Help: Avoid admin password acking

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Dear all,

We are deploying to our worldwilde customers a set of application which is
installed on an standard industrial PC (we are delivery the same PC to all
our customer).

The system need to be stable and fully functionnal 24h/day.
For that we have issue a deployement security policy which is as follow:
- Administrator user has been rename to something else
- our customers can update any program on the system
- our customers can not install any windows update
- our customers cannot coonect the PC to they company Domain Controler
- Administrator password is know only by us for maintenance purpose

With this rules in place, we have a really stable and fully tested known
environment.
This to avoid library conflict as every developer is faced on each time

Unfortunatly, we have some customer which managed to hack administrator
password either by knowing it or by resetting it.

As far as I know tools that can be found on the internet can just reset the
password, or is there some which are able to show in clear text passwords?

If this occurs, which procedure can I put it place in order to block my
application if administartor password is changed ?

thnaks helping me to solve that issue
regard
serge
 
serge said:
Dear all,

We are deploying to our worldwilde customers a set of application
which is installed on an standard industrial PC (we are delivery the
same PC to all our customer).

The system need to be stable and fully functionnal 24h/day.
For that we have issue a deployement security policy which is as
follow:
- Administrator user has been rename to something else
- our customers can update any program on the system
- our customers can not install any windows update
- our customers cannot coonect the PC to they company Domain
Controler - Administrator password is know only by us for maintenance
purpose

With this rules in place, we have a really stable and fully tested
known environment.
This to avoid library conflict as every developer is faced on each
time

Unfortunatly, we have some customer which managed to hack
administrator password either by knowing it or by resetting it.

As far as I know tools that can be found on the internet can just
reset the password, or is there some which are able to show in clear
text passwords?

If this occurs, which procedure can I put it place in order to block
my application if administartor password is changed ?
Click to expand...

I read your post as you saying that the issue is with the password to
your application and not to Windows. Obviously you know that any
operating system password can be changed by a skilled person with a
little time and physical access to the machine. You will need to
contact the developers of your application and ask them to code in the
functionality (not starting if the password isn't the expected one) you
want. This isn't a Windows issue.

Malke
 
I was in fact wondering if there was a possibility with a windows function
like script or special tips to overwrite password at startup before the login.
and of course just before security policies gets collected

I was imagininga kind of low level script which always run which will always
overwrite default admin password.

Am I saying something crazy ?
 
serge said:
I was in fact wondering if there was a possibility with a windows
function like script or special tips to overwrite password at startup
before the login. and of course just before security policies gets
collected

I was imagininga kind of low level script which always run which will
always overwrite default admin password.

Am I saying something crazy ?
Click to expand...
Again, are you referring to the password for Windows or the password for
your proprietary application? Don't you have a similar thread with lots
of answers going in another newsgroup? I seem to remember a posting
from you, perhaps in microsoft.public.security?

Malke
 
Yes I am talking about windows login not my application.
And yes also at first I have post it in another group but them thought it
was not the correct place as they are all similar
 
serge said:
Yes I am talking about windows login not my application.
And yes also at first I have post it in another group but them thought
it was not the correct place as they are all similar
Click to expand...

I think you got good answers in the other newsgroup. Multiposting is
bad. Here is a link explaining why:

http://www.blakjak.demon.co.uk/mul_crss.htm

I can't help you with startup scripts and what you are trying to do.
Since this is a business requirement, contact a local computer
professional who does scripting and pay their consulting fee. This is a
cost of doing business.

You might want to think about why your one customer is doing what they
are doing as a different approach to the problem.

Malke
 
Hi

It is a piece of cake to reset an admin password in xp/2k it takes physical access to machine and about 5 mins. can we all say LINUX BOOT DISK lol

however the only way to stop this is remove the ability to boot from anything other than the hdd which can be done in the bios and then add a bios password

job done

S
 
Back
Top