Security Flaws with XP

[Fire Spouse]

I come home tonight and the password on my computer has been changed. I
changed it this morning before I left for work. And when I get home it has
been changed by my son. He won't tell me how he bypassed the XP Home logon
screen or was able to find the password. Only says it's easy to bypass
Microsoft's logon. Where is the security hole and how do I plug it? When I
put a password on a machine I want it to mean something! I don't want a 19
year old punk to be able to bypass it at will. Some help here would be very
much appreciated.

Thanks,
Neil
(e-mail address removed)_nospam

 

[Guest]

I come home tonight and the password on my computer has been changed. I
changed it this morning before I left for work. And when I get home it has
been changed by my son. He won't tell me how he bypassed the XP Home logon
screen or was able to find the password. Only says it's easy to bypass
Microsoft's logon. Where is the security hole and how do I plug it? When I
put a password on a machine I want it to mean something! I don't want a 19
year old punk to be able to bypass it at will. Some help here would be very
much appreciated.

Thanks,
Neil
(e-mail address removed)_nospam

You can bypass the logon screen in safe mode and logon with a default admin
account (by pressing the delete key twice in safe mode)which you cannot
remove.
This is there incase you have errors loging in and need to access the
computer to correct the problem.
Other than throwing the 19 yo. out of the house I don't know how you
can stop it.

 

[Colin Nash [MVP]]

Yes it is pretty easy. There is no way to prevent someone with physical
access to a computer from hacking into it. That's really what it comes down
to. You can have all the security you want in an operating system, but
someone can just temporarily load another operating system and bypass
anything that the main OS tries to secure. Do the damage, and boot back
into the main one.

Same thing can happen with Linux, Mac... whatever, by the way This isn't
a Windows thing. That's why any serious company will keep their servers
behind heavy locked doors and monitor who goes in and out of the room.

It's not really a flaw... it's considered more to be "outside the scope of
the security features" - because there is really no way to prevent it.
(Well I guess you could use some software to encrypt the entire hard drive
but that goes beyond what home users need and are willing to pay for and it
would slow down the computer... Even then, someone could still wipe out the
computer and reinstall whatever they wanted.)

Sorry.

 

[Colin Nash [MVP]]

You can put a password on that account.

http://www.ncsu.edu/resnet/pages/passwords/xp_passwords_admin.php (follow
the instructions but ignore all the specifics about that school.)

If that's all that the kid has done, then this will prevent it. Although
like I said in my other posts, its still trivial to break through this if he
has a bit of knowledge or access to Google

 

[Bruce Chambers]

Greetings --

Did you bother to set a strong password on the built-in
Administrator account? If not, you've left the machine wide open.

Bruce Chambers
--
Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having both at once. - RAH

 

[Roger Abell]

At a cmd prompt enter
net localgroup administrators
This lists out all accounts that are admins.
Make sure that you set a new password on all of them,
including the built-in Administrator account which in
Home you access in a F8 safe mode boot.
If after this your child does this again, they a boot disk
is being used to alter the registry, but for many kids just
shutting the built-in admin door does it (if you also touch
any other admin accounts they may have subsequently
added and hidden).

 

[Shenan Stanley]

I come home tonight and the password on my computer has been changed.
I changed it this morning before I left for work. And when I get
home it has been changed by my son. He won't tell me how he bypassed
the XP Home logon screen or was able to find the password. Only says
it's easy to bypass Microsoft's logon. Where is the security hole
and how do I plug it? When I put a password on a machine I want it
to mean something! I don't want a 19 year old punk to be able to
bypass it at will. Some help here would be very much appreciated.

Physical access to the machine equals no protection. Period.

You could set a BIOS password and set it to boot only from the hard drive -
perhaps even set it to ask for a password at boot up as well as to get into
the BIOS at all, make sure all administrative level accounts on the machine
have a strong password (you have 100's of characters to play with,
uppercase, lowercase, numbers and symbols - I am sure you can come up with a
good Windows password.) If there is a way to "padlock" the computer case
closed, better do that too.

While doing the above does not make hacking into the machine impossible, it
will make it exceedingly difficult to hack into the machine without leaving
physical evidence.

 

[none]

Lock the room the computer is in.