Serious Security & Administrative issue!!!!

[Guest]

After you install "Windows XP Home Edition" (and possibly the "XP Professional Edition") and you change the Administration name to your own Log on name the Administration Log on is still there but does not show up any more unless you restart in "Safe Mode". That means there is a higher level Administration log on then your new log on (it can change things on all other Aministration level names) that isn't even password protected until you give it one. I have not seen any kind of warning about this from Microsoft anywhere. This is a security issue that is very serious!!!!!!!! Kids out there that find this out are likely to create there own administraion names and then delete them so parents don't know they have access to anything they want to do on the computer or the internet!!!!!!!!
Hope that Microsoft and parents read this before kids or anyone that shouldn't have access to full rights on XP computers do.

 

[Malke]

After you install "Windows XP Home Edition" (and possibly the "XP
Professional Edition") and you change the Administration name to your
own Log on name the Administration Log on is still there but does not
show up any more unless you restart in "Safe Mode". That means there
is a higher level Administration log on then your new log on (it can
change things on all other Aministration level names) that isn't even
password protected until you give it one. I have not seen any kind of
warning about this from Microsoft anywhere. This is a security issue
that is very serious!!!!!!!! Kids out there that find this out are
likely to create there own administraion names and then delete them so
parents don't know they have access to anything they want to do on the
computer or the internet!!!!!!!!
Hope that Microsoft and parents read this before kids or anyone
that shouldn't have access to full rights on XP computers do.

Actually, this XP Home feature is by design and has saved many a home
user who has forgotten his password. The default (and yes, hidden after
you make a user account with your name) Administrator account does not
have "higher level" powers than any other account with administrative
privileges. It is a failsafe account that can be accessed from Safe
Mode for the purpose of repairing the regular user account if it is
damaged or the owner has forgotten his password. This is not a serious
security issue. BTW, if someone has physical access to a computer which
is running *any* operating system, that computer can be compromised.

Cheers,

Malke

 

[Bruce Chambers]

Greetings --

I really don't understand your apparent surprise at what has for
many years been normal, by design behavior for WinNT, Win2K, and, in
the natural course of things, WinXP. Of course you should set a
password on the Administrator account; this pretty much goes without
saying, if security is a matter that concerns you.

The built-in Administrator account really isn't intended to be
used for day-to-day normal use. The standard security practice is to
set a strong password on it and use it only to create another account
for regular use, reserving the Administrator account as a "back door"
in case something corrupts your regular account(s).

During the installation, WinXP Pro will ask the installer to
designate the Administrator's password, but WinXP Home will not do so,
leaving the password blank by default. Any other user account created
during installation will be created with whatever privileges
(administrator or limited user) assigned by the person performing the
installation. If the defaults are accepted, this first account, iirc,
is granted administrative privileges.

Once any additional user accounts have been created, the
Administrator account will no longer be displayed on the Welcome
Screen. This is a default security feature. By design, the only way
to log into the Administrator account of WinXP Home is to reboot into
Safe Mode. For WinXP Pro, pressing CTRL+ALT+DEL twice at the Welcome
Screen will produce the standard login dialog box.


Bruce Chambers

--
Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH

After you install "Windows XP Home Edition" (and possibly the "XP

Professional Edition") and you change the Administration name to your
own Log on name the Administration Log on is still there but does not
show up any more unless you restart in "Safe Mode". That means there
is a higher level Administration log on then your new log on (it can
change things on all other Aministration level names) that isn't even
password protected until you give it one. I have not seen any kind of
warning about this from Microsoft anywhere. This is a security issue
that is very serious!!!!!!!! Kids out there that find this out are
likely to create there own administraion names and then delete them so
parents don't know they have access to anything they want to do on the
computer or the internet!!!!!!!!

Hope that Microsoft and parents read this before kids or anyone

that shouldn't have access to full rights on XP computers do.

 

[Guest]

There is no warning in XP Home Edition about this default Administrator Account being there. No warning about it having no password, and that it has the ability to delete what is seen as the only Administrative user account. There has to be a warning about this account to the installer in the XP Home Edition. Not the Installers fault if they are not aware of this Security issue. If the installer doesn't set a password or even have a clue it is there then anyone can create a user account that has Administrative abilities or delete the main user account's password and gain access to private info on that account.

Having the choice to protect your computer is what this is about. I am fairly adept at computing, but obviously a simple thing like this slipped by my. I whipe my hard drive and start over just for the fun of it sometimes. Makes things run better with a fresh start. I was unaware of this. Can't imagine what it is like for a person afraid to load a driver let alone boot into safe mode. No way they would have any idea that this problem with seurity is there without a warning during what would be a major thing for them like installing XP.

 

[cquirke (MVP Win9x)]

There is no warning in XP Home Edition about this default Administrator Account being there.
No warning about it having no password, and that it has the ability to delete what is seen as
the only Administrative user account.

Having the choice to protect your computer is what this is about.

Having the chance to *maintain* you PC is what it's about, too.

It's part of a more general issue; that of the "null password
connundrum" that goes like this:
- "passwords are an optional feature"
- to set a new password, you first have to enter the old one
- so if no password, anyone can set one and lock you out
- so I guess passwords arn't as "optional" as claimed!

Passwords should be used only where a dangerous functionality is
needed for some users, but should be hidden from others. It is a weak
alternative to *removing* a dangerous feature that no-one needs, and
it is a needlessly dangerous alternative to leaving unfettered access
to a feature that everyone needs (risk of lockout).


XP Home is supposed to be for consumers. Users who need remote
administration and user management are supposed to use Pro.

Consumers already *have* a de facto security model they understand;
it's called "home", as in "a physical location where safety is
assumed". We expect anything within the home (i.e. with physical
access to the PC) to have unfettered rights, and anyone who does not
have physical access to the PC to have no rights at all.

Only if there's the desire to manage family members on the same PC
etc. (a doomed quest, IMO) does the need for passwords arise; or the
laptop situation, where theft is more likely than desktops.


Instead, consumers are expected to fall in line with the way corporate
world's professional IT departments manage computers. So they are
exposed to unneccessary "remote admin" risks (including that which
Lovesan/Blaster attacked), and they have to rely on passwords to
manage which should normally be always available or always impossible.

When it comes to the admin account you are referring to; that's
probably the consumer's lifeline in Safe Mode and Recovery Console
(RC). Kick it away, and you may well make it impossible to maintain
your PC if things go wrong, or recover data. As it is, you have to
set a couple of arcane things before RC can access all HD volumes,
copy files off HD, or use wildcards to do so in bulk.


IMO, it's time MS had the balls to tell coroprate sector to pay up for
Pro if they want the luxury of remote admin, and strip that garbage
out of Home so that Home really *is* developed for us consumers
instead of being a lamered version of designed-for-corporate software.

It's also time MS came up with proper maintenance tools for NTFS; a
maintenance OS that can run arbitrary anti-malware utilities,
diagnostics, file managers etc. without writing to the HD or running
any code off it, as well as an interactive file repair tool that is as
least as good as Scandisk (hint; Scandisk C: D: E: F

If the corporate world want to be so secure that these maintenance
tools cannot access the system, then that is yet another way in which
Home should be differentiated from Pro. We just want our data back!

---------- ----- ---- --- -- - - - -

Consumer Asks: "What are you?"
Market Research: ' What would you like us to be? '

 

[Guest]

Hehehehe your a funny one cquirke heheheheh

 

[Guest]

Many years Bruce??? you mean a few years...hahah
you are an exaggerator Mr. Chambers...if I was your kid I would change your passwords and lock you out!