Thread: Windows 8.1 user accounts, you have GOT to be kidding.
View Single Post
  #1  
Old September 21st 14, 10:23 AM posted to alt.comp.os.windows-8
Joe User[_3_]
external usenet poster
  
Posts: 57
Default Windows 8.1 user accounts, you have GOT to be kidding.
I can't believe the following even though I have seen it with my own
eyes, surely I'm missing something.

From a clean install

*Create the standard admin account during setup, no password

*log into your standard account

*enable built in Administrator from elevated command prompt with net
user Administrator /active:yes

*Don't change users but change your standard admin to non admin

*disable built in Administrator from elevated command prompt with net
user Administrator /active:no

*sign out
You now have a standard non-admin account with no password (stupid I
know but bear with me)

*log in to standard non admin account

*from desktop WinKey + x

select elevated command prompt. You will be asked for an Administrator
password, leave the field blank and select yes
You now have an all powerful Administrator CLI that you can use to
enable the hidden Administrator account and do whatever you like.

!!!!!!!!!!
So, from an uprotected non-admin user account anyone can elevate
themselves to an all powerful Admin.
!!!!!!!!!!

Now with a password on the original account
reload clean install from saved virtualbox snapshot

*log into your standard account
*add a password in PC Settings
*sign out
*go to the log in screen

Now you need to take a slightly different approach

*click the power button
*hold down the shift key and select restart
*navigate to the safe boot mode (menu item 4)

now, you need to know your password,

*log into safe mode
*from desktop WinKey + x

select elevated command prompt. You will be asked for an Administrator
password, leave the field blank and select yes
You now have an all powerful Administrator CLI that you can use to
enable the hidden Administrator account and do whatever you like.

!!!!!!!!!!
So, from an password protected non-admin user account anyone who knows
the non-admin account password can elevate themselves to an all powerful
Admin.
!!!!!!!!!!

This just can't be right can it???

Tell me I've missed something ... (yes I know that most of this can be
obviated by adding a password to the default admin account but I'd be
prepared to bet that most people don't know this).

--
Not confused, just ... bewildered
Ads