Re: Please help : Adminstrator password consistancy ????

From: Steven L Umbach (n9rou_at_n0-spam-for-me-comcast.net)
Date: 09/03/04 

Date: Fri, 03 Sep 2004 20:06:38 GMT

There is no Group Policy able to do such. Group Policy only works within the
operating system. Someone booting from a floppy or cdrom would be working "outside"
of the operating system. Enabling restrictions to boot media or having a computer
case that locks access to the computer floppy/cdrom drives is the only way to offer
some protection against such an attack. If you password protect cmos settings, a
authorized user that needs access to change the cmos settings to boot from a floppy
or cdrom could do so and then change settings back when done. About your comment
about users having access to everything - realize that applies only to that computer
and not the domain unless they have access to domain controllers which must be
physically secured to some degree as should servers even if it means just a sturdy
case that locks access to the inside and drives but ideally would be in a locked room
or cage. --- Steve

"serge calderara" <sergecalderara@discussions.microsoft.com> wrote in message
news:BFCF3A25-7AFD-4515-98E6-A966995A935D@microsoft.com...
> As previous post, prevent boot floppy from bios could be a way but, we have
> some backuip and restore procedure which needs to use booting from floppy.
> But anyway thos software which reset administrative password, some are using
> boot floppy but some other a simple boot CD. So if we use Bios locking that
> is a bit enoying for handling ghost backup and restore procedure...
>
> I was thinking on a solution, inside group policy or local security, or some
> scripting stuff which could force back proper user rights..
>
> Could it be possible ?
>
> regards
> serge
>
> "Steven L Umbach" wrote:
>
>> In the computers cmos settings that are available during the boot sequence usually
>> by
>> holding down delete or such, configure the computer to boot only from the hard
>> drive.
>> Then password protect the cmos settings. Users may still be able to reset the
>> password by removing the cover of the computer and unplugging the battery or using
>> a
>> jumper to reset cmos settings to default so try to use cases that lock access to
>> the
>> inside of the computer. If you are in a domain you can use the Group Policy
>> computer
>> configuration "restricted groups" feature at the Organizational Unit level to
>> enforce
>> domain computers local group membership for computers in that OU. --- Steve
>>
>>
>> "serge calderara" <sergecalderara@discussions.microsoft.com> wrote in message
>> news:0085362A-0ADB-444D-BB0C-D864BCB1B87D@microsoft.com...
>> > Dear all,
>> >
>> > Actually we are setting up some standard office workstation with Windows
>> > 2000 pro.
>> > We have setup there different user profile with appropriate rights.
>> > We keep for out IT team the Administrator password..
>> >
>> > As you may know it exist some software (a single boot floppy) that can reset
>> > the administrator password , and then final users will have access to
>> > everything and our IT tema start to do the police on non stable system due to
>> > some system settings changes.
>> >
>> > Is there a way to avoid that the administrator password is discovered ?
>> >
>> > Thnaks for your help
>> > regards
>> >
>> > Serge
>>
>>
>>

Relevant Pages

  • Re: installation problems
    ... RH 9 had trashed my Linux partition and rendered my PC unbootable. ... >you can create the floppy from and can be created on a differnet ... >on the CD as the floppy boot image. ... and since flash drives seem to be listed in /proc as scsi devices, ...
    (comp.os.linux.misc)
  • Re: xPC boot-up from hard drive
    ... The boot floppy was certainly easier... ... It's slow to boot up (and dependent on a floppy disk), ... All in all it means that using xPC Embedded Option with a "normal" PC ...
    (comp.soft-sys.matlab)
  • Re: re boot problem after replacing hard drive
    ... "mikec" wrote: ... It was one of the options available to me when floppy booted up. ... choice between windows xp and fastdetect. ... Firstly the good news, the boot floppy worked, yes I make good boot floppies ...
    (microsoft.public.windowsxp.general)
  • Re: How can I completely wipe my entire system and do a fresh install
    ... Search for floppy image on web site. ... Boot with XP CD. ... >:> to partition and format your drive. ... > Go back to Normal Mode and install SP2 from a CD. ...
    (microsoft.public.windowsxp.general)
  • RE: XP Install Using PXE/Imaging.
    ... You say you can't boot from the CDROM drive, so I suggest getting a USB hub, ... Boot from floppy, run NIC drivers so you can put the machine on the ... Put 2.5" HDD back into desktop and install XP. ...
    (microsoft.public.windowsxp.setup_deployment)