We have set up a Dell PC running Windows XP Home as a Kiosk (i.e., public
PC). We set up a limited accont for guests and an Admin account for
ourselves. After few weeks we noticed that a new limited user account was
created. Is this possible without having access to an admin account? Is
there a known security issue that somebody exploited.

matt wrote:
> We have set up a Dell PC running Windows XP Home as a Kiosk (i.e., public
> PC). We set up a limited account for guests and an Admin account for
> ourselves. After few weeks we noticed that a new limited user account was
> created. Is this possible without having access to an admin account? Is
> there a known security issue that somebody exploited.

What was the username?
How did you secure the machine?
Have a BIOS password?

--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html

Thanks for your prompt reply Shenan. The username for the new account is "k"
without password. No, we do not have a BIOS Password.

"Shenan Stanley" wrote:

> matt wrote:
> > We have set up a Dell PC running Windows XP Home as a Kiosk (i.e., public
> > PC). We set up a limited account for guests and an Admin account for
> > ourselves. After few weeks we noticed that a new limited user account was
> > created. Is this possible without having access to an admin account? Is
> > there a known security issue that somebody exploited.
>
> What was the username?
> How did you secure the machine?
> Have a BIOS password?
>
> --
> Shenan Stanley
> MS-MVP
> --
> How To Ask Questions The Smart Way
> http://www.catb.org/~esr/faqs/smart-questions.html
>
>
>

matt wrote:
> We have set up a Dell PC running Windows XP Home as a Kiosk
> (i.e., public PC). We set up a limited account for guests and an
> Admin account for ourselves. After few weeks we noticed that a
> new limited user account was created. Is this possible without
> having access to an admin account? Is there a known security
> issue that somebody exploited.

Shenan Stanley wrote:
> What was the username?
> How did you secure the machine?
> Have a BIOS password?

matt wrote:
> Thanks for your prompt reply Shenan. The username for the new
> account is "k" without password. No, we do not have a BIOS
> Password.

No BIOS password?

Okay - how monitored by humans is this computer? Someone with a vested
interest in keeping it secure around all the time - watching it?

If not - 10 minutes, a little know how and someone could have the SAM file
and hack it at their leisure to get the local admin password.. Or they could
use another utility (booting from CD/floppy/USB) to change the admin
password, add a user or many, install whatever they want, elevate privs..
whatever.

--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html

Thanks alot. I greatly appreciate it.

"Shenan Stanley" wrote:

> matt wrote:
> > We have set up a Dell PC running Windows XP Home as a Kiosk
> > (i.e., public PC). We set up a limited account for guests and an
> > Admin account for ourselves. After few weeks we noticed that a
> > new limited user account was created. Is this possible without
> > having access to an admin account? Is there a known security
> > issue that somebody exploited.
>
> Shenan Stanley wrote:
> > What was the username?
> > How did you secure the machine?
> > Have a BIOS password?
>
> matt wrote:
> > Thanks for your prompt reply Shenan. The username for the new
> > account is "k" without password. No, we do not have a BIOS
> > Password.
>
> No BIOS password?
>
> Okay - how monitored by humans is this computer? Someone with a vested
> interest in keeping it secure around all the time - watching it?
>
> If not - 10 minutes, a little know how and someone could have the SAM file
> and hack it at their leisure to get the local admin password.. Or they could
> use another utility (booting from CD/floppy/USB) to change the admin
> password, add a user or many, install whatever they want, elevate privs..
> whatever.
>
> --
> Shenan Stanley
> MS-MVP
> --
> How To Ask Questions The Smart Way
> http://www.catb.org/~esr/faqs/smart-questions.html
>
>
>