Re: Encrypting Administrator's profile



Kirsten wrote:

Is there any way to encrypt (EFS or similar) the entire administrator's
profile folder (C:\Documents and Settings\Administrator) so as to prevent a
user from login in to the computer if he changes the password with a dos
utility? (CIA Commander for example).

There's no point in having domain policies if the user can login as the
administrator and do whetever he wants with the computer!

What else do you suggest? (please don't say "put a bios password" or "forbid
physical access to the computer")

Thanks a lot!

NOTE: Kirsten chose to shotgun his post to unrelated newsgroups.
Windows XP is not a server nor is it Vista. So the following newsgroups
were removed from my reply:
microsoft.public.windows.server.security
microsoft.public.windows.vista.security

If you physically allow others to share a host, they can eventually
figure out how to steal or break your login passwords. Start looking
into whole-disk or partition encryption products. I think TrueCrypt can
encrypt a partition, like the one with the OS. Or you could just use a
BIOS-enabled password and lock the case so they can't get inside to
clear the CMOS data.
.



Relevant Pages

  • Re: local admin account password
    ... There is no physical access so that is already taken care of. ... the central DB has the infdo to login with so just a matter of querying it ... > Law #3: If a bad guy has unrestricted physical access to your computer, ... A machine is only as secure as the administrator is trustworthy. ...
    (Focus-Microsoft)
  • Re: Administrator Account Locked Out
    ... Besides the Administrator account (that you don't create and cannot ... Are there kids in the house that have physical access to your computer? ... one is trying to login while you are waiting for the lockout to expire. ... To audit failed login attempts, you can enable auditing by running the ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Removing System Consoles from Fedora
    ... How does one make a login attempt without intending to? ... unauthorized persons who might otherwise have physical access to the ... How is that different when logging on to a X session? ... access to a host, how is removing console sessions going to stop me ...
    (Fedora)
  • Re: Removing System Consoles from Fedora
    ... How does one make a login attempt without intending to? ... unauthorized persons who might otherwise have physical access to the ... access to a host, how is removing console sessions going to stop me ...
    (Fedora)
  • Re: Administrator Account Locked Out
    ... Are there kids in the house that have physical access to your computer? ... and seemed to get worse long after I deleted his account. ... You may have to wait up to 30 minutes to wait for the lockout to expire. ... one is trying to login while you are waiting for the lockout to expire. ...
    (microsoft.public.windowsxp.security_admin)