Total security of admin pw

  • Thread starter Thread starter WW
  • Start date Start date
W

WW

I want to have only one admin account and I plan to
protect it with a pw. I am willing to take this risk:

I do not want ANY way to recover from a "forgotten" pw. I
do not want a pw recovery disk to work, I don't want
booting in Safe Mode to work. I am serious, if I die the
computer dies with me.

Is it possible to attain this level of protection?
 
Not really.
Once someone has physical control of the computer they have access.
EFS or Encrypted File System comes close.
If the keys are not available, no one gets the data.
However if you export the keys, where are you going to keep them so
that you can get them but no one else can?

EFS is very good at what it does and there is no back door.
Read and understand these links before using EFS to keep from
permanently losing your data:
http://www.microsoft.com/windowsxp/pro/techinfo/administration/recover
y/default.asp (58 pages)
http://support.microsoft.com/?id=223316
 
That is a tough one, mostly because some of the design
of the OS is so that naive users do not accidently cut off
all of their administrative access.
You certainly can have only one admin account, but it
would have to be the built-in Administrator account,
which you can rename.
If you do not want any password recovery disk, simply
do not make one.
Making this account useless in a Safe Mode boot
would be challenging however.
You could try making a process run during login such
that if the correct info was not provided to it by the
individual at the keyboard it would self-destruct (the
account or the machine). However, it would still be
possible, given physical access to the machine, to get
around all of this.
 
Back
Top