New Account Creation without Access to an admin account

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

We have set up a Dell PC running Windows XP Home as a Kiosk (i.e., public
PC). We set up a limited accont for guests and an Admin account for
ourselves. After few weeks we noticed that a new limited user account was
created. Is this possible without having access to an admin account? Is
there a known security issue that somebody exploited.
 
matt said:
We have set up a Dell PC running Windows XP Home as a Kiosk (i.e., public
PC). We set up a limited account for guests and an Admin account for
ourselves. After few weeks we noticed that a new limited user account was
created. Is this possible without having access to an admin account? Is
there a known security issue that somebody exploited.
Click to expand...

What was the username?
How did you secure the machine?
Have a BIOS password?
 
Thanks for your prompt reply Shenan. The username for the new account is "k"
without password. No, we do not have a BIOS Password.
 
matt said:
We have set up a Dell PC running Windows XP Home as a Kiosk
(i.e., public PC). We set up a limited account for guests and an
Admin account for ourselves. After few weeks we noticed that a
new limited user account was created. Is this possible without
having access to an admin account? Is there a known security
issue that somebody exploited.
Click to expand...

Shenan said:
What was the username?
How did you secure the machine?
Have a BIOS password?
Click to expand...
Thanks for your prompt reply Shenan. The username for the new
account is "k" without password. No, we do not have a BIOS
Password.
Click to expand...

No BIOS password?

Okay - how monitored by humans is this computer? Someone with a vested
interest in keeping it secure around all the time - watching it?

If not - 10 minutes, a little know how and someone could have the SAM file
and hack it at their leisure to get the local admin password.. Or they could
use another utility (booting from CD/floppy/USB) to change the admin
password, add a user or many, install whatever they want, elevate privs..
whatever.
 
Thanks alot. I greatly appreciate it.

Shenan Stanley said:
No BIOS password?

Okay - how monitored by humans is this computer? Someone with a vested
interest in keeping it secure around all the time - watching it?

If not - 10 minutes, a little know how and someone could have the SAM file
and hack it at their leisure to get the local admin password.. Or they could
use another utility (booting from CD/floppy/USB) to change the admin
password, add a user or many, install whatever they want, elevate privs..
whatever.
Click to expand...
 
Back
Top