Windows XP security password

[dsbam]

I have a an xp user who knows how to reboot the system and then change his xp
user settings to administrator. Is there a way to prevent this ?

 

[David B.]

If this is a business environment, the threat of unemployment might make him
behave.

 

[Leonard Grey]

Password protect the built-in Administrator account.

 

[Malke]

I have a an xp user who knows how to reboot the system and then change his
xp user settings to administrator. Is there a way to prevent this ?

Any computer running any operating system can be accessed by someone with 1)
physical access; 2) time; 3) skill; 4) tools. There are a few things you
can do to make it a bit harder though:

1. Set a password in the BIOS that must be entered before booting the
operating system. Also set the Supervisor password in the BIOS so BIOS
Setup can't be entered without it.

2. From the BIOS, change the boot order to hard drive first.

3. Set strong passwords on all accounts, including the built-in
Administrator account in XP (it is disabled by default in Vista).

4. If you leave your own account logged in, use the Windows Key + L to lock
the computer (and/or set the screensaver/power saving) when you step away
from the computer and require a password to resume.

5. Make other users Limited accounts in XP Home, regular user accounts in XP
Pro. All users should be on a Standard account in Vista with an
Administrator account only used for elevation purposes.

6. Set user permissions/restrictions:

If you have XP/Vista Home, you don't have the built-in ability to create
fine-grained limitations, so use either MVP Doug Knox's Security Console or
the MS SteadyState program to set the restrictions the way you want.
SteadyState supports Vista now.

http://www.dougknox.com
http://www.microsoft.com/windowsxp/sharedaccess/default.mspx
More on SteadyState: http://aumha.net/viewtopic.php?t=27570
SteadyState support -
http://social.microsoft.com/forums/en-US/windowssteadystate/threads/

If you have XP Pro, Media Center, Vista Business or Vista Ultimate, you can
use Group Policy to set restrictions (gpedit.msc). Be very careful using
the Group Policy editor; it is completely possible to lock yourself out.
Questions about group policy should be posted here:

microsoft.public.windows.group_policy

Vista has the Parental Controls feature which can be useful on home
computers. There are also third-party programs that can restrict what users
can do locally (installed on the computer) and Internet filtering that can
be done.

Please understand that these are technical responses to what is basically a
non-technical problem and there are ways around all of these precautions.
This is a family/interpersonal issue that can't be solved by technical
means. If this is a business, you should have written computer use rules
which include the consequences of disobeying the rules. Then carry out the
consequences if necessary.

Malke

 

[Shenan Stanley]

I have a an xp user who knows how to reboot the system and then
change his xp user settings to administrator. Is there a way to
prevent this ?

- Password protect the BIOS.
- Set it so it cannot boot from external media at all.
- Make sure all administrator-level accounts have passwords that are
considered strong.
- Padlock the machine case shut.

Beyond that - this is not a technical problem - but a social one. If an
employee - punishment of whatever sort applicable is the best . Remind
them, at this point, finding a replacement for them isn't likely too
difficult. ;-)

Other than some types of encryption (and that really probably only extends
the time and knowledge necessary), someone with physical access to a
computer and uninterrupted time can essentially do whatever they desire.