt's exe file "cmd.exe", we can get access to Command Prompt at login screen by clicking on Ease of Access button.
The bonus part is that we can not only replace it with Command Prompt's exe file but we can also replace it with any other desired EXE file such as Solitaire game's exe file, MS Paint, Notepad, etc.
So we can replace it with Solitaire game and then it would not be a security risk at all and guest users who don't know the password, can pass their time by playing the game until you type the correct password for them.
So if you also want to replace Ease of Access button with your favorite program or Command Prompt, please follow these simple steps:
1. Open Windows Explorer and go to C:\Windows\System32 folder. Here C: is the system drive where Windows is installed in your system. If you installed Windows in any other partition, replace C: with the appropriate drive letter.
Alternatively you can directly open "System32" folder by running system32 command in RUN dialog box.
2. Once you open System32 folder, look for a file with the name utilman.exe. Before replacing the file, you'll need to take ownership of it.
You can take its ownership using following tutorial:
Add "Take Ownership" Option in Files and Folders Context Menu in Windows
3. After taking ownership, rename the file to some other name such as utilman_bak.exe or any other desired name.
4. Now the final step. Copy cmd.exe file from same "System32" folder and paste in same folder. Windows will create a copy of cmd.exe with the name "cmd - Copy.exe". Rename it to utilman.exe and you have done.
5. Lock or log off and when you'll click on Ease of Access button at login screen, you'll get immediate access to Command Prompt.
You can replace it with any other desired program's EXE file as mentioned above. Just copy your desired program's EXE file from its folder and paste it in System32 folder. Following screenshot shows Solitaire game running at login screen:
You can also replace original utilman.exe file with Explorer.exe file and you'll get access to your Desktop and all at login screen. ;)
If you want to restore action of Ease of Access button, simply delete new utilman.exe file and rename the backup file of utilman to its original name utilman.exe.
So which program would you like to run at login screen using this trick? Feel free to share your feedback about this tutorial in your comment...
Posted by: Vishal Gupta | Categories: Windows 7, Windows Vista
Fer
Maybe a browser, Chrome at the login screen?
Asrin475
And we can change our forget password!
Thanks VG , Best Post ...
Ramesh
Don't Try This - It makes your system vunerable.
Be Smart, Be Safe!
VG
^^ Please check 7th paragraph just below the 1st image. And if you replace it with a game, I dont think it would be a security risk at all. Replacing an unusable icon with something useful is actually a smart thing to do.
In fact if you are smart, you should definitely try this tutorial. This tutorial was created for smart and expert users.
@Fer
It might work. Not tried.
@Asrin475
True.
Someone
Can you change the button icon?
Romar
Nice post. Maybe you could also show another way to replace the utilman.exe if desktop is unavailable (e.g. Password locked/forgotten) that you can't login and u need to reset it through that trick.
VG
^^ Please dont consider it as a way to reset password, etc. It'll only work when you'll have full access to system. But if you have more than one Windows installed, you can boot into other Windows and there you can replace the file and when you'll log into the Windows which you have forgotten the password, you can reset it by launching Command Prompt or other apps.
Check following tutorial to reset or recover user password:
http://www.askvg.com/how-to-reset-recover-forgotten-windows-nt-2000-xp-2003-administrator-password/
@Someone
It can be changed by modifying system files. I think it should be present in authui.dll file.
Meena Bassem
wow, that can be really a dirty trick.i think you can do so from any linux live cd, or any live cd generally.
and then from that command you can use
control userpasswords2
and remove the password :)
lonedog
Replacing Ease of Access with the command prompt may be a nice idea, but it opens you up to one giant security risk, even if you're the only user of the computer. If someone stole the computer they'd have easy access to all your files.
Meena Bassem
i know it's a giant risk.but it seems like the easiest way to reset a windows password.
Riddle
Does anyone know of a way to completely remove the Ease of Access button, instead of changing what it does?
Riddle
Also, on removing or hiding "Get help" button from Windows Explorer's Command Bar in Windows 7, try looking in "%WinDir%\Themes\Aero\Shell\NormalColor\shellstyle.dll" in the UIFILE\1 section.
I have not tried it myself, but the 'atom(HelpButton)' section looks interesting.
VG
^^ I looked into shellstyle.dll file as well. Will try to look again whenever I get time. Regarding removing Ease of Access button, check following:
http://www.askvg.com/how-to-remove-branding-logo-and-ease-of-access-accessibility-button-from-windows-vista-and-7-login-screens/
@lonedog
If someone steals your computer, he can do anything he want. He just need to reinstall Windows or Linux and he'll have access to all of your data. Or he can attach your computer hard disk to another computer to access data.
I dont consider it as a security risk if you are the only user of your computer. Also if you replace it with a game, calculator, etc, it would not be a security risk at all even if you have more than one user.
Riddle
@VG
Thank you for the link. It worked perfectly.
VG
^^ Welcome. :)
Jens Reubsaet
Could you as well replace it with Windows Media Center or Media Player so you can listen to music if you cannot login?
Kyle
^^Good point, Jens! i've also thought about replacing it with Spotify... i rarely used WMP
VG
You can replace the file with any other exe file but each time you'll need to try yourself whether the new file is working or not.
Anixx
Very nice tutorial VG. . I think every tutorials present in this site is valuable if someone realy want to khow windows deeply. .
Just one thing to say, in windows xp we will find this file with other name. It is called ''sethc.exe'' present in system32. PLEASE check the name before using, actually i am not using xp currently.
VG
^^ Thanks for your kind words. :)
Chris
There is also a similar trick, and can be done on a machine without knowing a user password at all, essentially using a recovery disk to change the funtion of sticky keys (pressing SHIFT 5 times in sucession) to open a command prompt. This solution allows you to reset passwirds etc at the logon screen. However, the difference in this approach is that you dont have to own the machine. Very interesting indeed.
1. Boot your computer using your Windows installation disc.
2. Wait for the setup files to load, and select your language. Click Next.
3. Click the Repair your computer link on the Install Windows screen.
4. Select the operating system to repair, and note the drive letter on which the OS is installed (it is probably C: or D:). Click Next.
5. Click Command Prompt at the bottom of the list of recovery tools.
Now you need to overwrite the Sticky Keys executable with the Command Prompt executable. Sticky Keys is an accessibility feature that allows a user to tap the Shift, Ctrl, Alt, or Windows key once to achieve the same effect as holding the key down. Ordinarily, tapping Shift five times activates Sticky Keys--but with this trick, you are going to make tapping Shift five times activate the Windows Command Prompt instead.
1. In the Command Prompt window, type copy c:\windows\system32\sethc.exe c:\ and press Enter.
2. Type copy /y c:\windows\system32\cmd.exe c:\windows\system32\sethc.exe and press Enter.
3. Exit the Command Prompt and reboot the computer. At the login screen, tap Shift five times. The Command Prompt will pop up.
4. Type net user username password, replacing username with your username and password with a new password.
5. Exit the Command Prompt, and log in using your new password.
To prevent another user from exploiting the same trick to reset your password, you can restore Sticky Keys as follows:
1. Step through the instructions above to boot the PC using your Windows installation disc, open the recovery tools, and launch the Command Prompt.
2. Type copy /y c:\sethc.exe c:\windows\system32\sethc.exe and press Enter.
3. Exit the Command Prompt and reboot the computer. Pressing Shift five times will now activate Sticky Keys instead of the Command Prompt. Store your Windows installation disc in a secure location.
Rtyh-12
Even easier, you can use a Linux Live USB and just do a copy-paste, then the computer is yours... I was always under the impression that Windows passwords were pretty useless anyway...
Andreas
In which user context/account runs the program utilsman.exe or the substitute? SYSTEM account, Guest, ...? Hope that it is an account with low rights.....
seife
Hi, I have developed a sw using Matlab that access the webcam. I want to run the program at the start up and i can use it my face as a password. How can i do this?