Re: Stolen computer recovered but has password
- From: "Will" <DELETE_westes@xxxxxxxxxxxxxxxxxx>
- Date: Sun, 22 Jan 2006 14:04:40 -0800
Being somewhat cynical, it seems to me that a possible intent was never to
steal the computer, but instead to plant spyware on it so that they could
get at the information on that computer on an ongoing basis. They may have
originally intended to just let the computer show up mysteriously with you
being unaware of software changes to it. I would backup the data by
mounting that drive onto a different computer, then scan it for viruses and
spyware. Re-install Windows XP from scratch after formatting the drive.
Recover data but do not recover programs.
Microsoft makes it way too difficult to secure a computer properly. There
is unfortunately a long checklist of things you must do to a default install
to have it become anything approaching secure. Among these things, some of
the more important ones are:
- Turn off the Quick Switch and Welcome Screen features and instead use the
more secure ctrl+alt+del login.
- Get a USB fingerprint authentication scanner. It's a great way to secure
the computer login without having to memorize long passwords, which are also
subject to be stolen by Trojan Horse software.
- Create a quite long (14+ characters) and quite complex (numbers and !@#$%
characters in addition to spaces and alphabetic characters) password for the
administrator account and your personal account
- Use NTFS for the file system. At the root I would give Full Control to
Administrators and SYSTEM and only Read Only access to your personal
account. Make sure that same template is inherited by Program Files and
Windows subdirectories, and Windows\SYSTEM32. Make sure that Users do not
have any access at all to c:\windows\system32\config. Once they can read
that file it is game over because the SAM contains userids and passwords and
they will copy those files to another computer and then run programs to
break the passwords over a few days time. Finally, think through exactly
which directories your personal user account will need to have read-write
access to, and restrict such access to just those directories.
The above have many special cases and in general you want a computer
security expert to do the work to set up the computer for you. I am
constantly frustrated at how easy it is to break a Windows computer, even
after you have gone to great efforts to secure it. I feel your pain.
--
Will
"Mark M." <Mark M.@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:9973A519-9429-4B64-9A12-04BCA1E6679B@xxxxxxxxxxxxxxxx
> Hi;
>
> Earlier this week, I had a computer stolen from my classroom by a couple
of
> students who came into the building late in the afternoon. While the
computer
> was recovered and returned to me the next day (seems as though the
students
> had a guilty conscience and fessed up to a parent), I now have a
problem...
>
> The students deleted the existing user account that I had (which had no
> password enabled on it) and replaced it with their own, password protected
> account (called "Alpha"). Now when the computer is turned on and Windows
XP
> starts, it brings me to the main login page, which I cannot get past.
When
> asked for the password by the police, the students who took the computer
> eventually gave him a word, but it does not work (I even tried variations
in
> spelling including misspellings). The only way I can use the computer now
is
> by logging in as "Guest"
>
> My question is how can I remove this account, or at the very least, remove
> the password so that the computer is usable again?
>
> Thanks for your help (in advance).
>
> Mark M.
>
>
>
.
- Follow-Ups:
- Prev by Date: How Do You Open Network Connections as Administrator?
- Next by Date: Re: Stolen computer recovered but has password
- Previous by thread: Re: Stolen computer recovered but has password
- Next by thread: Re: Stolen computer recovered but has password
- Index(es):
Relevant Pages
|
