Windows XP User Creation Vulnerability

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hi All,

In the following article you can find a simple and effective way to create a
user account with desired right in windows XP without having administrator
right.

http://pubs.logicalexpressions.com/Pub0009/LPMArticle.asp?ID=305

I faced this issue in a large installation with more than 200 workstations
all winXP. Is there any way to stop the users breaching the security using
this approach?

Thanks and regards
Bijan
 
In
Bijan Kianifard said:
Hi All,

In the following article you can find a simple and effective way to
create a user account with desired right in windows XP without having
administrator right.

http://pubs.logicalexpressions.com/Pub0009/LPMArticle.asp?ID=305

I faced this issue in a large installation with more than 200
workstations all winXP. Is there any way to stop the users breaching
the security using this approach?

Thanks and regards
Bijan
Click to expand...

1. Change the BIOS so it won't boot from anything but the hard drive
2. Password-protect the BIOS
3. Lock the computer chassis
 
In Bijan Kianifard had this to say:

My reply is at the bottom of your sent message:
Hi All,

In the following article you can find a simple and effective way to
create a user account with desired right in windows XP without having
administrator right.

http://pubs.logicalexpressions.com/Pub0009/LPMArticle.asp?ID=305

I faced this issue in a large installation with more than 200
workstations all winXP. Is there any way to stop the users breaching
the security using this approach?

Thanks and regards
Bijan
Click to expand...

And you don't have them BIOS protected prior to rolling them out and set to
only boot to HDD so that booting to CD won't work without the admin password
to change the boot order in the BIOS? You don't have them restricted to
limited user accounts (least privilege) so that they can't do this within
the OS? If no then no. If yes then you have nothing to worry about until
they start opening the cases and pulling the battery or using the reset
jumper. Case locks are a good thing if you can't trust your users.

--
Galen - MS MVP - Windows (Shell/User & IE)
http://dts-l.org/
http://kgiii.info/

"We approached the case, you remember, with an absolutely blank mind,
which is always an advantage. We had formed no theories. We were simply
there to observe and to draw inferences from our observations." -
Sherlock Holmes
 
It is trivial for any user that has full physical access to a computer to
get control of it. Galen and Lanwench have given you good advice on how to
minimize the threat but I would also add that you want to implement a
computer use policy that the users read and sign a copy for your records and
keep a copy for their records. Such a policy should spell out what is and
what is not allowed with spelled out consequences. Technology can not be a
solution for everything. I have also heard of users that had no physical
access to their workstation in high security environments - just long
keyboard and mouse cables. --- Steve
 
Yes is the only way and I applied it. But I'm looking for a technical
solution. How can I inform it to microsoft?

Thank you
 
Yes is the only way and I applied it. But I'm looking for a technical
solution. How can I inform it to microsoft?

Thank you
 
Yes is the only way and I applied it. But I'm looking for a technical
solution. How can I inform it to microsoft?

Thank you
 
In
Bijan Kianifard said:
Yes is the only way and I applied it. But I'm looking for a technical
solution. How can I inform it to microsoft?
Click to expand...

Microsoft is well aware that one can change the local admin password. So is
nearly everyone else on the Internet. This
is really not the issue.

What is your actual concern/issue? Access to network resources? Local
accounts don't have them. You can disable cached credentials/domain profile
caching/all sorts of things, if you're worried about this.

But remember, all security efforts are futile if you don't have good
physical security.
 
You can contact Microsoft to report a security vulnerability at the link
below.

https://s.microsoft.com/technet/security/bulletin/alertus.aspx

Having said that if you continue to allow users to be able to boot from
anything other than the system drive you are still very vulnerable to system
compromise via free utilities that can be downloaded from the internet such
as the one in the link below and note that applies to any operating system
not just Windows if the user has full physical access to the computer and
can boot from cdrom/floppy/USB, etc. Users could also simply install a
parallel operating system to access non encrypted data and operating system
files or boot from a cdrom like Bart's PE to access data and operating
system files. --- Steve

http://home.eunet.no/~pnordahl/ntpasswd/
http://www.petri.co.il/forgot_administrator_password.htm
 
Thank you Lanwench

Lanwench said:
In

Microsoft is well aware that one can change the local admin password. So is
nearly everyone else on the Internet. This
is really not the issue.

What is your actual concern/issue? Access to network resources? Local
accounts don't have them. You can disable cached credentials/domain profile
caching/all sorts of things, if you're worried about this.

But remember, all security efforts are futile if you don't have good
physical security.
Click to expand...
 
Thank you Lanwench

Lanwench said:
In

Microsoft is well aware that one can change the local admin password. So is
nearly everyone else on the Internet. This
is really not the issue.

What is your actual concern/issue? Access to network resources? Local
accounts don't have them. You can disable cached credentials/domain profile
caching/all sorts of things, if you're worried about this.

But remember, all security efforts are futile if you don't have good
physical security.
Click to expand...
 
Thank you steven

Steven L Umbach said:
You can contact Microsoft to report a security vulnerability at the link
below.

https://s.microsoft.com/technet/security/bulletin/alertus.aspx

Having said that if you continue to allow users to be able to boot from
anything other than the system drive you are still very vulnerable to system
compromise via free utilities that can be downloaded from the internet such
as the one in the link below and note that applies to any operating system
not just Windows if the user has full physical access to the computer and
can boot from cdrom/floppy/USB, etc. Users could also simply install a
parallel operating system to access non encrypted data and operating system
files or boot from a cdrom like Bart's PE to access data and operating
system files. --- Steve

http://home.eunet.no/~pnordahl/ntpasswd/
http://www.petri.co.il/forgot_administrator_password.htm
Click to expand...
 
It's pretty-much academic anyway, as if the user can boot froma CD, floppy or
USB stick there are plenty other ways to copy files off the HD- DOS with
NTFSDOS, Knoppix, Ubuntu, BartPe, etc. None of these will even take any
notice of permissions or user-passwords.
 
Back
Top