I establish myself as Admin level and my children as Limited access. My 14
year old found a way to not only change this, but my User login password as
well. How can he do this and what can I do to prevent it.

Do you have a password on the Administrator account?

--
Kerry
MS-MVP Windows - Shell/User

mikesal0902 wrote:

mikesal0902 wrote:

Any computer running any operating system can be accessed by someone
with 1) physical access; 2) time; 3) skill; 4) tools. There are a few
things you can do to make it a bit harder though:

1. Set a password in the BIOS that must be entered before booting the
operating system. Also set the Supervisor password in the BIOS so BIOS
Setup can't be entered without it.
2. From the BIOS, change the boot order to hard drive first.
3. Set strong passwords on all accounts, including the built-in
Administrator account. In XP Home, you will need to log into Safe Mode
to access the built-in Administrator account.
4. If you leave your own account logged in, use the Windows Key + L to
lock the computer (and/or set the screensaver/power saving) when you
step away from the computer and require a password to resume.
5. Make other users Limited accounts.

Please understand that these are technical responses to what is
basically a non-technical problem. This is a family/interpersonal issue
that can't be solved by technical means.

Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User

yes i do and he was able to change it and then changed himself from Limited
to Administrator. From some responses it sounds like there are ways to do
this, BUT how do I prevent it on the XP level. Boot password has been
effective, but need a solution on the XP level. Thanks.

"Kerry Brown" wrote:

"mikesal0902" <mikesal0902@discussions.microsoft.com> wrote in message
news:C95D8DA8-243F-4FA5-A0FB-184285DFFEB0@microsoft.com...

Are you using a username like "daddy" or "mike_sal", or are you using a
username like "lrg43sm" (where the letters and numbers mean something to
you, like your initials backwards, a couple of noncontiguous digits from
your birthyear, and initials for your company)? If you use your own
name, it doesn't take many trials to figure out your username,
especially if you let the kids watch you login.

Same goes for your password. Did you use your pet's name, spouse's
name, parent's name, or some other word(s) that the kid would know? Or
did you use some jumbled mess of alphanumeric characters (and perhaps
some punctuation characters) that mean something to you but to no one
else? Figure out an algorithm for your passwords which lets you
generate passwords that are jumbled but have order based on rules that
you remember. I use such an algorithm (so all I have to remember is the
3 parts to a password and what they contain) so that the password is
different for the hostname on which I login and also for every web site
where I'm registered. That way, you have a different password for each
host or site and you don't really have to memorize it because you just
plug in the characters that match your algorithm.

Maybe the kid installed a rootkit or keylogger. Have you used various
anti-malware products (many of which are free) to scan your computer for
malware? No matter what you do to change your username and password,
the kid might be using a keylogger to get the new ones and can get back
in. You already know about the BIOS password to thwart the kid. That
should be sufficient and cannot be recorded by a software keylogger
because it hasn't been loaded yet (but you could physically inspect the
computer to make sure there wasn't a keylogger dongle inserted in the
keyboard cord or connector). You may find it impossible to eradicate
the rootkit or keylogger. In that case, save a disk image of the
partition(s) and do a fresh install of Windows and start with strong a
strong username and password and don't even give the kids any admin or
power user permissions so they cannot install ANY software. All they
get to do thereafter is *use* your computer (as opposed to getting a
computer for your kids) and all they can run is what YOU have installed
(so be careful of what you install).

Have you told the kid that any further interference and alteration of
your computer system will result in severe and REAL punishment? Do you
let your babies play with guns? If you can't manage to keep the kid off
the computer and you are too wimpy to dole out punishment then put the
computer in a room that you can lock to prevent physical access.
Software is not a substitute for parenting. Also, why are you letting
anyone use your critically important host? If you use it for work
(remote or working from home) then NONE OF THE KIDS should be touching
it anymore than you would allow them to go shooting your shotguns in the
house.

--
__________________________________________________
Post replies to the newsgroup. Share with others.
For e-mail: Remove "NIX" and add "#VN" to Subject.
__________________________________________________

If he has physical access there are programs that run from a floppy drive,
CD, or USB drive that will allow him to change passwords. The only way to
stop it is to not allow booting from floppies, CD, or USB devices in the
BIOS then password protecting the BIOS. Make sure all accounts including the
hidden administrator account have strong passwords. Change your passwords
including the BIOS regularly.

http://www.microsoft.com/athome/secu.../password.mspx

As Malke suggested earlier this is a family issue not really an XP issue.

--
Kerry
MS-MVP Windows - Shell/User

mikesal0902 wrote:

you all have been very helpful. i will be home for a long weekend and have
some computer work to do. thank you much. from staten island, michael

"Vanguard" wrote:

Today =?Utf-8?B?bWlrZXNhbDA5MDI=?= commented courteously on
the subject at hand

If you haven't established mutual respect and trust with your
child by about age 2, it is hopeless for you now. Even 5 year-
olds are very computer savvy and love to play with Dad's head
and/or get goaded into messing with Dad by a "friend." And,
nobody - certainly not "impressionable teens" - like to be
restricted by a limited user account.

Why not sit him down, talk to him calmly, establish some
parental bond with him, explain what is right and what is wrong,
then /trust/ the kid to be reasonable and give him admin rights.
Iffn ya doesn't, no matter what you do, he'll find a way around
it. Rule breakers can always outsmart rule makers.

--
ATM, aka Jerry

"Whether You Think You CAN Or CAN'T, You're Right." – Henry Ford

Today Malke commented courteously on the subject at hand

Trying to prevent access at the boot end doesn't help at all
unless you want to shut the machine down when you're done and
be there to type in the super secret PW when the 14 year-old
wants to play, at which time, they'll play with your head
again anyway. Further, I haven't looked in a long time, but in
days of old, BIOS PWs could be circumvented by
removing/replacing the battery and/or shorting it out, but
today, the PW is probably in non-volatile memory.

--
ATM, aka Jerry

"Whether You Think You CAN Or CAN'T, You're Right." – Henry
Ford

Today Vanguard commented courteously on the subject at hand

Children establish their core beliefs and values, basic
opinions on life, politeness/rudeness, personality, attitude,
etc. very early in life. Many child psychologists say this
occurs as early as 7-8 and is firmly locked by 12. That is not
to say that kicking the kid's ass (and landing yourself in the
slammer!) can't change his "core beliefs and values") but if
he's a hacker now for fun or profit, the "real" punishment
isn't likely to last long. And, /NO/ PW nor /ANY/ super-duper
security utility will stop a teenager determined to put one
over on Daddy. Finally, Dad, should be on the lookout for
time-bombs planted on /his/ account that'll go off if Junior
is removed again.

It's a time-honored IT professionals way to detect when
they're about to be canned or actuall are - one of these
brought my companies entire non-technical IT system down for
an entire day back in 2001 when some low-level twit got laid
off and had code in the system to check every day to see if
his name was still on the active rolls. That is illegal, and
in the case of the dude I witnessed, subjected him to
termination instead of layoff, civil penalties and a criminal
indictment. But, how do you do /that/ to a 14-year-old?

Interesting debate, one which I see here and other places all
the time, and all based on the same premise - not having
mutual respect and trust for parent and child and attempts at
restricting their behavior just don't work.

--
ATM, aka Jerry

"Whether You Think You CAN Or CAN'T, You're Right." – Henry
Ford

Today =?Utf-8?B?bWlrZXNhbDA5MDI=?= commented courteously on
the subject at hand

establiish a good relationship with your child before trying to
twart his creative juices by computer tweaks. The former works,
the latter never will. No matter how many new twists you put in,
the more creative he'll become in cracking them. And, sooner or
later, he'll retaliate against /your/ user account.

--
ATM, aka Jerry

"Whether You Think You CAN Or CAN'T, You're Right." – Henry Ford

ok here's what u can try. first change ur admin password to something not
guessable by ur child lol! now basically a limited user can gain admin
access thru many ways but can also be restricted too in doin so.

first make sure your operating system resides on ntfs and not fat32 if ur on
fat32 use the convert command from dos to convert ur presnt partition to
ntfs without loosing data. this will add more security to ur system. type
convert/? in cmd to know how to.

now if there is an inherient admin account (builtin admin account) as so is
with many accounts and u are just another admin and not on built in account
u need to disable it or enable password go to control panel user accounts
and password protect it else anyont can do a alt ctrl del during start up
and login to admin account just by entering user name since no password.

the ntfs file system enable addin security also gives u the option of
restricting files to certain user like u can restrict the limited user from
writing into a certain os directory. with these settings enabled and
resetting his account back to limited user there is very little the user can
do or try to do to gain access. good luck

hope this helps...,

Umesh Thota
www.windowsworkshop.com


"mikesal0902" <mikesal0902@discussions.microsoft.com> wrote in message
news:C95D8DA8-243F-4FA5-A0FB-184285DFFEB0@microsoft.com...

Thota Umesh Wrote:
Also if the situation is as bad as it sounds I would urge you to lock
up the case of the PC (most have the ability to put a padlock on so
that if unscrewed if can't be taken apart unless unlocked) - if he has
the knowledge level it sounds like he has, he'll probably realise to
get around BIOS security all he has to do is remove the system battery
for 10 mins and hey presto, BIOS reset! Get it locked up so he can't
get to the battery!


--
Sjoram