Re: Gaining Administrator Access to Windows XP Professional SP2 Sy



"Shenan Stanley" wrote:

stephen-robertson wrote:
I downloaded software from http://ebcd.pcministry.com that allowed
me to gain Administrator access to my PC by blanking the
administrator password. I could also use this software to change
the password of any user that has a local account on the computer.
The software does this by modifying the password hashes in the SAM
hive of the registry.

I have set policies that require complex passwords, and passwords
must be at least eight characters. However, this seems to only
affect creating or setting passwords within Windows. Apparently,
these settings aren't applied when at the logon prompt, so anyone
who has physical access to the computer using this software could
gain complete access to the system.

This is a definite weakness in the Windows security model and
should be corrected. Ideally, the logon process should not allow a
user to enter a password that doesn't meet the policies set in
Local Computer Policy, even if the password is the valid password
for the account.

Shenan Stanley wrote:
Physical access + time + know-how, no matter the operating system -
is owning the machine and all non-encrypted data within fairly
easily. That's why the first rule in system security is still
physical security.

Shenan Stanley wrote:
Thought other links might interest you...

Hack your password:
http://home.eunet.no/~pnordahl/ntpasswd/bootdisk.html

Another:
http://www.thomasmathiesen.com/itak/html/software.html

LCP
http://www.lcpsoft.com/english/

John the Ripper
http://www.openwall.com/john/

L0phtCrack is/was popular as well - but I couldn't find the link
quickly (Symantec owns it.)

How to create and use a password reset disk for a computer that is
not a domain member in Windows XP
http://support.microsoft.com/kb/305478

stephen-robertson wrote:
I agree that physical security must be the first priority.
However, what happens when your laptop is stolen and someone is
then able to gain access to the system? Even if the laptop has a
BIOS password set, those are still easy to bypass. Would you want
your data at risk because Microsoft has a flawed security model? I
don't.

If you lose your laptop, leave a door unlocked, whatever - it doesn't matter
WHAT OS you have - any unencrypted data is owned if the person wants it, has
time and some know-how. *nix, MacOS, Windows - doesn't matter. If you did
not take steps beyond the logon password to protect your data from prying
eyes - and lapsed on physical security or lost your laptop/thumb
drive/whatever - then you are digging your own grave. Passwords never have
been more than a nuisance to a hacker unless they are associated with some
form of data encryption as well.

*You* have to be responsible for the safety of your data.
Encrypt it. That's pretty much the safest method these days for situation
like you describe.
Be sure you understand the encryption model you use (and how to
backup/restore the keys, certificates, etc.)
Windows XP Professional and supersets thereof has this ability built in.

--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html




I do encrypt my data, and I did not create any Designated Recovery Agent for
EFS. Otherwise, if I did lose the laptop and someone gained Administrator
access to the system, that person could then decrypt my data. Even if the
Administrator account is not a Designated Recovery Agent, someone could
simply change the passwords of every user account on the system, log in to
each one, and attempt to decrypt the data. If another user account was a
Designated Recovery Agent, eventually the encrypted data would become
accessible.

Stephen
.

Relevant Pages

  • Re: Recover encrypted file?
    ... > that she encrypt the file, which she did with the normal XP encryption ... The laptop suffered a catastrophic hardware failure and is no ... > find that I cannot decrypt that file, even logged in as administrator (I've ... > default designated recovery agent; well, ...
    (microsoft.public.windowsxp.security_admin)
  • RE: XP native encryption
    ... This is true if the Administrator had the foresight to use the cipher /R ... command to make a file recovery key and install it under the Administrator ... Subject: XP native encryption ... The first question is whether the laptop ...
    (Security-Basics)
  • RE: XP native encryption
    ... Subject: XP native encryption ... She had a friend playing around with her laptop during the ... weekend, and I have no idea why that guy went through the user accounts, ... changed the administrator password, logged in as local administrator, ...
    (Security-Basics)
  • Re: Verification of replication
    ... >>> and even to corruption of the back end data file. ... >> thought was to ask the user for the cases then filter the forms to ... make sure that the users don't log on as an administrator. ... > laptop, and allow it to be administered only when connected to the ...
    (microsoft.public.access.replication)
  • Re: Problem with sharing a printer in VISTA
    ... Or right click Add Printer Run as administrator ... This Vista print subsystem is ... re-download the Vista drivers and try again? ... quad CPU running with 4GB of ram and my laptop is running duo CPU ...
    (microsoft.public.windows.vista.print_fax_scan)