I found this one something annoying.My computer has 2 accounts both are
administrator accounts and password protected.I logged in one account and
changed the password of the other account easily by using these steps..goto
control panel>performance and maintenance>administrative tools>computer
management in this computer management you can see the "local users and
groups" on left side list..click on it..you can see all the accounts under
the xp which you are using presently..right click on one account name and
there you can find "set password"..when you click on "set password" it asks
directly the new password and it doesn't ask the old password to check the
authority of the person using this xp??this is really bad!!So,easily you can
change the password of other accounts..Microsoft being such a IT leader
can't stop such a small intruder authority is something annoying me.. any
replies please???

I guess they figure if you have admin rights, you should be able to control
everything about the OS...... but I agree with you, it would be nice to have
a more fail safe check.......

"Ashik(Hyderabad)" <Ashik(Hyderabad)@discussions.microsoft.com> wrote in message
news:45633C5D-8B65-43AE-AC76-(E-Mail Removed)...
>I found this one something annoying.My computer has 2 accounts both are
> administrator accounts and password protected.I logged in one account and
> changed the password of the other account easily by using these steps..goto
> control panel>performance and maintenance>administrative tools>computer
> management in this computer management you can see the "local users and
> groups" on left side list..click on it..you can see all the accounts under
> the xp which you are using presently..right click on one account name and
> there you can find "set password"..when you click on "set password" it asks
> directly the new password and it doesn't ask the old password to check the
> authority of the person using this xp??this is really bad!!So,easily you can
> change the password of other accounts..Microsoft being such a IT leader
> can't stop such a small intruder authority is something annoying me.. any
> replies please???

Accounts that are members of the Administrators group can do anything on your
computer. If you don't want other users of your computer changing your password,
don't give them accounts that are administrators. Also, you might want to assign
a password to the built-in Administrator account. Keep in mind that if you
change a user's password in the manner you outlined above and the user encrypted
any files, those files may be lost.

While we're on the subject of account passwords, you may not be aware of this,
but there are free utilities available on the web that can be used to create a
bootable CD that will reset any password on your computer without having to boot
into Windows XP. Here's one such program.

Offline NT Password & Registry Editor
http://home.eunet.no/~pnordahl/ntpasswd/

To guard against this, you can configure your BIOS to boot from the hard drive
first and assign a BIOS password in order to start the computer.

Good luck

Nepatsfan

Guys now I found something bigger bad news..Even with the limited account
also I was able to change the password of the administrator account..so what
U say for this???

haha!!!Even with the Guest account also I was able to change the password of
an administrator????

"Ashik(Hyderabad)" <Ashik(Hyderabad)@discussions.microsoft.com> wrote in
message news:45633C5D-8B65-43AE-AC76-(E-Mail Removed)...
>I found this one something annoying.My computer has 2 accounts both are
> administrator accounts and password protected.I logged in one account and
> changed the password of the other account easily by using these
> steps..goto
> control panel>performance and maintenance>administrative tools>computer
> management in this computer management you can see the "local users and
> groups" on left side list..click on it..you can see all the accounts under
> the xp which you are using presently..right click on one account name and
> there you can find "set password"..when you click on "set password" it
> asks
> directly the new password and it doesn't ask the old password to check the
> authority of the person using this xp??this is really bad!!So,easily you
> can
> change the password of other accounts..Microsoft being such a IT leader
> can't stop such a small intruder authority is something annoying me.. any
> replies please???

So what do you think the role of an administrator is?

On of them is reseting passwords of users who have forgotten their
passwords. Clearly this is something that needs to be done without knowing
what that password was. Administrator accounts should be limited to the
minimum necessary.

"Ashik(Hyderabad)" <(E-Mail Removed)> wrote in message
news:2A6ECFA7-D7B8-4992-96F4-(E-Mail Removed)...
> Guys now I found something bigger bad news..Even with the limited account
> also I was able to change the password of the administrator account..so what
> U say for this???


I'd say you have something radically wrong with your XP installation. I don't
have a clue how it could happen or how to easily correct the problem, but a
limited account should only be able to change its own password and then only
through the Control Panel -> User Accounts applet. Also, the Guest account
shouldn't be able to change any passwords, even its own.

Just to be sure, I checked this on two XP Pro systems. Both computers exhibited
the expected behavior. Only administrative accounts were able to change other
accounts passwords.

You might want to check the group membership of your limited account. It should
be a member of the Users group.

Good luck

Nepatsfan

I had checked in more than 20 different versions in more than 100 systems in
my college computer lab and I confirm that using limited account and guest
account also U can change the any administrator password easily using the
above procedure..and U people say that one administrator is administrator for
the whole system then what is the use of being an administrator ,it would be
better to be as a partner as i'm able to change other administrator
password????This procedure of changing passwords is also there in server
2003,XP home,millennium ...I hadn't checked in vista will be looking at vista
with in 2 days...

Is there any update to prevent such intrusion????I had searched at all the
updates but could find none for such password protection..???

"Ashik(Hyderabad)" <(E-Mail Removed)> wrote in
message news:44229902-22C4-4B9B-A674-(E-Mail Removed)...
>I had checked in more than 20 different versions in more than 100 systems
>in
> my college computer lab and I confirm that using limited account and guest
> account also U can change the any administrator password easily using the
> above procedure..

The fact that your college administrator can't set up a system in a secure
manner doesn't prove diddly squat.