Serious Security & Administrative issue most people don't know about!!!!

[Guest]

After you install "Windows XP Home Edition" (and possibly the "XP Professional Edition") and you change the Administration name to your own Log on name the Administration Log on is still there but does not show up any more unless you restart in "Safe Mode". That means there is a higher level Administration log on then your new log on (it can change things on all other Aministration level names) that isn't even password protected until you give it one. I have not seen any kind of warning about this from Microsoft anywhere. This is a security issue that is very serious!!!!!!!! Kids out there that find this out are likely to create there own administraion names and then delete them so parents don't know they have access to anything they want to do on the computer or the internet!!!!!!!!
Hope that Microsoft and parents read this before kids or anyone that shouldn't have access to full rights on XP computers do.

There is no warning that the Default Administrator account still exists after your change the default Administration account to another name. It appears that your new account is the only Administrative level account, but the default Administrator account is still there, but only if you restart in "Safe Mode". The fact is there is no warning about the Default account still being there and Micrsoft should get the word out AND fix this problem

I should explain what happened so that it is better understood what I mean.

When I install Windows XP Home Edition I do not add a password until I have added all the Microsoft updates and the software I have to. That makes the install faster not having to log on. I did not create a new Administrative Account. I changed the Default Administrative Account's name, then added a password. This left no other account showing on the log on screen. I found the Administrator Account when I had a problem that caused me to end up in safe mode.
When I logged on to this Administrator Account it didn't need a password and could change things on the Account I had a password on. I logged on to my normal account name while in safe mode and tried to do things to the Administrator Account and found that my normal User Account didn't have the same rights over the Administrator Account even though it had full Administrative control.

Clearly this is a serious security issue since most people would not end up in the safe mode with how stable XP is. People trying to find ways around having a Limited User Account could use this access point. I also wonder if it is possible a hacker could log on with this Administrator Account from the internet. I have read security adviseries that say you should change any accounts that have the name Administrator to a different name since hackers will try to use that name.
Is it possible for a hacker to gain access to this Account even though it is only available in safe mode

This is something that should be changed


Just tried something with this serious Security Issue to see if I could do what I thought could be done. I went into safe mode and logged on under this Default Administrator Account and created a new User account with Administrative Rights. Then I logged on as the new name under a normal start up. I then deleted the password for my main User Account I normally use.

Anyone out there that has kids using what is supposed to be a safe Limited User Account on a computer could be letting them do anything they want and not even know it. The kids could add there own password to this Default Administrator Account and then create as many Full Admin accounts they want or delete the existing administrative accounts that the parents are using or delete the password it had and look at anything the parents have that is supposed to be safe from the kids prying eyes.

 

[Kelly]

This has already been posted here.

After you install "Windows XP Home Edition" (and possibly the "XP

Professional Edition") and you change the Administration name to your own
Log on name the Administration Log on is still there but does not show up
any more unless you restart in "Safe Mode". That means there is a higher
level Administration log on then your new log on (it can change things on
all other Aministration level names) that isn't even password protected
until you give it one. I have not seen any kind of warning about this from
Microsoft anywhere. This is a security issue that is very serious!!!!!!!!
Kids out there that find this out are likely to create there own
administraion names and then delete them so parents don't know they have
access to anything they want to do on the computer or the internet!!!!!!!!

Hope that Microsoft and parents read this before kids or anyone that

shouldn't have access to full rights on XP computers do.

There is no warning that the Default Administrator account still

exists after your change the default Administration account to another name.
It appears that your new account is the only Administrative level account,
but the default Administrator account is still there, but only if you
restart in "Safe Mode". The fact is there is no warning about the Default
account still being there and Micrsoft should get the word out AND fix this
problem.

I should explain what happened so that it is better understood what I mean.

When I install Windows XP Home Edition I do not add a password until

I have added all the Microsoft updates and the software I have to. That
makes the install faster not having to log on. I did not create a new
Administrative Account. I changed the Default Administrative Account's name,
then added a password. This left no other account showing on the log on
screen. I found the Administrator Account when I had a problem that caused
me to end up in safe mode.

When I logged on to this Administrator Account it didn't need a

password and could change things on the Account I had a password on. I
logged on to my normal account name while in safe mode and tried to do
things to the Administrator Account and found that my normal User Account
didn't have the same rights over the Administrator Account even though it
had full Administrative control.

Clearly this is a serious security issue since most people would not

end up in the safe mode with how stable XP is. People trying to find ways
around having a Limited User Account could use this access point. I also
wonder if it is possible a hacker could log on with this Administrator
Account from the internet. I have read security adviseries that say you
should change any accounts that have the name Administrator to a different
name since hackers will try to use that name.

Is it possible for a hacker to gain access to this Account

even though it is only available in safe mode?

This is something that should be changed.


Just tried something with this serious Security Issue to see if I could

do what I thought could be done. I went into safe mode and logged on under
this Default Administrator Account and created a new User account with
Administrative Rights. Then I logged on as the new name under a normal start
up. I then deleted the password for my main User Account I normally use.

Anyone out there that has kids using what is supposed to be a safe

Limited User Account on a computer could be letting them do anything they
want and not even know it. The kids could add there own password to this
Default Administrator Account and then create as many Full Admin accounts
they want or delete the existing administrative accounts that the parents
are using or delete the password it had and look at anything the parents
have that is supposed to be safe from the kids prying eyes.

 

[Spinner]

It is not a bug or a security issue.
It's by design. The administrative account is there in case you lock
yourself out of your own account, or your profile becomes corrupted and you
cannot log on. XP Home is not meant to be a high security OS, it's designed
for the home user. If you have children who tamper with the computer, you
put them over your knee and use what god gave you on the end of your arm. If
you want a secure OS, upgrade to the Pro version. As to this issue in Pro,
when installing the Pro version you are prompted to enter the admin
password, if you fail to assign one, either then or later after installing
your updates, then that is a failure on your end and not the OS. If you
bother to read the messages in this group, you would see that the admin
account has been critical in more then one instance to allow a home user to
get back on their computer after forgetting their password.

After you install "Windows XP Home Edition" (and possibly the "XP

Professional Edition") and you change the Administration name to your own
Log on name the Administration Log on is still there but does not show up
any more unless you restart in "Safe Mode". That means there is a higher
level Administration log on then your new log on (it can change things on
all other Aministration level names) that isn't even password protected
until you give it one. I have not seen any kind of warning about this from
Microsoft anywhere. This is a security issue that is very serious!!!!!!!!
Kids out there that find this out are likely to create there own
administraion names and then delete them so parents don't know they have
access to anything they want to do on the computer or the internet!!!!!!!!

Hope that Microsoft and parents read this before kids or anyone that

shouldn't have access to full rights on XP computers do.

There is no warning that the Default Administrator account still

exists after your change the default Administration account to another name.
It appears that your new account is the only Administrative level account,
but the default Administrator account is still there, but only if you
restart in "Safe Mode". The fact is there is no warning about the Default
account still being there and Micrsoft should get the word out AND fix this
problem.

I should explain what happened so that it is better understood what I mean.

When I install Windows XP Home Edition I do not add a password until

I have added all the Microsoft updates and the software I have to. That
makes the install faster not having to log on. I did not create a new
Administrative Account. I changed the Default Administrative Account's name,
then added a password. This left no other account showing on the log on
screen. I found the Administrator Account when I had a problem that caused
me to end up in safe mode.

When I logged on to this Administrator Account it didn't need a

password and could change things on the Account I had a password on. I
logged on to my normal account name while in safe mode and tried to do
things to the Administrator Account and found that my normal User Account
didn't have the same rights over the Administrator Account even though it
had full Administrative control.

Clearly this is a serious security issue since most people would not

end up in the safe mode with how stable XP is. People trying to find ways
around having a Limited User Account could use this access point. I also
wonder if it is possible a hacker could log on with this Administrator
Account from the internet. I have read security adviseries that say you
should change any accounts that have the name Administrator to a different
name since hackers will try to use that name.

Is it possible for a hacker to gain access to this Account

even though it is only available in safe mode?

This is something that should be changed.


Just tried something with this serious Security Issue to see if I could

do what I thought could be done. I went into safe mode and logged on under
this Default Administrator Account and created a new User account with
Administrative Rights. Then I logged on as the new name under a normal start
up. I then deleted the password for my main User Account I normally use.

Anyone out there that has kids using what is supposed to be a safe

Limited User Account on a computer could be letting them do anything they
want and not even know it. The kids could add there own password to this
Default Administrator Account and then create as many Full Admin accounts
they want or delete the existing administrative accounts that the parents
are using or delete the password it had and look at anything the parents
have that is supposed to be safe from the kids prying eyes.

 

[Richard Urban]

That is an issue. But I would imagine that "most" people who install Windows
XP, in a secure atmosphere (read corporations, business's etc) will enter a
name and password during the installation. If they do, the account you are
talking about is protected with that password.

--
Regards:

Richard Urban

aka Crusty (-: Old B@stard

After you install "Windows XP Home Edition" (and possibly the "XP

Professional Edition") and you change the Administration name to your own
Log on name the Administration Log on is still there but does not show up
any more unless you restart in "Safe Mode". That means there is a higher
level Administration log on then your new log on (it can change things on
all other Aministration level names) that isn't even password protected
until you give it one. I have not seen any kind of warning about this from
Microsoft anywhere. This is a security issue that is very serious!!!!!!!!
Kids out there that find this out are likely to create there own
administraion names and then delete them so parents don't know they have
access to anything they want to do on the computer or the internet!!!!!!!!

Hope that Microsoft and parents read this before kids or anyone that

shouldn't have access to full rights on XP computers do.

There is no warning that the Default Administrator account still

exists after your change the default Administration account to another name.
It appears that your new account is the only Administrative level account,
but the default Administrator account is still there, but only if you
restart in "Safe Mode". The fact is there is no warning about the Default
account still being there and Micrsoft should get the word out AND fix this
problem.

I should explain what happened so that it is better understood what I mean.

When I install Windows XP Home Edition I do not add a password until

I have added all the Microsoft updates and the software I have to. That
makes the install faster not having to log on. I did not create a new
Administrative Account. I changed the Default Administrative Account's name,
then added a password. This left no other account showing on the log on
screen. I found the Administrator Account when I had a problem that caused
me to end up in safe mode.

When I logged on to this Administrator Account it didn't need a

password and could change things on the Account I had a password on. I
logged on to my normal account name while in safe mode and tried to do
things to the Administrator Account and found that my normal User Account
didn't have the same rights over the Administrator Account even though it
had full Administrative control.

Clearly this is a serious security issue since most people would not

end up in the safe mode with how stable XP is. People trying to find ways
around having a Limited User Account could use this access point. I also
wonder if it is possible a hacker could log on with this Administrator
Account from the internet. I have read security adviseries that say you
should change any accounts that have the name Administrator to a different
name since hackers will try to use that name.

Is it possible for a hacker to gain access to this Account

even though it is only available in safe mode?

This is something that should be changed.


Just tried something with this serious Security Issue to see if I could

do what I thought could be done. I went into safe mode and logged on under
this Default Administrator Account and created a new User account with
Administrative Rights. Then I logged on as the new name under a normal start
up. I then deleted the password for my main User Account I normally use.

Anyone out there that has kids using what is supposed to be a safe

Limited User Account on a computer could be letting them do anything they
want and not even know it. The kids could add there own password to this
Default Administrator Account and then create as many Full Admin accounts
they want or delete the existing administrative accounts that the parents
are using or delete the password it had and look at anything the parents
have that is supposed to be safe from the kids prying eyes.

 

[xe77]

The Administrator account in Windows XP Home Edition is
disabled when the computer is in Normal Mode.

You can confirm this:
From the Welcome Screen press CTRL+ALT+DEL twice.
Type Administrator in the User name field.
Windows prompts you that the account is disabled.

When in Safe Mode, networking is not loaded so a threat of
attack is very minimal.

It is vert sad if you consider your Kids such a security
threat to yourself. They have just as much ability to
look at personal stuff in your own home, but they don't
necessarily. It is the responsibility of the parents to
teach their children the right of privacy. Hence this is
called Windows xp "Home Edition".

-----Original Message-----
After you install "Windows XP Home Edition" (and possibly

the "XP Professional Edition") and you change the
Administration name to your own Log on name the
Administration Log on is still there but does not show up
any more unless you restart in "Safe Mode". That means
there is a higher level Administration log on then your
new log on (it can change things on all other
Aministration level names) that isn't even password
protected until you give it one. I have not seen any kind
of warning about this from Microsoft anywhere. This is a
security issue that is very serious!!!!!!!! Kids out there
that find this out are likely to create there own
administraion names and then delete them so parents don't
know they have access to anything they want to do on the
computer or the internet!!!!!!!!

Hope that Microsoft and parents read this before kids

or anyone that shouldn't have access to full rights on XP
computers do.

There is no warning that the Default Administrator

account still exists after your change the default
Administration account to another name. It appears that
your new account is the only Administrative level account,
but the default Administrator account is still there, but
only if you restart in "Safe Mode". The fact is there is
no warning about the Default account still being there and
Micrsoft should get the word out AND fix this problem.

I should explain what happened so that it is better understood what I mean.

When I install Windows XP Home Edition I do not add

a password until I have added all the Microsoft updates
and the software I have to. That makes the install faster
not having to log on. I did not create a new
Administrative Account. I changed the Default
Administrative Account's name, then added a password. This
left no other account showing on the log on screen. I
found the Administrator Account when I had a problem that
caused me to end up in safe mode.

When I logged on to this Administrator Account it

didn't need a password and could change things on the
Account I had a password on. I logged on to my normal
account name while in safe mode and tried to do things to
the Administrator Account and found that my normal User
Account didn't have the same rights over the Administrator
Account even though it had full Administrative control.

Clearly this is a serious security issue since most

people would not end up in the safe mode with how stable
XP is. People trying to find ways around having a Limited
User Account could use this access point. I also wonder if
it is possible a hacker could log on with this
Administrator Account from the internet. I have read
security adviseries that say you should change any
accounts that have the name Administrator to a different
name since hackers will try to use that name.

Is it possible for a hacker to gain access

to this Account even though it is only available in safe
mode?

This is something that should be changed.


Just tried something with this serious Security Issue

to see if I could do what I thought could be done. I went
into safe mode and logged on under this Default
Administrator Account and created a new User account with
Administrative Rights. Then I logged on as the new name
under a normal start up. I then deleted the password for
my main User Account I normally use.

Anyone out there that has kids using what is supposed

to be a safe Limited User Account on a computer could be
letting them do anything they want and not even know it.
The kids could add there own password to this Default
Administrator Account and then create as many Full Admin
accounts they want or delete the existing administrative
accounts that the parents are using or delete the password
it had and look at anything the parents have that is
supposed to be safe from the kids prying eyes.

 

[Bruce Chambers]

Greetings --

Your clear failure to learn how to use the operating system of
your choice is _not_ a "security issue." It's a simple case of
PEBCAK.

Bruce Chambers

--
Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH


prying eyes.

 

[Jim Slager]

It is not a bug or a security issue.
It's by design. The administrative account is there in case you lock
yourself out of your own account, or your profile becomes corrupted
and you cannot log on.

I can understand the problem. If MS ships 150 million OSes a year and 1% of
users forget their password then there are 1.5 million people trying to call
MS or Computer Mfts and complain. How do you protect people from
themselves? I guess that anyone who knows a little of what they are doing
and who wants to be secure can set Admin password. For the others, well
what can they expect?

 

[Bruce Chambers]

Greetings --

Part of the problem is that people cannot, nor should they ever,
be protected from themselves. Government, corporate, and/or
institutional coddling isn't something that will ever be desirable.

Bruce Chambers

--
Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH

 

[Jim Slager]

Part of the problem is that people cannot, nor should they ever,

be protected from themselves. Government, corporate, and/or
institutional coddling isn't something that will ever be desirable.

Bruce Chambers

True! I think that it is also true that the OSes which people usually point
out as being superior to windows (and many of them are) have never been
subjected to the mass of computer illiterate users that windows has been.
What if one of them shipped 150 million units some year and 1% of the users
forgot their password?

 

[Alex Nichol]

I can understand the problem. If MS ships 150 million OSes a year and 1% of
users forget their password then there are 1.5 million people trying to call
MS or Computer Mfts and complain. How do you protect people from
themselves? I guess that anyone who knows a little of what they are doing
and who wants to be secure can set Admin password.

I think this is why the Administrator account is hidden in Home. So it
is not like a business situation where you have to have strong defence
against disaffected employees, more a matter of having a reserve to deal
with thoughtless casual use and consequent damage

 

[Guest]

Wonder how many of the people leaving messages for this message are parents, probably none. I am not a parent but I understand that parents out there probably dodn't know that there is an Administrator account in Safe Mode set without a password by default and have been made to believe that they have full control over the computer by how safe Microsoft has made the XP Home Edition seem. People understand that the XP Pro Edition is safer then the XP Home in ways like encryption etc. So many people think they have a safe OS and are unaware of this problem

The kids that use the computer more and discover things like this are able to log onto this Default Safe Mode Administrator account set without a password that there is no warning about in the XP HOME EDITION (NOT EVEN IN THE MANUAL, or even XP for Dummies) and they can create their own user account with administrative access that they can use to log on in normal mode. They can then delete the same account making the parents unaware that they had access, or delete their parents password or account locking them out entirely. I for one think that the lack of information about thie problem makes it a Serious Security & Administrative issue!!!

 

[Bruce Chambers]

Greetings --

Just sounds like exceedingly irresponsible parents, to me. What
alleged adult in his/her right mind turns children loose on a computer
and the Internet without first learning how to safe guard those
children?


Bruce Chambers
--
Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH

 

[Guest]

Having a safe OS is what XP is supposed to be about but not telling the installer about this security issue during install so that it costs Microsoft less time and money helping people that corrupt their main account isn't right. :

Kids are supposed to be safe using the limmited user accounts. Parents wouldn't know that a 8 year old is able to add an administrative account and surf the web like the adults and delete the account without them knowing.

 

[Spinner]

Your argument does not hold water.
If a kid is smart enough to go into safe mode, create accounts and then
delete them afterward to hide his tracks, your not going to keep him out of
any OS, period.
When it's possible to download floppies or iso images that can allow you to
boot the computer and gain complete control, regardless of passwords, how do
you intend to keep them out? The short answer is, your not going to. If you
have a child who is that sneaky and underhanded, then it's the parents fault
for letting them have access to the computer in the first place. It's always
been a standard practice, the ONLY way to fully secure a computer is to
remove it from a network and restrict PHYSICAL access to it. If that means
putting it in a room and locking the door, so be it. Any parent who lets an
8 year old have unsupervised access to a computer and the internet has no
right to even be a parent and should not even be allowed to own a computer
in the first place.

Having a safe OS is what XP is supposed to be about but not telling the

installer about this security issue during install so that it costs
Microsoft less time and money helping people that corrupt their main account
isn't right.

Kids are supposed to be safe using the limmited user accounts. Parents

wouldn't know that a 8 year old is able to add an administrative account and
surf the web like the adults and delete the account without them knowing.

 

[Guest]

Bruce Chambers...

Feeling Constipated