- Security, Password Protected Computer
- Posted by John Persico on October 16th, 2005
Forgive me for my lack of knowledge on this issue, but...
How secure is an XP Home Edition machine that has one user
with forced login and password protection (meaning, turning
the computer on sends it to the login screen, there's only
one account, and it's password protected).
By secure, I mean, can anyone access that computer other
than the user who knows the password? Can anyone else read,
access, copy, or otherwise alter files on the machine? I
guess I'm wondering if there's some backdoor way that
someone could get into my machine (say, through a command
line interface or something), by bypassing the XP login.
Essentially, I want to be the only one who can use my
computer (or see anything on it).
- Posted by Donny Broome on October 16th, 2005
Physical Access to PC = Zero Security
There are several different bootable CD's that will allow persons onto your
PC. Some of these are discussed here: http://www.broomeman.com/password/
--
------------------------------------------
Donny Broome
http://www.broomeman.com/tech/
------------------------------------------
"John Persico" <someone@microsoft.com> wrote in message
news:uhMo7Rf0FHA.3956@TK2MSFTNGP09.phx.gbl...
> Forgive me for my lack of knowledge on this issue, but...
>
> How secure is an XP Home Edition machine that has one user with forced
> login and password protection (meaning, turning the computer on sends it
> to the login screen, there's only one account, and it's password
> protected).
>
> By secure, I mean, can anyone access that computer other than the user who
> knows the password? Can anyone else read, access, copy, or otherwise
> alter files on the machine? I guess I'm wondering if there's some
> backdoor way that someone could get into my machine (say, through a
> command line interface or something), by bypassing the XP login.
> Essentially, I want to be the only one who can use my computer (or see
> anything on it).
>
- Posted by Panda_man on October 16th, 2005
XP has built-in hidden Administrator account ,visible in Safe Mode only .
You need to get into Safe Mode and also password protect it.
Noone can access your account if the PC is at home,I think you understand...
All these programs,mentioned by Mr.Broom are more or less illegal.
Panda_man
" Let's beat malware black and blue "
" No new epidemics of all kind of malware -> Panda TruPrevent "
"John Persico" wrote:
> Forgive me for my lack of knowledge on this issue, but...
>
> How secure is an XP Home Edition machine that has one user
> with forced login and password protection (meaning, turning
> the computer on sends it to the login screen, there's only
> one account, and it's password protected).
>
> By secure, I mean, can anyone access that computer other
> than the user who knows the password? Can anyone else read,
> access, copy, or otherwise alter files on the machine? I
> guess I'm wondering if there's some backdoor way that
> someone could get into my machine (say, through a command
> line interface or something), by bypassing the XP login.
> Essentially, I want to be the only one who can use my
> computer (or see anything on it).
>
>
>
- Posted by Larry Samuels on October 16th, 2005
Very few if any of the programs are illegal.They are all legitimate tools
intended to be used by pros. Any illicit use falls solely on the user.
--
Larry Samuels Associate Expert
MS-MVP (2001-2005)
Unofficial FAQ for Windows Server 2003 at
http://pelos.us/SERVER.htm
Expert Zone- www.microsoft.com/windowsxp/expertzone
"Panda_man" <Pandaman@discussions.microsoft.com> wrote in message
news:EE48F1F5-628E-46DE-973F-A8F5048EE4C1@microsoft.com...
> XP has built-in hidden Administrator account ,visible in Safe Mode only .
> You need to get into Safe Mode and also password protect it.
>
> Noone can access your account if the PC is at home,I think you
> understand...
>
> All these programs,mentioned by Mr.Broom are more or less illegal.
>
>
> Panda_man
> " Let's beat malware black and blue "
> " No new epidemics of all kind of malware -> Panda TruPrevent "
>
>
>
> "John Persico" wrote:
>
>> Forgive me for my lack of knowledge on this issue, but...
>>
>> How secure is an XP Home Edition machine that has one user
>> with forced login and password protection (meaning, turning
>> the computer on sends it to the login screen, there's only
>> one account, and it's password protected).
>>
>> By secure, I mean, can anyone access that computer other
>> than the user who knows the password? Can anyone else read,
>> access, copy, or otherwise alter files on the machine? I
>> guess I'm wondering if there's some backdoor way that
>> someone could get into my machine (say, through a command
>> line interface or something), by bypassing the XP login.
>> Essentially, I want to be the only one who can use my
>> computer (or see anything on it).
>>
>>
>>
- Posted by Donny Broome on October 17th, 2005
Panda_man:
Sorry, bro, you're speaking on a subject you haven't researched.
--
------------------------------------------
Donny Broome
www.broomeman.com/tech
------------------------------------------
"Panda_man" <Pandaman@discussions.microsoft.com> wrote in message
news:EE48F1F5-628E-46DE-973F-A8F5048EE4C1@microsoft.com...
> XP has built-in hidden Administrator account ,visible in Safe Mode only .
> You need to get into Safe Mode and also password protect it.
>
> Noone can access your account if the PC is at home,I think you
> understand...
>
> All these programs,mentioned by Mr.Broom are more or less illegal.
>
>
> Panda_man
> " Let's beat malware black and blue "
> " No new epidemics of all kind of malware -> Panda TruPrevent "
>
>
>
> "John Persico" wrote:
>
>> Forgive me for my lack of knowledge on this issue, but...
>>
>> How secure is an XP Home Edition machine that has one user
>> with forced login and password protection (meaning, turning
>> the computer on sends it to the login screen, there's only
>> one account, and it's password protected).
>>
>> By secure, I mean, can anyone access that computer other
>> than the user who knows the password? Can anyone else read,
>> access, copy, or otherwise alter files on the machine? I
>> guess I'm wondering if there's some backdoor way that
>> someone could get into my machine (say, through a command
>> line interface or something), by bypassing the XP login.
>> Essentially, I want to be the only one who can use my
>> computer (or see anything on it).
>>
>>
>>
- Posted by Donny Broome on October 17th, 2005
Thanks, Larry.
--
------------------------------------------
Donny Broome
www.broomeman.com/tech
------------------------------------------
"Larry Samuels" <larry@mvps.org> wrote in message
news:%23VJT1Xl0FHA.2212@TK2MSFTNGP15.phx.gbl...
> Very few if any of the programs are illegal.They are all legitimate tools
> intended to be used by pros. Any illicit use falls solely on the user.
>
> --
> Larry Samuels Associate Expert
> MS-MVP (2001-2005)
> Unofficial FAQ for Windows Server 2003 at
> http://pelos.us/SERVER.htm
> Expert Zone- www.microsoft.com/windowsxp/expertzone
> "Panda_man" <Pandaman@discussions.microsoft.com> wrote in message
> news:EE48F1F5-628E-46DE-973F-A8F5048EE4C1@microsoft.com...
>> XP has built-in hidden Administrator account ,visible in Safe Mode only .
>> You need to get into Safe Mode and also password protect it.
>>
>> Noone can access your account if the PC is at home,I think you
>> understand...
>>
>> All these programs,mentioned by Mr.Broom are more or less illegal.
>>
>>
>> Panda_man
>> " Let's beat malware black and blue "
>> " No new epidemics of all kind of malware -> Panda TruPrevent "
>>
>>
>>
>> "John Persico" wrote:
>>
>>> Forgive me for my lack of knowledge on this issue, but...
>>>
>>> How secure is an XP Home Edition machine that has one user
>>> with forced login and password protection (meaning, turning
>>> the computer on sends it to the login screen, there's only
>>> one account, and it's password protected).
>>>
>>> By secure, I mean, can anyone access that computer other
>>> than the user who knows the password? Can anyone else read,
>>> access, copy, or otherwise alter files on the machine? I
>>> guess I'm wondering if there's some backdoor way that
>>> someone could get into my machine (say, through a command
>>> line interface or something), by bypassing the XP login.
>>> Essentially, I want to be the only one who can use my
>>> computer (or see anything on it).
>>>
>>>
>>>
>
>
- Posted by John Persico on October 20th, 2005
What's the best way to password-protect the administrator
account?
If someone boots your computer in Safe Mode and the
administrator account is password protected, can they view
files on the machine (if they don't have any of the programs
you mentioned)?
"Donny Broome" <broomeman@hotmail.DOTcom> wrote in message
news:C2j4f.64301$5l.58763@bignews6.bellsouth.net.. .
> Physical Access to PC = Zero Security
>
> There are several different bootable CD's that will allow
> persons onto your PC. Some of these are discussed here:
> http://www.broomeman.com/password/
>
>
> --
> ------------------------------------------
> Donny Broome
> http://www.broomeman.com/tech/
> ------------------------------------------
>
>
> "John Persico" <someone@microsoft.com> wrote in message
> news:uhMo7Rf0FHA.3956@TK2MSFTNGP09.phx.gbl...
>> Forgive me for my lack of knowledge on this issue, but...
>>
>> How secure is an XP Home Edition machine that has one
>> user with forced login and password protection (meaning,
>> turning the computer on sends it to the login screen,
>> there's only one account, and it's password protected).
>>
>> By secure, I mean, can anyone access that computer other
>> than the user who knows the password? Can anyone else
>> read, access, copy, or otherwise alter files on the
>> machine? I guess I'm wondering if there's some backdoor
>> way that someone could get into my machine (say, through
>> a command line interface or something), by bypassing the
>> XP login. Essentially, I want to be the only one who can
>> use my computer (or see anything on it).
>>
>
>
- Posted by GreenieLeBrun on October 20th, 2005
John Persico wrote:
> Forgive me for my lack of knowledge on this issue, but...
>
> How secure is an XP Home Edition machine that has one user
> with forced login and password protection (meaning, turning
> the computer on sends it to the login screen, there's only
> one account, and it's password protected).
>
> By secure, I mean, can anyone access that computer other
> than the user who knows the password? Can anyone else read,
> access, copy, or otherwise alter files on the machine? I
> guess I'm wondering if there's some backdoor way that
> someone could get into my machine (say, through a command
> line interface or something), by bypassing the XP login.
> Essentially, I want to be the only one who can use my
> computer (or see anything on it).
As the other OPs have stated if other people have physical access to
your machine there are ways and means (Bootable CDs, Linux diskettes
etc) that will enable people to remove the passwords used.
If you want people not to be able to see your data then use some form
of encryption such as the NTFS encryption built into XP, BUT, and a
very BIG BUT, remember to create a Recovery Agent and back up your
encryption keys and certificates to some form of external storage
because if you loose your keys your data is gone for good.
For more details on XP encryption methods enter XP encryption in the
search bar at http://support.microsoft.com/search/default.aspx
- Posted by John Persico on October 20th, 2005
Can you encrypt an entire drive?
Do you unencrypt every time you use the computer?
Do new files get encrypted automatically?
Are there any printed materials that give the full scoop on
XP encryption?
I did the search you specified, but the best article seems
to be
http://support.microsoft.com/default...b;en-us;308993,
which doesn't go into great detail.
"GreenieLeBrun" <GreenieLeBrun@hotmail.com> wrote in message
news:1129783498.961426.112190@f14g2000cwb.googlegr oups.com...
>
> John Persico wrote:
>> Forgive me for my lack of knowledge on this issue, but...
>>
>> How secure is an XP Home Edition machine that has one
>> user
>> with forced login and password protection (meaning,
>> turning
>> the computer on sends it to the login screen, there's
>> only
>> one account, and it's password protected).
>>
>> By secure, I mean, can anyone access that computer other
>> than the user who knows the password? Can anyone else
>> read,
>> access, copy, or otherwise alter files on the machine? I
>> guess I'm wondering if there's some backdoor way that
>> someone could get into my machine (say, through a command
>> line interface or something), by bypassing the XP login.
>> Essentially, I want to be the only one who can use my
>> computer (or see anything on it).
>
> As the other OPs have stated if other people have physical
> access to
> your machine there are ways and means (Bootable CDs, Linux
> diskettes
> etc) that will enable people to remove the passwords used.
>
> If you want people not to be able to see your data then
> use some form
> of encryption such as the NTFS encryption built into XP,
> BUT, and a
> very BIG BUT, remember to create a Recovery Agent and back
> up your
> encryption keys and certificates to some form of external
> storage
> because if you loose your keys your data is gone for good.
>
> For more details on XP encryption methods enter XP
> encryption in the
> search bar at
> http://support.microsoft.com/search/default.aspx
>
- Posted by Bruce Chambers on October 21st, 2005
John Persico wrote:
> What's the best way to password-protect the administrator
> account?
Set a strong password for it. In other words, use at least 8
characters, and make those characters a mixture of upper and lower case
letters, numbers, and special characters, such as *, $, _, !, @, or #.
Do *NOT* use easily guessed names, dates, etc.
> If someone boots your computer in Safe Mode and the
> administrator account is password protected, can they view
> files on the machine (if they don't have any of the programs
> you mentioned)?
>
Not unless he/she knows the password for the built-in Administrator
account.
--
Bruce Chambers
Help us help you:
http://dts-l.org/goodpost.htm
http://www.catb.org/~esr/faqs/smart-questions.html
You can have peace. Or you can have freedom. Don't ever count on having
both at once. - RAH
- Posted by Bruce Chambers on October 21st, 2005
John Persico wrote:
> Can you encrypt an entire drive?
No.
> Do you unencrypt every time you use the computer?
No. The OS access the encrypted files seamlessly, if the logged in
user has permission to access the encrypted files. The
"decryption/encryption" process occurs in the background and is
virtually (there may be a very slight performance hit) invisible to the
authorized user.
> Do new files get encrypted automatically?
>
No. Only those files/folders that the user designates get encrypted.
> Are there any printed materials that give the full scoop on
> XP encryption?
Best Practices for Encrypting File System
http://support.microsoft.com/default...b;en-us;223316
Bear in mind, before proceeding, that EFS is not to be used lightly.
Should something go wrong with the PC that requires you to reinstall the
OS, and if the your encryption certificates and keys were not backed up
before the reinstallation, and the workstation isn't part of a domain,
those files are gone, for all practical purposes. Encryption works well
and there is no "back door" or hack to access the files. (Wouldn't be
much point to EFS if it were vulnerable.)
--
Bruce Chambers
Help us help you:
http://dts-l.org/goodpost.htm
http://www.catb.org/~esr/faqs/smart-questions.html
You can have peace. Or you can have freedom. Don't ever count on having
both at once. - RAH
- Posted by Larry Samuels on October 21st, 2005
Absolutely. If someone has physical access to your PC and the correct tools,
all bets are off on security.
Why do you think servers are locked in closets or server rooms and only the
SysAdmins have keys?
--
Larry Samuels Associate Expert
MS-MVP (2001-2005)
Unofficial FAQ for Windows Server 2003 at
http://pelos.us/SERVER.htm
Expert Zone- www.microsoft.com/windowsxp/expertzone
"John Persico" <post@group.nospam> wrote in message
news:eBf4HxR1FHA.1132@TK2MSFTNGP10.phx.gbl...
> What's the best way to password-protect the administrator account?
> If someone boots your computer in Safe Mode and the administrator account
> is password protected, can they view files on the machine (if they don't
> have any of the programs you mentioned)?
>
> "Donny Broome" <broomeman@hotmail.DOTcom> wrote in message
> news:C2j4f.64301$5l.58763@bignews6.bellsouth.net.. .
>> Physical Access to PC = Zero Security
>>
>> There are several different bootable CD's that will allow persons onto
>> your PC. Some of these are discussed here:
>> http://www.broomeman.com/password/
>>
>>
>> --
>> ------------------------------------------
>> Donny Broome
>> http://www.broomeman.com/tech/
>> ------------------------------------------
>>
>>
>> "John Persico" <someone@microsoft.com> wrote in message
>> news:uhMo7Rf0FHA.3956@TK2MSFTNGP09.phx.gbl...
>>> Forgive me for my lack of knowledge on this issue, but...
>>>
>>> How secure is an XP Home Edition machine that has one user with forced
>>> login and password protection (meaning, turning the computer on sends it
>>> to the login screen, there's only one account, and it's password
>>> protected).
>>>
>>> By secure, I mean, can anyone access that computer other than the user
>>> who knows the password? Can anyone else read, access, copy, or
>>> otherwise alter files on the machine? I guess I'm wondering if there's
>>> some backdoor way that someone could get into my machine (say, through a
>>> command line interface or something), by bypassing the XP login.
>>> Essentially, I want to be the only one who can use my computer (or see
>>> anything on it).
>>>
>>
>>
>
>
- Posted by Larry Samuels on October 21st, 2005
DO NOT use NTFS encryption unless you know exactly what you are doing. If
you do you are simply setting up data loss waiting for an opportunity to
strike <G>
--
Larry Samuels Associate Expert
MS-MVP (2001-2005)
Unofficial FAQ for Windows Server 2003 at
http://pelos.us/SERVER.htm
Expert Zone- www.microsoft.com/windowsxp/expertzone
"John Persico" <post@group.nospam> wrote in message
news:eoP%23kqW1FHA.2924@TK2MSFTNGP15.phx.gbl...
> Can you encrypt an entire drive?
> Do you unencrypt every time you use the computer?
> Do new files get encrypted automatically?
>
> Are there any printed materials that give the full scoop on XP encryption?
> I did the search you specified, but the best article seems to be
> http://support.microsoft.com/default...b;en-us;308993, which
> doesn't go into great detail.
>
> "GreenieLeBrun" <GreenieLeBrun@hotmail.com> wrote in message
> news:1129783498.961426.112190@f14g2000cwb.googlegr oups.com...
>>
>> John Persico wrote:
>>> Forgive me for my lack of knowledge on this issue, but...
>>>
>>> How secure is an XP Home Edition machine that has one user
>>> with forced login and password protection (meaning, turning
>>> the computer on sends it to the login screen, there's only
>>> one account, and it's password protected).
>>>
>>> By secure, I mean, can anyone access that computer other
>>> than the user who knows the password? Can anyone else read,
>>> access, copy, or otherwise alter files on the machine? I
>>> guess I'm wondering if there's some backdoor way that
>>> someone could get into my machine (say, through a command
>>> line interface or something), by bypassing the XP login.
>>> Essentially, I want to be the only one who can use my
>>> computer (or see anything on it).
>>
>> As the other OPs have stated if other people have physical access to
>> your machine there are ways and means (Bootable CDs, Linux diskettes
>> etc) that will enable people to remove the passwords used.
>>
>> If you want people not to be able to see your data then use some form
>> of encryption such as the NTFS encryption built into XP, BUT, and a
>> very BIG BUT, remember to create a Recovery Agent and back up your
>> encryption keys and certificates to some form of external storage
>> because if you loose your keys your data is gone for good.
>>
>> For more details on XP encryption methods enter XP encryption in the
>> search bar at http://support.microsoft.com/search/default.aspx
>>
>
>
- Posted by John Persico on October 21st, 2005
How would I set the administrator password?
Would I use control userpasswords2 at the run prompt.
When the computer starts in safe mode, is it automatically
started with the administrator account every time?
"Bruce Chambers" <bchambers@cable0ne.n3t> wrote in message
news:eqO0U3d1FHA.3864@TK2MSFTNGP12.phx.gbl...
> John Persico wrote:
>> What's the best way to password-protect the administrator
>> account?
>
>
> Set a strong password for it. In other words, use at
> least 8 characters, and make those characters a mixture of
> upper and lower case letters, numbers, and special
> characters, such as *, $, _, !, @, or #. Do *NOT* use
> easily guessed names, dates, etc.
>
>
>
>> If someone boots your computer in Safe Mode and the
>> administrator account is password protected, can they
>> view files on the machine (if they don't have any of the
>> programs you mentioned)?
>>
>
>
> Not unless he/she knows the password for the built-in
> Administrator account.
>
>
> --
>
> Bruce Chambers
>
> Help us help you:
> http://dts-l.org/goodpost.htm
> http://www.catb.org/~esr/faqs/smart-questions.html
>
> You can have peace. Or you can have freedom. Don't ever
> count on having both at once. - RAH
- Posted by Bruce Chambers on October 22nd, 2005
John Persico wrote:
> How would I set the administrator password?
Log in as Administrator, right-click My Computer > Manage > Users and
Groups > Users > highlight Administrator, right-click and select reset
password.
> Would I use control userpasswords2 at the run prompt.
That's another viable means of getting to the right place.
> When the computer starts in safe mode, is it automatically
> started with the administrator account every time?
>
Only if that's the only user account on the computer.
--
Bruce Chambers
Help us help you:
http://dts-l.org/goodpost.htm
http://www.catb.org/~esr/faqs/smart-questions.html
You can have peace. Or you can have freedom. Don't ever count on having
both at once. - RAH
