Can anyone remove an XP Admin p/w from Guest a/c?

[CJSnet]

Hi, I have a friend who recently sent their laptop to a popular
manufacturer's repair centre, with 1 Admin account set up with a password
and all their personal docs in, and 1 Guest account for the repair
technician's use.

When she received it back, the password had been *removed* from her account,
and on isolated incidents just her personal and private documents and media
had been viewed.

Would it have been possible for them to do this, perhaps with in-house
software, or just hacking some other way??

She is 100% adamant the password was set, and I am also.

 

[Tony Luxton]

If your friend hadn't set a password for the built-in Administrator account,
then the techies would've just walked straight in through the open door.

HTH Tony.

 

[Shenan Stanley]

Hi, I have a friend who recently sent their laptop to a popular
manufacturer's repair centre, with 1 Admin account set up with a
password and all their personal docs in, and 1 Guest account for
the repair technician's use.

When she received it back, the password had been *removed* from her
account, and on isolated incidents just her personal and private
documents and media had been viewed.

Would it have been possible for them to do this, perhaps with
in-house software, or just hacking some other way??

She is 100% adamant the password was set, and I am also.

Physical access + time = system ownage. No matter what password she had
set.

Also - you state your friend had one administrative level account. This is
highly unlikely - as she probably had her account and the actual
administrator account.

In Windows XP Home, you don't even know that one is there nor can you log in
by default with it except in safe mode... In Windows XP Professional, if
more than one account is created - the administrator account is hidden from
the welcome screen. Being that your friend had to send her computer off for
repair - it is highly unlikely that she knew the undeletable built-in
administrator account existed nor had she ever created a password for this
account. This means they could have just logged in as the true
administrator and done whatever they wanted.

But as I said in the beginning... It wouldn't have mattered much anyway.
Without physical security - there truly is no security. =(

 

[Gary S. Terhune]

It seems to me that it would be rare for a technician to be able to fix
something that required going to the shop without having Administrator
rights. Unless one was well-versed in what permissions would be needed and
set up the "Guest" account that way.

 

[Jupiter Jones [MVP]]

If they had unrestricted physical access, yes, probably in less than 5
minutes.
See Law #3:
http://www.microsoft.com/technet/archive/community/columns/security/essays/10imlaws.mspx?mfr=true

Private data should ALWAYS be removed before sending a computer in for
maintenance.
There is little you can do while someone else possesses your computer.

Also, Administrator access is often required when servicing a computer.

When I get a computer for service I ask for the password, if there is one,
and suggest they change it when they get the computer back.

 

[Detlev Dreyer]

Hi, I have a friend who recently sent their laptop to a popular
manufacturer's repair centre, with 1 Admin account set up with a
password and all their personal docs in,

That's very unlikely. In addition to an account with administrative
privileges there is always the "Administrator" account by default. If
she was not aware of that account, no password had been set either and
therefore, it's not a problem to access the system with administrative
privileges.

and 1 Guest account for the repair technician's use.

That doesn't make too much sense. Many or most problems can be fixed
with administrative privileges only.

When she received it back, the password had been removed from her
account,

No problem to remove passwords when logged in as *the* Administrator.

and on isolated incidents just her personal and private documents
and media had been viewed.

Where does she know. Technicians usually do not have the time to view
private documents. If she "knows" due to the last time when these files
have been accessed, this was caused by an anti-virus most likely.

She is 100% adamant the password was set, and I am also.

Regarding her account, sure. As for the Administrator account, this is
not very likely (see above).

[X-Post: 2 Groups]

 

[Malke]

Hi, I have a friend who recently sent their laptop to a popular
manufacturer's repair centre, with 1 Admin account set up with a
password and all their personal docs in, and 1 Guest account for the
repair technician's use.

When she received it back, the password had been *removed* from her
account, and on isolated incidents just her personal and private
documents and media had been viewed.

Would it have been possible for them to do this, perhaps with in-house
software, or just hacking some other way??

She is 100% adamant the password was set, and I am also.

Of course. You can't properly clean a computer without being able to get
into *all* user accounts. When I get a machine I always ask for the
passwords and then remind the client they might want to change them
after the machine is returned. Of course, I don't remember or keep
clients' passwords.

If I have a machine where the client has forgotten their password or the
one they gave me doesn't work, I say a few choice words and remove the
password.

Most techs will not bother to view personal data except as it is
necessary to fix the machine. However, you should certainly be aware
that when someone is working on a computer, particularly if the job is
cleaning up viruses and malware, the tech will need to *look* at what's
on the computer.

Malke