change admin password

[Javier]

Hi

I've seen many utility tools to change or crack the local administrator
password for a server(Stand Along) or pc in a domain. Is this a
vulnerability with most of the windows OS or is it just a Microsoft design
to access a computer or server in the case the password has been forgotten.?

I searched KB and found nothing related to this issue.

Thank You.

 

[Danny Sanders]

Most of these utilities are Linux based which would lead one to believe they
were made to work on Linux.

I think someone through experimenting found out it works on Windows also.

hth
DDS W 2k MVP MCSE

 

[Matthew Kitchin]

You can do that with almost any OS. If you get physical access to where the
password is stored, there are ways you can manipulate it.

 

[Steven L Umbach]

This is a vulnerability to any operating system and requires physical access
to a computer. Note that if an attacker gets physical access to a computer
they do not need the administrator password anyhow to access any data that
has not been encrypted. An attacker could put the hard drive in another
computer or boot from an alternate operating system which could be burned on
a DVD. Even encrypted data can be vulnerable if the user's private key used
for encryption is on the computer particularly if the user has a weak
password. You might find the link below interesting - the Ten Immutable
Laws of Computer Security. Even though it was written by a Microsoft guy it
applies to all operating systems. --- Steve

http://www.microsoft.com/technet/archive/community/columns/security/essays/10imlaws.mspx

 

[Wolf Kirchmeir]

Most of these utilities are Linux based which would lead one to believe they
were made to work on Linux.

I think someone through experimenting found out it works on Windows also.

hth
DDS W 2k MVP MCSE

They're Linux-based because you can boot a small Linux kernel from a
floppy and then run programs. Just like DOS, in that respect. Linux
writers have wriiten soiftware to read and write to NTFS file systems,
which makes it relatively easy to fins the passowrd and deal with it. As
Mathhew K notes, that can be done with any OS, so long as the file
system can be read and written.

Passwords protect only in the sense that a lock on your front door
protects: it slows down access, and makes it too much of a hassle for
many who would otherwise cheerfully come in and take your stuff.

 

[Wolf Kirchmeir]

Steven L Umbach wrote:
[...] You might find the link below interesting - the Ten Immutable

Laws of Computer Security. Even though it was written by a Microsoft guy it
applies to all operating systems. --- Steve

http://www.microsoft.com/technet/archive/community/columns/security/essays/10imlaws.mspx

Very interesting, and well said.