Re: Automatic Logon: Recovery Console Password

---

• From: "Dave Stoecker" <david_stoecker@xxxxxxxxxxxxxxxxx>
• Date: Mon, 11 Apr 2005 10:40:59 -0500

---

My own extreme paranoia would say no way, but as law #3 of the "10 Immutable
Laws of Security" states...

"If a bad guy has unrestricted physical access to your computer, it's
not your computer anymore"

http://www.microsoft.com/technet/archive/community/columns/security/essays/10imlaws.mspx

So your machine is locked up, which is good. Don't know whether you
"installed" the RC or would have to load it from the setup disk as needed.
Without some special software & hardware on the server, it would be
impossible to get into the RC remotely, so...

Depends on your assessment of the risk of enabling that versus the risk of
not having the correct password in a pinch.

DS

"StudioTwo" <studio_two@xxxxxxxxxxx> wrote in message
news:%234m3oeqPFHA.3988@xxxxxxxxxxxxxxxxxxxxxxx
> Hello,
> I only just realised that the "Recovery Console" Password is NOT
> neccesarily the same as the Domain Administrator Password. I believe it is
> set during installation and from then on, remains unchanged (even if the
> Domain Admin password is subsequently changed).
>
> Bearing this in mind, I quickly followed the instructions here:
> http://support.microsoft.com/kb/239803 and synchronised both passwords.
> Presumably, I would have been unable to use the "Recovery Console"
> (despite having created my ERD) had I not known the password. Potentially,
> very embarrasing.
>
> I also noticed this artice: "How to enable an administrator to log on
> automatically in Recovery Console":
> http://support.microsoft.com/kb/312149
> My server is housed within a locked cabinet and I must say, I am tempted
> to go down this route. I assume that (in order to exploit this) anyone "up
> to no good" would need physical access to the server). Is this
> configuration recommended?
>
> Thanks for any guidance,
> Stephen
>


.

---

• References:
  • Automatic Logon: Recovery Console Password
    • From: StudioTwo

• Prev by Date: DNS
• Next by Date: I think it may be a virus...
• Previous by thread: Automatic Logon: Recovery Console Password
• Next by thread: Enabling VPN Connection Changes DNS Settings On Server
• Index(es):
  • Date
  • Thread

---

Relevant Pages [Full-Disclosure] RE: Disabling Cached Logon Credentials ... Even with physical access you want to do what you have ... physical server only to change the admin password and do some hack (i.e. ... >Subject: Disabling Cached Logon Credentials ... (Full-Disclosure) [Full-Disclosure] RE: Disabling Cached Logon Credentials ... Even with physical access you want to do what you have to, ... Subject: Disabling Cached Logon Credentials ... Disabling cached logon credentials is on virtually every server ... (Full-Disclosure) RE: Disabling Cached Logon Credentials ... Even with physical access you want to do what you have to, ... Subject: Disabling Cached Logon Credentials ... Disabling cached logon credentials is on virtually every server ... (Focus-Microsoft) Re: Help on Administrative pasword security ... For those resetting tools to work, user would need a physical access to the ... protect physical access to your servers. ... password I can simply use to e.g. install key logger on your server so that ... (microsoft.public.win2000.security)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > BackOffice  > microsoft.public.backoffice.smallbiz2000  > 2005-04