Re: local users and groups

From: Torgeir Bakken \(MVP\) (Torgeir.Bakken-spam_at_hydro.com)
Date: 07/07/04 

Date: Wed, 07 Jul 2004 18:08:53 +0200

administrator wrote:

> we had a user who was an admin of the local machine
> we then made him a power user and reset the admin password
> he has now made himself an admin again and removed dom admins from the admin group
> how was he able to do only being a power user?
> is it possible he has some sort of hidden account? how and where would this be?
Hi

It is very easy to reset the local Administrator password
with one of the methods mentioned here (using a bootable
CD or diskette):

http://securityadmin.info/noframes/faqget.asp#password

http://www.petri.co.il/forgot_administrator_password.htm

To avoid this in the future, set the boot order in the BIOS to boot
on the hard disk first, and you will also need to password protect
the BIOS (to stop the user from changing the boot order back).

If possible, you should also lock the computer chassis so stop the
user from temporary move the hard disk over to another computer
and reset the password there.

Locking the computer chassis will also stop the user from resetting
the BIOS with dip switches (if this is supported on the computer)
or removing the battery so the BIOS is reset (this will at least
work on some computers). 

-- 
torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and an ONLINE version of
the 1328 page Scripting Guide:
http://www.microsoft.com/technet/community/scriptcenter/default.mspx

Relevant Pages

  • Re: HP Pavilion ZE4600 Power on Password
    ... >with a power on password and drivelock password. ... I went into the BIOS ... Is there any way to reset this password, ... >ahold of the admin password, or short out the password chip, resetting ...
    (alt.computer.security)
  • Re: Administrator Password Help
    ... >an Administrator acount to control uploads and downloads. ... If that is 'an' Admin account, ie a user one with Admin status, this is ... and you can select any user account and Reset Password ...
    (microsoft.public.windowsxp.basics)
  • Re: security loophole question
    ... >>my brother seems to somehow be able to reset my BIOS password on boot, ... >>know) he seems to find some way of turning on the administrator account ... you have access to the admin account directly. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: PLEASE Help with Admin logon on W2k Pro Home PC
    ... option to reset the administrator password. ... The tech at the shop never logged on as admin. ...
    (microsoft.public.win2000.general)
  • Re: Unable to reset Administrator Password
    ... Log onto the hidden Administrator account through Safe Mode and reset ... > you attempt to reset the admin password. ...
    (microsoft.public.windowsxp.help_and_support)