Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Admin Account on XP

  • 02-12-2005 6:51pm
    #1
    Registered Users, Registered Users 2 Posts: 1,647 ✭✭✭


    Need help please.....
    For reasons I wont go into now, I have banned son from computer.My user account with admin privileges has a password,(not guessed or cracked yet)and so has the default admin account(not visible on welcome screen)
    Obviously on the odd occasion when I have not logged off,or somehow anyway, he has managed to change the main admin account password(without knowing the original password, it can be done)and therefore still has access to the computer.
    Is there anyway of removing the default admin account? Or do I have to hide mouse and keyboard every time I move away from the screen?


Comments

  • Registered Users, Registered Users 2 Posts: 1,664 ✭✭✭rogue-entity


    Short answer no. You would be better off changing the main admin account password to a hard-to-crack one and then use that for your admin tasks. Then switch your normal account to Limited User. This is a safer way to work, and it is the default behavior of Unix systems, and they are known for there superior security. You should also edit your BIOS settings to prevent booting from CD or Floppys and password protect it, just in case your son gets wind of Peter Nordahls Offline Password Changer for NT (it works on XP without fail).


  • Closed Accounts Posts: 78 ✭✭pdogs


    Depending on how savvy your son is - you could install a boot manager such as XOSL(freeware) or BootIt-NG(trialware). They are obviously usually used to organise multi-booting but can also password protect booting to a single installation.

    If he is changing the password with a Linux-based boot floppy or cd there is a way to make this harder by tweaking some of the security policy settings (dont ask me which though). I thought I could change the password on any NT-based system until I recently was asked to clean up a work computer running Win2KproSP4 purchased by an employee of the Revenue Commissioners from them and for which the password had been lost. I didn't have a lot of time on my hands so in the end I just clean reinstalled a system - but I'd love to know what the settings were.


  • Registered Users, Registered Users 2 Posts: 6,949 ✭✭✭SouperComputer


    i guess it all depends on how he changed\cleared the admin account.

    Always add a couple of characters such a #*&$"^% to your password, makes it that bit harder to guess


  • Moderators, Recreation & Hobbies Moderators, Science, Health & Environment Moderators, Technology & Internet Moderators Posts: 93,596 Mod ✭✭✭✭Capt'n Midnight


    Always add a couple of characters such a #*&$"^% to your password, makes it that bit harder to guess
    IIRC there was something about unicode characters but foreign characters like áóú àòù are just converted back to aou. Also using non-us characters like £ may also increase the difficulty in cracking - but not the difficulty in bypass in the password with the reset disk. - note the € is the easiest unicode char but very predictable. And £ is also on Italian keyboards as well as UK/Irish so not that uncommon.

    http://www.microsoft.com/smallbusiness/support/articles/select_sec_passwords.mspx
    cf. the bit - ALT Code Not to Use for ALT Key Combinations


  • Closed Accounts Posts: 17,208 ✭✭✭✭aidan_walsh


    #Elite wrote:
    Take of every account. make one, full admin.
    Oh dear lord no. In a perfect world, unless you know what you're doing, you should never run a full admin account, and never all the time. Unfortunatly, its difficult to avoid doing so in Windows, since many apps grumble if you don't (especially apps that shouldn't).
    #Elite wrote:
    theres no need for accounts
    Personalised Windows settings and personalised application settings, for two wide sweeping examples.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 5,335 ✭✭✭Cake Fiend


    #Elites wrote:
    Leave him do what he wants. theres no need for accounts, when you DONT want him on, put a password on.

    Here's someone obviously used to the Windows 98 way of doing things :rolleyes:

    Once you have all your apps set up correctly, there's rarely any need to run anything as an Administrator. For the stuff you do, just right-click and use the 'Run As' option.


  • Registered Users, Registered Users 2 Posts: 1,647 ✭✭✭dragona


    Thanks to all, but haven't solved the problem yet!


  • Registered Users, Registered Users 2 Posts: 396 ✭✭ai ing


    Start - Control Panel - Administrative Tools - Computer Management - Local Users and Groups - Users

    Right Click on administrator, select properties, tick 'account is disabled' and apply. Should be ok now. I would not recommend deleting the account as it may be required in the future.


  • Registered Users, Registered Users 2 Posts: 2,800 ✭✭✭voxpop


    bios password


  • Registered Users, Registered Users 2 Posts: 7,518 ✭✭✭matrim


    on the odd occasion when I have not logged off
    You could also turn on a screen saver and have it set to "on resume password protect" to pervent him getting access like this


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 112 ✭✭quinta


    As someone has already aluded to. If he can get physical access to the system, which he clearly can, he can change the password using the Linux bootdisks/cd-roms. You could remove the cd-rom/floppy drive, or prevent the cd-rom/floppy from booting from within the BIOS and assign a strong BIOS password. All of which can of course be bypassed, but they are just additional layers.

    Are you sure therre are no additonal accounts with a SID of 500 which he may have created. I.e. more than one admin account? Whcih allows him to log in as admin whenever he wants. Check what other accounts have admin access.

    I suspect he is using the bootdisks though.

    Other solution: Using Linux or a LiveCD for web browsing.

    Or apply strict security policies.


  • Registered Users, Registered Users 2 Posts: 1,647 ✭✭✭dragona


    Thanks a million for all your replies - I am checking out all possibilities and will let you know!


  • Registered Users, Registered Users 2 Posts: 67 ✭✭Lush


    pdogs wrote:
    I thought I could change the password on any NT-based system until I recently was asked to clean up a work computer running Win2KproSP4 purchased by an employee of the Revenue Commissioners from them and for which the password had been lost. I didn't have a lot of time on my hands so in the end I just clean reinstalled a system - but I'd love to know what the settings were.

    Just for future reference, on any NT, Win2K system just delete the 'sam' file found in:

    C:\Winnt\system32\config\

    If its NTFS boot using Ghost(or any application that allows you to boot into the NTFS system) and choose the restore from file, browse to the above sam file delete it in the browse box, reboot windows, admin account password is now blank.

    Do NOT try this in XP as it will corrupt the install as it has built in security against deleting the sam file...
    :cool:


  • Registered Users, Registered Users 2 Posts: 7,606 ✭✭✭Jumpy


    Does the computer have to be left on?
    If not, set a bios boot password.
    He wont crack that.


  • Moderators, Recreation & Hobbies Moderators, Science, Health & Environment Moderators, Technology & Internet Moderators Posts: 93,596 Mod ✭✭✭✭Capt'n Midnight


    Jumpy wrote:
    Does the computer have to be left on?
    If not, set a bios boot password.
    He wont crack that.
    You'd also have to put a padlock on the case to stop him resetting it with a jumper or by removing the battery for a few minutes.


  • Registered Users, Registered Users 2 Posts: 739 ✭✭✭riptide


    dragona wrote:
    Thanks a million for all your replies - I am checking out all possibilities and will let you know!
    But a password in the bios. he'll have to have that before the pc does anything other than POST


Advertisement