Re: hacking the logon

From: Roger Abell (mvpNOSPAM@asu.edu)
Date: 06/11/02 

From: "Roger Abell" <mvpNOSPAM@asu.edu>
Date: Mon, 10 Jun 2002 22:17:53 -0700

So leave us hanging. What was it ? 

--
Roger Abell
MVP (Windows Platform)  Associate Expert
The Expert Zone - www.microsoft.com/windowsxp/expertzone
"jared" <dresarii@hotmail.com> wrote in message
news:b94801c21044$3ee34ee0$36ef2ecf@tkmsftngxa12...
that did it. all better now.
thanks man.
i really do appreciate the help. this windows support
newsgroup was better than i had expected.
>-----Original Message-----
>Jared,
>
>OK, the confusion has cleared.  But, I have not encountered
>a system that shows this behavior.  I would speculate that
your
>system has been backdoored in some way.  You could try
scanning
>with some product like PestPatrol that looks for known vermin.
>
>Try this.  After logging in with this account that has no
name,
>open a command prompt and enter  set
>Examine the output for the values of the env vars
>USERNAME and USERPROFILE
>What is it telling you?
>
>I would then use the user management interface to examine
>the membership of the Administrators group, make sure that
>I had a couple admins accounts that I knew I could use, and
>then remove the no-name account from Administrators, if
>available to do so and possible, and then I would set a new
>password on the no-name account (again, if I could get at it)
>and then disable the account.  Since XP does not behave this
>way on its own, you would need to get to the bottom of this.
>A repair install may replace the system files that have to
have
>been hooked/altered in order for the system to behave this
way.
>
>--
>Roger Abell
>MVP (Windows Platform)  Associate Expert
>The Expert Zone - www.microsoft.com/windowsxp/expertzone
>
>"jared" <dresarii@hotmail.com> wrote in message
>news:c98201c20f20$c2fff680$3aef2ecf@TKMSFTNGXA09...
>ok, i understand what you are saying on most everything. my
>problem is within windows, not the bios, i know that much.
>i know this because it occurs at the login prompt/welcome
>screen by ctrl-alt-deleting as you had said.
>
>but i am still at square one as far as fixing this problem
>goes.
>i know exactly the following because i watched him do it.
>
>when the welcome screen came up, and he was given a choice
>of users, he hit ctrl-alt-delete, left both the username
>and password fields blank at the login prompt accessible
>through  ctrl-alt-deleting, and by doing that he logged on
>to an account with which he created new users. i assume
>this 'account' has admin rights if it can create new users.
>
>so we tweaked with winxp settings, and took the entire
>welcome screen out, so that a login promt came up instead.
>again, we left both the username and password fields blank,
>and again we logged onto this 'account' and had access to
>everything.
>
>how do i prevent this? ive downloaded all security fixes
>from windowsupdate.com, and have even searched the net for
>rogue fixes, but still we are able to access this 'account'.
>if my computer is the only one with this problem, does
>anybody have any suggestions on how to stop this?
>
>thanks-
>jared
>
>>-----Original Message-----
>>Sorry I missed the mention of Pro in first post.
>>You are saying Welcome screen, and also login prompt,
>>as if they are the same, but they are different things.
>>Since you have two boxes, I assume it is the login prompt,
>>the same one gets if you do two alt-cntrl-del at the Welcome
>>screen or if you have the Welcome screen disabled.
>>
>>None of my systems behave this way.  I can get it so that
>>I can leave the password field blank by not having a password
>>on the account, but I do have to enter a username.
>>
>>You said,
>>> 4. you are asked for your username and password before you
>>> cant continue booting.
>>If you did mean "before . . . booting" finishes, t{w)F}'F""h
rhis is
>something
>>that you set in the machine's BIOS and is not part of
Windows.
>>If you meant after booting finishes, at the Windows login
>prompt
>>then it would seem something is very "modified" in your
>install.
>>
>>--
>>Roger Abell
>>MVP (Windows Platform)  Associate Expert
>

Relevant Pages

  • Re: hacking the logon
    ... and password fields blank at the login prompt accessible ... this 'account' has admin rights if it can create new users. ... again, we left both the username and password fields blank, ... >that you set in the machine's BIOS and is not part of Windows. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: hacking the logon
    ... After logging in with this account that has no ... >MVP (Windows Platform) Associate Expert ... >and password fields blank at the login prompt accessible ... >again, we left both the username and password fields blank, ...
    (microsoft.public.windowsxp.security_admin)
  • how to set up windows xp pro as a server?
    ... want to specify users and/or groups that can log in to my Windows XP ... I created an account in the Remote Desktop User group. ... now get a login prompt as I expected. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Vulnerability in IBM Windows XP: default hidden Administrator account allows local Administrator
    ... This is common in most Pre-Installed Windows System. ... > Administrator account allows local Administrator ... IBM Systems with preinstalled Microsoft ...
    (Bugtraq)
  • [Full-Disclosure] Re: Vulnerability in IBM Windows XP: default hidden Administrator account allows l
    ... This is common in most Pre-Installed Windows System. ... > Administrator account allows local Administrator ... IBM Systems with preinstalled Microsoft ...
    (Full-Disclosure)