LS,

I'm responsible for student pc's here at the university
and we installed Xp for them this collegeyear for the
first time and they already managed to hack the local
administrator password. They probably use a Linux start-
up flop to manage this. Thus anybody know how to avoid
this?

Thanks for your answer

The easiest way to combat this is to rename the Administrator account to
something that looks like a normal user account, then to create a dummy
Administrator account with no priveleges and an impossibly complex password
(14+ characters including upper and lower case, numbers, and special
characters). Also, implement a strong password on the renamed admin account.
Also, enable temporary account lockout after 3 attempts.

You may also want to consider enabling auditing (it's off by default).

"Menthy Willems" > wrote in message
...
> LS,
>
> I'm responsible for student pc's here at the university
> and we installed Xp for them this collegeyear for the
> first time and they already managed to hack the local
> administrator password. They probably use a Linux start-
> up flop to manage this. Thus anybody know how to avoid
> this?
>
> Thanks for your answer

Greetings --

Without physical security, you have *no* security. If the
students have physical access to these computers, the only thing you
can do to slow down this sort of behavior is remove the floppy and CD
drives form the machines. A little adult supervision wouldn't hurt,
either. ;-}

Bruce Chambers

--
Help us help you:
http://dts-l.org/goodpost.htm
http://www.catb.org/~esr/faqs/smart-questions.html

You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH


"Menthy Willems" > wrote in
message ...
> LS,
>
> I'm responsible for student pc's here at the university
> and we installed Xp for them this collegeyear for the
> first time and they already managed to hack the local
> administrator password. They probably use a Linux start-
> up flop to manage this. Thus anybody know how to avoid
> this?
>
> Thanks for your answer

If someone has physical access, they own the computer.
Disable the floppy and CD drive.
Monitor them more closely.
There is no security without physical security.

Institute AND enforce strict policies on computer use.
People get fired quickly for the kind of actions you describe.
Something appropriate needs to happen or you will lose control of your
computers and never get it back.
Consider renaming the Administrator and creating another powerless
Administrator.
Place strong passwords on both, include a lockout after a specified
number of attempts..

--
Jupiter Jones [MVP]
An easier way to read newsgroup messages:
http://www.microsoft.com/windowsxp/pro/using/newsgroups/setup.asp
http://dts-l.org/index.html


"Menthy Willems" > wrote in
message ...
> LS,
>
> I'm responsible for student pc's here at the university
> and we installed Xp for them this collegeyear for the
> first time and they already managed to hack the local
> administrator password. They probably use a Linux start-
> up flop to manage this. Thus anybody know how to avoid
> this?
>
> Thanks for your answer

Might I recommend something like centurion guard or deep freeze, and a
strong admin password.

http://www.centurionguard.com/English.html
http://www.deepfreezeusa.com/index.htm


In the 2 years centurion guard it has been used on our campus we've had no
instances of people gaining local admin access. Even if they do there isn't
much they can do to the machines with admin access unless they figure out
how to unlock centurion guard. Since we have electronic version, no key to
lock pick that hasn't happened either.
--


Jeremy

"Menthy Willems" > wrote in message
...
> LS,
>
> I'm responsible for student pc's here at the university
> and we installed Xp for them this collegeyear for the
> first time and they already managed to hack the local
> administrator password. They probably use a Linux start-
> up flop to manage this. Thus anybody know how to avoid
> this?
>
> Thanks for your answer