Re: Password protect PC
- From: "Doug Knox MS-MVP" <dknox@xxxxxxxx>
- Date: Mon, 17 Jul 2006 13:20:08 -0400
And there's always the utility to blow away the administrator password, or any other user password.
--
Doug Knox, MS-MVP Windows Media Center\Windows Powered Smart Display\Security
Win 95/98/Me/XP Tweaks and Fixes
http://www.dougknox.com
--------------------------------
Per user Group Policy Restrictions for XP Home and XP Pro
http://www.dougknox.com/xp/utils/xp_securityconsole.htm
--------------------------------
Please reply only to the newsgroup so all may benefit.
Unsolicited e-mail is not answered.
"Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:QMGdnexZjMNmOCfZnZ2dnUVZ_vKdnZ2d@xxxxxxxxxxxxxx
Yes you need to use strong passwords and also disable storage of lm hash on.
next password change. Try disabling storage of lm hash and then create three
user accounts. Use passwords of 10, 12, and 15 characters mixed with
uppercase, lowercase, numeric, and other character seen on the keyboard. Now
submit again and let us know how they did. I would be extremely surprised if
they cracked all three passwords. Environments that can support smart card
logon would also mitigate such a problem for password cracking. Note that
what you describe has been available for a long time with freely available
password cracking tools and that anyone that has full physical access to
your computer, as Malke says also, can access all your unencrypted data
anyhow.
I could boot your computer from Bart's PE or such and copy your data files
or boot from my Ghost floppy and image your hard drive. So your best option
is to physically secure your computer to the needed degree or at least the
hard drive. There are removable trays for hard drives and you could take
your's with you or lock it in a safe when you are not around. Encryption of
sensitive data [such as EFS in XP Pro] is also a possible security procedure
though encryption has it's own set of problems such as the legitimate user
being denied access to their own data if best practices are not used or a
false sense of security if the encryption keys are not safeguarded or
implemented correctly or complexities of sharing encrypted data. --- Steve
"mendi1mendi" <mendi1mendi@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:26722AB3-7ACD-47C6-857C-53F46BD19AF5@xxxxxxxxxxxxxxxx
I have a password on the Office PC, for bootup, screensaver, etc via my
user
account.
I just found out, that there's a website, www.loginrecovery.com, whereby
one
dowloads a program onto a floppy or CD.
You then insert this disk into the PC, boot it up and it copies the
windows
encrypted file which contains all the info about all user accounts on that
PC
and shuts it back down so no one is aware that someone tampered with this
PC.
You then upload the info to that website and via email they send you back
withing 2 business days all the user names, passwords. If you need it
rush,
they'll send it back withing 10 mintues for 10 Euros. (Looks like they're
in
Europe.)
Is there any protection, software or hardware against such hackers?
I need this ASAP.
Thanks
- Follow-Ups:
- Re: Password protect PC
- From: Steven L Umbach
- Re: Password protect PC
- References:
- Re: Password protect PC
- From: Steven L Umbach
- Re: Password protect PC
- Prev by Date: Re: Windows XP Logon Error
- Next by Date: Re: Blue star in taskbar; pop up on logging in
- Previous by thread: Re: Password protect PC
- Next by thread: Re: Password protect PC
- Index(es):
Relevant Pages
|
