XP secure during repair?

[Mike]

XP Home, file system NTFS.

XP is more secure than 98 but are the login passwords truly secure. I have 4
passworded accounts - is it true that without the password these accounts
are not accessible. If I take my PC in for hardware repair is there no way
for the technician to access my hardrive and its data beyond the login
screen. No secret admin account or account entrance that is built in or
could they run another OS from the cd drive such as DOS or Linux and access
the drive information that way or another way I have not considered. I ask
this because it just occurs to me how much private and personal information
I have on my hardrive should it need repair. Thanks.

 

[Guest]

I recently put my laptop in for repair to the backlight
of the LCD screen. On purpose I did not give them the
logon password, since I thought that they wouldn't need
it. I was very surpized to see that when I received my
laptop back, it had a note that said that they had to
reset my password so that they could test the screen....
This was in an authorized Toshiba dealership in
Louisiana....where it is an offence to break into a
computer without explicit authorization from it's owner...

You can boot a machine from the LAN by changing it's boot
preferences. This way it is very easy to change the
administrator password for the machine and thus gain
access to whatever information on the harddrive.
If you reaaly want some files to be secure, you can
encrypt them with a password, that should keep most
people out....but still.

 

[Jupiter Jones [MVP]]

Mike;
If you are sending a computer in for repair, the techs almost always
need access.
In any event with physical control there is access.
There are many ways a person with unrestricted access can gain access
to your data.
Encryption may protect your data but the only secure way is to remove
sensitive from the computer before giving unrestricted physical
access.
This is not a weakness of Windows, it is one of the 10 Immutable Laws
of Security which apply to all systems:
http://www.microsoft.com/technet/archive/community/columns/security/essays/10imlaws.mspx

 

[Jupiter Jones [MVP]]

There is rarely a good reason to not give the tech access to your
computer.
If you do not trust the tech, take the computer to a tech you trust.
See my other psot this thread.

 

[Mike]

Mike;
If you are sending a computer in for repair, the techs almost always
need access.
In any event with physical control there is access.
There are many ways a person with unrestricted access can gain access
to your data.
Encryption may protect your data but the only secure way is to remove
sensitive from the computer before giving unrestricted physical
access.
This is not a weakness of Windows, it is one of the 10 Immutable Laws
of Security which apply to all systems:
http://www.microsoft.com/technet/archive/community/columns/security/essays/10imlaws.mspx

Thanks all for response. The concensus seems to be that XP passwords are
there to prevent cursory or unacquainted intrusion and the real solution to
security is third party encryption and on-site or self repair. I know not
every technician has either the time or the inclination to pore over my love
letters but reliance on lack of intent is not best security. On my 98
machine I used a BIOS password - would this be a more secure option for XP.
Thanks again.

 

[Jupiter Jones [MVP]]

Mike;
BIOS password is the least secure.
Simply move the hard drive to another computer.

How would a tech do anything at all without access?
There are ways around some BIOS passwords as well with unrestricted
physical access.

The only practical option if security is important is to remove
sensitive data.

 

[Bruce Chambers]

Greetings --

Certainly, a competent PC technician could gain access to anything
on the hard drive, if he so desired. So, besides finding a competent
technician, you should also seek one with proven integrity. Don't be
afraid to ask for references.

The very first - and most important - component to computer
security is _physical_ security. If a knowledgeable individual has
physical access to your computer, then there is nothing to stop him
from accessing the hard drive's contents. A bootable Linux CD and a
few uninterrupted minutes is all it takes.

Encryption of your data can make this access much more difficult,
but carries its own risks of data loss, if improperly implemented or
practiced. Another, perhaps simpler, precaution would be to store all
of your sensitive personal data either on removable media or on a
second physical hard drive that could be removed before taking the
repair service. Today's external USB hard drives make this a viable,
relatively inexpensive option.

Of course, another option - and this is my preference - is to
learn how to maintain and repair your computer, yourself. Then you
needn't worry about anyone else ever having free access to the
computer. Fixing a computer really isn't "rocket surgery;" it's
nowhere near as difficult as most people think.


Bruce Chambers
--
Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having both at once. - RAH

 

[Mike]

XP Home, file system NTFS.

XP is more secure than 98 but are the login passwords truly secure. I
have 4 passworded accounts - is it true that without the password
these accounts are not accessible. If I take my PC in for hardware
repair is there no way for the technician to access my hardrive and
its data beyond the login screen. No secret admin account or account
entrance that is built in or could they run another OS from the cd
drive such as DOS or Linux and access the drive information that way
or another way I have not considered. I ask this because it just
occurs to me how much private and personal information I have on my
hardrive should it need repair. Thanks.

Anyone heard of this. Is it more secure than the BIOS and login passwords
(which aren't secure) - search for security continues. Found the following
instructions in another ng:

'Start Menu, Run, Type:
syskey
press enter.

A dialog box will appear
"Securing the Windows Account Database"
Click [Update]
Select
(o) Password Startup
Type and confirm the password. Click [OK].

Warning:
If You forget the password, You MUST reinstall Windows (that means CLEAN)'.

 

[Roger Abell]

The passwords are protected with fairly strong methods.
However, choice of poor passwords defeats even the
best (within reasonable usability) methods.
With physical access and the ability to boot, no OS is
protected from having its data examined. For Windows
there are numerous tools that let one change a password
from a mini-boot, and then use that account in a real boot.
BIOS passwords are no protection what-so-ever, only
an annoyance or deterant. Many brands even have a well
known override keying to use during boot.

The built-in (in Pro) EFS encrypting is about as good as
can be had. It is deeply engineered.

The tech in La that overwrote a password without permission
was treading on a narrow ledge. Aside from unauthorized
entry, they risked destroying that account's access to its EFS
encrypted data (were it a Pro version), which I imagine could
result in significant monetary damages.

If you want to have your data secure while a machine is in
the shop, do not keep it on a hard drive that will go with the
machine to the shop. That advise is valid for any operating
system, not just Windows.

 

[Michael]

Well If you need to take your PC for a repair due to a hard-drive problem
more than likely the people repairing it are going to need access to the
drive in order to say run a SCANDISK or a CHCKDISK or any other diagnostic
that needs done. Locking out your accounts will make it extremely difficult
for anyone to do any sort of repairs on your system. I would not use the
password on start-up routine since if you ever forget this password you must
do a full re-install of Windows. And besides if you use this option how
would you expect a repair person to put a new hard drive in your system if
they cannot even boot it up? My suggestion would be to set up a new account,
call it REPAIR and give it limited user status, but make sure that they can
run simple windows diagnostic tools and such. Since your other accounts are
password protected make the folders you want to keep from the repair people
private that way they cannot be accessed from the new account you made. That
should do it.

XP Home, file system NTFS.

XP is more secure than 98 but are the login passwords truly secure. I
have 4 passworded accounts - is it true that without the password
these accounts are not accessible. If I take my PC in for hardware
repair is there no way for the technician to access my hardrive and
its data beyond the login screen. No secret admin account or account
entrance that is built in or could they run another OS from the cd
drive such as DOS or Linux and access the drive information that way
or another way I have not considered. I ask this because it just
occurs to me how much private and personal information I have on my
hardrive should it need repair. Thanks.

Anyone heard of this. Is it more secure than the BIOS and login passwords
(which aren't secure) - search for security continues. Found the following
instructions in another ng:

'Start Menu, Run, Type:
syskey
press enter.

A dialog box will appear
"Securing the Windows Account Database"
Click [Update]
Select
(o) Password Startup
Type and confirm the password. Click [OK].

Warning:
If You forget the password, You MUST reinstall Windows (that means CLEAN)'.

 

[Jupiter Jones [MVP]]

Michael;
The best option is to take sensitive data off the computer.
To expect a tech to fully diagnose and repair the computer without
full access is preposterous.
With the exception of EFS, all the methods of keeping data from a tech
can be easily circumvented in a matter of seconds.
If the tech is incapable of getting around these measures, I would ask
what else does the tech not know?
Assume the tech needs full access,...then give the access.
If you do not trust the tech, get another tech.

--
Jupiter Jones [MVP]
http://www3.telus.net/dandemar/

Well If you need to take your PC for a repair due to a hard-drive problem
more than likely the people repairing it are going to need access to the
drive in order to say run a SCANDISK or a CHCKDISK or any other diagnostic
that needs done. Locking out your accounts will make it extremely difficult
for anyone to do any sort of repairs on your system. I would not use the
password on start-up routine since if you ever forget this password you must
do a full re-install of Windows. And besides if you use this option how
would you expect a repair person to put a new hard drive in your system if
they cannot even boot it up? My suggestion would be to set up a new account,
call it REPAIR and give it limited user status, but make sure that they can
run simple windows diagnostic tools and such. Since your other accounts are
password protected make the folders you want to keep from the repair people
private that way they cannot be accessed from the new account you made. That
should do it.

XP Home, file system NTFS.

XP is more secure than 98 but are the login passwords truly secure. I
have 4 passworded accounts - is it true that without the password
these accounts are not accessible. If I take my PC in for hardware
repair is there no way for the technician to access my hardrive and
its data beyond the login screen. No secret admin account or account
entrance that is built in or could they run another OS from the cd
drive such as DOS or Linux and access the drive information that way
or another way I have not considered. I ask this because it just
occurs to me how much private and personal information I have on my
hardrive should it need repair. Thanks.

Anyone heard of this. Is it more secure than the BIOS and login passwords
(which aren't secure) - search for security continues. Found the following
instructions in another ng:

'Start Menu, Run, Type:
syskey
press enter.

A dialog box will appear
"Securing the Windows Account Database"
Click [Update]
Select
(o) Password Startup
Type and confirm the password. Click [OK].

Warning:
If You forget the password, You MUST reinstall Windows (that means CLEAN)'.