Re: Stolen computer recovered but has password

I didn't say this explicitly, and it's perhaps the most important point:
REMOVE YOUR PERSONAL ACCOUNT FROM THE ADMINISTRATOR'S GROUP.
Unfortunately, when you do this it may stop some programs from working, and
fixing those is something that can take a lot of expertise to do.
Administering the machine and installing new applications from that point on
will require a new discipline on your part that can be very difficult to
self-teach: when you need to run a program with the privileges of
administrator, you will need to depress the left Shift key and also right
click on it and execute Run As near the top of the menu. Specify the
administrator account and supply its (long) password.

Yes, it's a pain. And it can involve subtle issues about when you should
and should not run as administrator. To avoid some error message you get
on a web site, you might find yourself running Internet Explorer as
Administrator. That is almost always a huge mistake on an unknown web
site, as you can then end up installing trojans on your computer.

--
Will


"Will" <DELETE_westes@xxxxxxxxxxxxxxxxxx> wrote in message
news:H76dnSI7XKrmnEneRVn-rQ@xxxxxxxxxxxxxxx
> Being somewhat cynical, it seems to me that a possible intent was never to
> steal the computer, but instead to plant spyware on it so that they could
> get at the information on that computer on an ongoing basis. They may
have
> originally intended to just let the computer show up mysteriously with you
> being unaware of software changes to it. I would backup the data by
> mounting that drive onto a different computer, then scan it for viruses
and
> spyware. Re-install Windows XP from scratch after formatting the drive.
> Recover data but do not recover programs.
>
> Microsoft makes it way too difficult to secure a computer properly.
There
> is unfortunately a long checklist of things you must do to a default
install
> to have it become anything approaching secure. Among these things, some
of
> the more important ones are:
>
> - Turn off the Quick Switch and Welcome Screen features and instead use
the
> more secure ctrl+alt+del login.
>
> - Get a USB fingerprint authentication scanner. It's a great way to
secure
> the computer login without having to memorize long passwords, which are
also
> subject to be stolen by Trojan Horse software.
>
> - Create a quite long (14+ characters) and quite complex (numbers and
!@#$%
> characters in addition to spaces and alphabetic characters) password for
the
> administrator account and your personal account
>
> - Use NTFS for the file system. At the root I would give Full Control to
> Administrators and SYSTEM and only Read Only access to your personal
> account. Make sure that same template is inherited by Program Files and
> Windows subdirectories, and Windows\SYSTEM32. Make sure that Users do not
> have any access at all to c:\windows\system32\config. Once they can read
> that file it is game over because the SAM contains userids and passwords
and
> they will copy those files to another computer and then run programs to
> break the passwords over a few days time. Finally, think through
exactly
> which directories your personal user account will need to have read-write
> access to, and restrict such access to just those directories.
>
> The above have many special cases and in general you want a computer
> security expert to do the work to set up the computer for you. I am
> constantly frustrated at how easy it is to break a Windows computer, even
> after you have gone to great efforts to secure it. I feel your pain.
>
> --
> Will
>
>
>
> "Mark M." <Mark M.@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> news:9973A519-9429-4B64-9A12-04BCA1E6679B@xxxxxxxxxxxxxxxx
> > Hi;
> >
> > Earlier this week, I had a computer stolen from my classroom by a couple
> of
> > students who came into the building late in the afternoon. While the
> computer
> > was recovered and returned to me the next day (seems as though the
> students
> > had a guilty conscience and fessed up to a parent), I now have a
> problem...
> >
> > The students deleted the existing user account that I had (which had no
> > password enabled on it) and replaced it with their own, password
protected
> > account (called "Alpha"). Now when the computer is turned on and
Windows
> XP
> > starts, it brings me to the main login page, which I cannot get past.
> When
> > asked for the password by the police, the students who took the computer
> > eventually gave him a word, but it does not work (I even tried
variations
> in
> > spelling including misspellings). The only way I can use the computer
now
> is
> > by logging in as "Guest"
> >
> > My question is how can I remove this account, or at the very least,
remove
> > the password so that the computer is usable again?
> >
> > Thanks for your help (in advance).
> >
> > Mark M.


.

Relevant Pages