By-pass security settings on a standalone computer

Thread view:

Enable EMail Alerts

Start New Thread

Thread rating:

lagomorph - 30 Jul 2005 08:30 GMT

Cheers mate!

Unfortunately I couldn't do it within my shift time. (without removin
access to the other admin account).
I did mention the the boss about being able to do things if there wa
physical access, and I think he took it well.
He's asked me to come in next time the IT guy is onsite to 'watch'.

Unfortunately, I'm still up for buying drinks for everyone at the nex
function.

Regards,
Lagomorph.

Doug Knox MS-MVP Wrote:

> Any computer security is only as good as physical access to th
> machine.
>
> If your computers support booting from floppy and/or CD, there is a =
> freely available utility that will allow you to change/remove the =
> Administrator password on the computer. Once that's done, you can lo
> =
> in on the Administrator account and make any changes you desire. Now
> =
> changing or removing the Admin password does remove access for the =
> person who would normally use it (since they don't know there is no =
> password, or what it was changed to), but that's a minor point.
>
> There are other utilities such as Bart's PE, that will give you simila
> =
> capabilities, if you know what you're doing.
>
> http://home.eunet.no/~pnordahl/ntpasswd/editor.html
>
> In order to prevent this, you need to remove the ability to boot fro
> =
> floppy and/or CD in the BIOS, set a BIOS Setup password and ensure tha
> =
> the physical case cannot be opened (see the computer's manual for =
> reseting the BIOS's CMOS settings to default).
>
> If you're successful, you can buy me a couple of beers and a bi
> honkin' =
> steak next time you're in the Boston area. :-)
>
> --=20
> Doug Knox, MS-MVP Windows Media Center\Windows Powered Smart =
> Display\Security
> Win 95/98/Me/XP Tweaks and Fixes
> http://www.dougknox.com
> --------------------------------
> Per user Group Policy Restrictions for XP Home and XP Pro
> http://www.dougknox.com/xp/utils/xp_securityconsole.htm
> --------------------------------
> Please reply only to the newsgroup so all may benefit.
> Unsolicited e-mail is not answered.
> =20
> "lagomorph" lagomorph.1sxz1r@pcbanter.net wrote in message =
> news:lagomorph.1sxz1r@pcbanter.net...-
> =20
> My boss was in the office while I was slagging the IT guy for doing a
> poor job setting up the network & systems.
> I got pulled up to explain what I thought was wrong with the setup
> To
> cut a long story short, my boss made a bet with me that I can't break
> into the stand alone computer by the end of my shift (9hrs). If I do
> by-pass the admin security he'll pay for a meal and discuss the
> possibility of working with the IT guy to make sure that everythin
> is
> good, if not I've gotta buy drinks for everyone at the next work
> function (all night).
> =20
> Problem: Computer running Windows XP Pro.
> Conditions: Create a new user account (admin) without removing access
> the the current admin account. Must use resources from the office or
> internet.
> =20
> Any suggestions?
> =20
> =20
> --=20
> lagomorph

--
lagomorph

Reply to this Message

Leythos - 30 Jul 2005 16:26 GMT

> Cheers mate!
>
[quoted text clipped - 6 lines]
> Unfortunately, I'm still up for buying drinks for everyone at the next
> function.

All you needed to do as bring in a bootable CD, boot from the CD (of
your own making) and you can access files on the drive. Creating an
account is meaningless, it's the data that matters. You could also bring
in a bootable small hard drive, attach it the IDE cable, boot from it,
and then leave a large I_WAS_HERE file in the root of the old drive,
replace everything, and you're done. If you really wanted to be funny,
while you've got your drive installed, copy a key logger program to the
start-up folder for all users and then you've got all their
user/passwords.

Signature

spam999free@rrohio.com
remove 999 in order to email me

Reply to this Message