Unauthorized Password Deletion

[Guest]

parent of a couple of cagey and savvy teenagers; in order to prevent late
night usage of the family PC, I deleted the Guest Account and password
protected the only other User account (mine). I would log off in the evening
and everything was fine until a couple of weeks ago when I noticed that my
password had been deleted and anyone could log on as me and use the computer.

Changed the password three times in a row, even using brand new random ones,
and within a couple of days, someone had deleted the password.

So that I don't have to keep taking the mouse and keyboard away each night,
anyone know how one of my teenagers is managing to pull this off? I don't
notice any unusual software, so I am at a loss.

Help!

 

[Vanguard]

parent of a couple of cagey and savvy teenagers; in order to prevent
late
night usage of the family PC, I deleted the Guest Account and password
protected the only other User account (mine). I would log off in the
evening
and everything was fine until a couple of weeks ago when I noticed
that my
password had been deleted and anyone could log on as me and use the
computer.

<snip>

Did you ever give the Administrator account a password?

 

[Kevin]

parent of a couple of cagey and savvy teenagers; in order to prevent late
night usage of the family PC, I deleted the Guest Account and password
protected the only other User account (mine). I would log off in the
evening
and everything was fine until a couple of weeks ago when I noticed that my
password had been deleted and anyone could log on as me and use the
computer.

Changed the password three times in a row, even using brand new random
ones,
and within a couple of days, someone had deleted the password.

So that I don't have to keep taking the mouse and keyboard away each
night,
anyone know how one of my teenagers is managing to pull this off? I don't
notice any unusual software, so I am at a loss.

Help!

Have you actually asked one of the little darlings if they were doing this?
Point out that lying will bring about dread circumstances and dire times for
them, not to mention the complete loss of all rights, privileges and
freedom. And no computer.

 

[David Candy]

You are a great big wimp. Tie the kids to the clothesline. Give em a bowl of water though.

 

[Carey Frisch [MVP]]

10 Immutable Laws of Security
http://www.microsoft.com/technet/archive/community/columns/security/essays/10imlaws.mspx

Microsoft Shared Computer Toolkit for Windows XP
http://www.microsoft.com/windowsxp/sharedaccess/default.mspx

--
Carey Frisch
Microsoft MVP
Windows - Shell/User
Microsoft Community Newsgroups
news://msnews.microsoft.com/

---------------------------------------------------------------------------­----------------

:

| parent of a couple of cagey and savvy teenagers; in order to prevent late
| night usage of the family PC, I deleted the Guest Account and password
| protected the only other User account (mine). I would log off in the evening
| and everything was fine until a couple of weeks ago when I noticed that my
| password had been deleted and anyone could log on as me and use the computer.
|
| Changed the password three times in a row, even using brand new random ones,
| and within a couple of days, someone had deleted the password.
|
| So that I don't have to keep taking the mouse and keyboard away each night,
| anyone know how one of my teenagers is managing to pull this off? I don't
| notice any unusual software, so I am at a loss.
|
| Help!

 

[Guest]

The only user account that I have set up is mine and yes, it is the
administrator account that we are talking about.

 

[Guest]

Actually, I have four kids and the two oldest (the most likely candidates)
have friends over often. All the kids deny doing this, and the two youngest,
though computer users, are probably not the problem. But I am trying to find
a solution that will give me back control of the use of the computer so as to
not unfairly punish whichever one (or their friends) that is doing this.

Figured there must be some hack program or routine that allows someone to
delete a Windows password even if you don't know the original one, or
something else that is remembering my password so they can go in and delete
it in an authorized mode.

 

[Guest]

Not a whole lot help are we David? Figured that in lieu of continuing to
take the computer access away from all of the kids, someone in this newsgroup
might be aware of a hacking program or technique that would allow me to short
circuit the offender.

 

[Guest]

Carey, thanks for the tips. I pretty much follow all the "10" tips, and I
will check out the Shared Toolkit idea.

Was just curious if anyone out there knew of a hack program or technique
that could be used to steal my password so that they could delete it, or a
hole in the system that would allow someone to delete the password even if
they didn't know it.

I have changed the password several times and only written it down on my PDA
which my kids do not have access to (and is also password protected).
Figured there was some way they were getting around the Windows password
thing and I wanted to see if I could 1) stop it, and 2) find out who is doing
it.

 

[Ricky]

In XP Home there is a administer account that is only seen when you boot in
safe mode. If this is not password protected you can use it to change
passwords in other accounts.

 

[David Candy]

Vanguard answered you with the most likely cause.

 

[Lisa K]

Everybody's right about logging into safe mode and password protecting the
Administrator account. Another, more intense and less likely to be reversed
method would be to password protect the computer on startup which is done in
the bios. Not recommended if you're unsure of what you're doing. ;-) good
luck! I have teenagers too! very scary!!

 

[Vanguard]

The only user account that I have set up is mine and yes, it is the
administrator account that we are talking about.

You don't have to "setup" the Administrator account. Sounds like you
created *another* account with admin privileges but it is not the
Administrator account. What is the account name under which you login
and that you think is the only admin-level account?

Have you used any anti-malware software to check for a keylogger? You
could change the password but the pests, er, kids would simply use the
keylogger to find out what changes you made.

Are you using a SECURE password? Is it a strong password? Or are you
using one of your names (first, last, middle, nickname), your spouse
name, a pet's name, a house address, or some other information that the
pest can easily guess at? What happens when you try a jumbled mess of
characters? I use an algorithm that lets me remember passwords but
provides a different password for every host or site on which I login.
For example, use the last 2 digits of your birthyear, a couple digits
from a fixed position in your driver's license, your initials in reverse
order, and a few characters of the domain or site to create a unique
password. You know the algorithm and you know the host or site so you
can reconstruct what is your password, but it looks like a mess to
anyone else.

So why not simply put the computer in your bedroom or den and lock the
door? Obviously the pests have decided they don't need to comply with
your rules, so punish them by physically removing access to the
computer. Did they pay for it? Whose computer is it really? So far,
they have been training you rather than you training them. Whose the
parent?

 

[Guest]

Well, I don't pretend to be too techno-savvy, but maybe this will answer your
question. There is just one User Account - me, and it has administrator
rights. When I start up the computer and Windows loads, you end up at the
blue welcome screen with my name as the only account. You have to enter my
password to get in.

And yes, I do use lenghty and pretty secure passwords and there really isn't
a way one of the kids could "guess" it.

As far as anti-spyware/malware, I rountinely run Microsoft's AntiSpyware,
Norton Antivirus, Spyware Doctor, Spybot Search & Destroy and Ad-Aware to
clean things up, but unless the deviant is reloading the program each time, I
haven't found anything with any of these that looks like a key-logger (though
I don't profess to know the names of common key-logger programs).

Do you know of any other anti program you'd recommend that could check for
key-logger programs in particular?

 

[Guest]

Thanks Ricky, didn't know anything about that safe mode aspect. So, if they
re-boot the machine into safe mode, they can delete any user password that is
set up? I have noticed that when the kid does whatever they are doing, they
aren't putting in a new password, they are simply deleting my old password.

How do you password protect the administrator account in Safe mode, and
exactly how do you boot up into safe mode to do this?

 

[David Candy]

Press Ctrl + Alt + Delete twice at the welcome screen (Pro only) and you can enter name/password for the Administrator account. For Home, boot to safe mode to access this account. The inbuilt admin account, like any admin account, can reset passwords for any user.

Security requires no physical access to the computer.

 

[Ricky]

You start tapping F8 when you first turn the computer on..then you get a
screen with several options. Pick Safe Mode and on the welcome screen you
should see your account and the default admin account. Pick the default
account and when logged in go to control panel..user accounts and set a
password for the account there.

 

[Bruce Chambers]

parent of a couple of cagey and savvy teenagers; in order to prevent late
night usage of the family PC, I deleted the Guest Account and password
protected the only other User account (mine). I would log off in the evening
and everything was fine until a couple of weeks ago when I noticed that my
password had been deleted and anyone could log on as me and use the computer.

Changed the password three times in a row, even using brand new random ones,
and within a couple of days, someone had deleted the password.

So that I don't have to keep taking the mouse and keyboard away each night,
anyone know how one of my teenagers is managing to pull this off? I don't
notice any unusual software, so I am at a loss.

Help!

Set a strong password on the built-in Administrator account.


--

Bruce Chambers

Help us help you:



They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. -Benjamin Franklin

 

[Bruce Chambers]

Carey, thanks for the tips. I pretty much follow all the "10" tips, and I
will check out the Shared Toolkit idea.

Was just curious if anyone out there knew of a hack program or technique
that could be used to steal my password so that they could delete it, or a
hole in the system that would allow someone to delete the password even if
they didn't know it.

Yes, there are several such programs freely available on the Internet.
Linux-based password cracking utilities abound on the Internet, freely
available to anyone who can use Google. One needs only know how to find
Google's search site to gain knowledge of, and access to, these programs.

Without physical security, there is *no* security. Given access a
computer and a little time, any semi-knowledgeable individual can access
the full contents of the hard drive. Only encrypted files would be
reasonably safe.



--

Bruce Chambers

Help us help you:



They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. -Benjamin Franklin

 

[Vanguard]

Well, I don't pretend to be too techno-savvy, but maybe this will
answer your
question. There is just one User Account - me, and it has
administrator
rights. When I start up the computer and Windows loads, you end up at
the
blue welcome screen with my name as the only account. You have to
enter my
password to get in.

Sounds like you are using the Fisher-Price welcome screen. That will
only show the Administrator account until you define another admin-level
account, then the Administrator account is hidden. I think the trick is
to hit Ctrl+Alt+Del twice to get the regular non-fluffy login screen
where you can then enter Administrator for the account name. You have
been logging under your own admin-level account but it looks like the
kids have been logging under the Administrator account.

The default after installation is a blank password for the Administrator
account (although, I believe, you are prompted to specify a non-blank
password). With a blank password, anyone can login under the
Administrator account and do whatever they want.