New Account Creation without Access to an admin account

G

Guest

We have set up a Dell PC running Windows XP Home as a Kiosk (i.e., public
PC). We set up a limited accont for guests and an Admin account for
ourselves. After few weeks we noticed that a new limited user account was
created. Is this possible without having access to an admin account? Is
there a known security issue that somebody exploited.
 
S

Shenan Stanley

matt said:
We have set up a Dell PC running Windows XP Home as a Kiosk (i.e., public
PC). We set up a limited account for guests and an Admin account for
ourselves. After few weeks we noticed that a new limited user account was
created. Is this possible without having access to an admin account? Is
there a known security issue that somebody exploited.
Click to expand...

What was the username?
How did you secure the machine?
Have a BIOS password?
 
G

Guest

Thanks for your prompt reply Shenan. The username for the new account is "k"
without password. No, we do not have a BIOS Password.
 
S

Shenan Stanley

matt said:
We have set up a Dell PC running Windows XP Home as a Kiosk
(i.e., public PC). We set up a limited account for guests and an
Admin account for ourselves. After few weeks we noticed that a
new limited user account was created. Is this possible without
having access to an admin account? Is there a known security
issue that somebody exploited.
Click to expand...

Shenan said:
What was the username?
How did you secure the machine?
Have a BIOS password?
Click to expand...
Thanks for your prompt reply Shenan. The username for the new
account is "k" without password. No, we do not have a BIOS
Password.
Click to expand...

No BIOS password?

Okay - how monitored by humans is this computer? Someone with a vested
interest in keeping it secure around all the time - watching it?

If not - 10 minutes, a little know how and someone could have the SAM file
and hack it at their leisure to get the local admin password.. Or they could
use another utility (booting from CD/floppy/USB) to change the admin
password, add a user or many, install whatever they want, elevate privs..
whatever.
 
G

Guest

Thanks alot. I greatly appreciate it.

Shenan Stanley said:
No BIOS password?

Okay - how monitored by humans is this computer? Someone with a vested
interest in keeping it secure around all the time - watching it?

If not - 10 minutes, a little know how and someone could have the SAM file
and hack it at their leisure to get the local admin password.. Or they could
use another utility (booting from CD/floppy/USB) to change the admin
password, add a user or many, install whatever they want, elevate privs..
whatever.
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Admin Account without Admin Rights? 3
delete admin account without password 5
Lost Admin Account 1
Create an new admin account 1
admin account locked out by limited account 5
Very strange admin account rename issue 3
restoring Admin account to XP 4
Windows XPAdministrator Account 5

Top