Re: Password protect PC

mendi1mendi wrote:

I have a password on the Office PC, for bootup, screensaver, etc via my
user account.

I just found out, that there's a website, www.loginrecovery.com, whereby
one dowloads a program onto a floppy or CD.

You then insert this disk into the PC, boot it up and it copies the
windows encrypted file which contains all the info about all user accounts
on that PC and shuts it back down so no one is aware that someone tampered
with this PC.

You then upload the info to that website and via email they send you back
withing 2 business days all the user names, passwords. If you need it
rush, they'll send it back withing 10 mintues for 10 Euros. (Looks like
they're in Europe.)

Is there any protection, software or hardware against such hackers?

Any computer running any operating system can be accessed by someone with 1)
physical access; 2) time; 3) skill; 4) tools. There are a few things you
can do to make it a bit harder though:

1. Set a password in the BIOS that must be entered before booting the
operating system. Also set the Supervisor password in the BIOS so BIOS
Setup can't be entered without it.
2. From the BIOS, change the boot order to hard drive first.
3. Set strong passwords on all accounts, including the built-in
Administrator account.
4. If you leave your own account logged in, use the Windows Key + L to lock
the computer (and/or set the screensaver/power saving) when you step away
from the computer and require a password to resume.
5. Make other users Limited accounts.
6. Keep your operating system and major applications patched.
7. Use the computer in a safe, secure, careful way if it is important to
keep the data on that machine uncompromised.

The really important part of the first paragraph is *access*. That is why
mission/security-critical servers are kept locked, in locked rooms, with
precise security as to who can access them.

Malke
--
MS-MVP Windows Shell/User
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic"
.

Relevant Pages

  • Re: Help Me Understand User Accounts
    ... When you log off and log back in as the limited user you'll be able to ... you'll need to set up a new email account (under the new ... limited user account) the same as you had before, ... Administrator accounts are the default type of account ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Windows Service Account
    ... you can use the find IIDentity to the user to give folder permissions ... The OP does not need to find which user account is running the Windows ... Local System account has mighty ...
    (microsoft.public.dotnet.general)
  • Re: DC Temporarily Off-line, Remaining DC Struggling
    ... suspects this issue is related to the account and roaming profile. ... Please make sure all user accounts are replicated to win2k3 DC. ... Does this issue only occurs if the user account uses ...
    (microsoft.public.windows.server.active_directory)
  • Re: Logoff / Slow Bootups / Outlook attachements / Outlook Not res
    ... When you logon the problematic user account on the good user's computer, ... Microsoft CSS Online Newsgroup Support ... This newsgroup only focuses on SBS technical issues. ...
    (microsoft.public.windows.server.sbs)
  • Copying user profile from one user account to another user account on the same conputer --&#
    ... When I tried to copy the user profile of one administrator user account ... "Make the folder private". ...
    (microsoft.public.windowsxp.setup_deployment)