Re: Security issues, purchasing a new, pre-loaded, Windows XP computer

From: Mike Lyman (mlyman@west-point.org)
Date: 10/08/02


Date: Tue, 08 Oct 2002 08:13:57 -0700
From: "Mike Lyman" <mlyman@west-point.org>
To: focus-ms@securityfocus.com

On 10/7/2002 at 8:53 PM Tijl Schoonenberg wrote:
>But.. why leave all features installed on his system? i.e. uninstall IIS,

XP Home should not have IIS.

>O yes... I think you already crossed the following: the Administrator
>password is EMPTY on any just-installed system running Windows XP. At
>least
>I noticed it on some XP Corporate installations and I think it's the
>default. So the first thing to accomplish is an Admin-password ;-)

While still an issue with physical access to the computer, by default, XP
local accounts without passwords cannot be used to access a computer from
the network.

>Getting (all) other accounts out of the Administrators-group (or giving
>them good passwords) might be a job as well as I noticed that users being
>created in the install-phase are put inthere (aargh, BILL! why?? heh;

Too many app installs break when users aren't admins. Some apps break when
users aren't admins.

Mike Lyman
CISSP
mlyman@west-point.org
pgp keyid 0xD7BBADAD