Thread: Windows 8.1 user accounts, you have GOT to be kidding.
View Single Post
  #8  
Old September 21st 14, 03:52 PM posted to alt.comp.os.windows-8
VanguardLH[_2_]
external usenet poster
  
Posts: 10,881
Default Windows 8.1 user accounts, you have GOT to be kidding.
Joe User wrote:

From a clean install

* Create the standard admin account during setup, no password
* log into your standard account
* enable built in Administrator from elevated command prompt with
net user Administrator /active:yes
* Don't change users but change your standard admin to non admin
* disable built in Administrator from elevated command prompt with net
user Administrator /active:no
* sign out

You now have a standard non-admin account with no password (stupid I
know but bear with me)

* log in to standard non admin account
* from desktop WinKey + x
select elevated command prompt. You will be asked for an
Administrator password, leave the field blank and select yes
You now have an all powerful Administrator CLI that you can use to
enable the hidden Administrator account and do whatever you like.

So, from an uprotected non-admin user account anyone can elevate
themselves to an all powerful Admin.

Now with a password on the original account
reload clean install from saved virtualbox snapshot

* log into your standard account
* add a password in PC Settings
* sign out
* go to the log in screen

Now you need to take a slightly different approach

* click the power button
* hold down the shift key and select restart
* navigate to the safe boot mode (menu item 4)

now, you need to know your password,

* log into safe mode
* from desktop WinKey + x
select elevated command prompt. You will be asked for an
Administrator password, leave the field blank and select yes
You now have an all powerful Administrator CLI that you can use to
enable the hidden Administrator account and do whatever you like.

So, from an password protected non-admin user account anyone who knows
the non-admin account password can elevate themselves to an all powerful
Admin.

This just can't be right can it???

Tell me I've missed something ... (yes I know that most of this can be
obviated by adding a password to the default admin account but I'd be
prepared to bet that most people don't know this).

From your restricted account ("standard non-admin account") whether it
has a password itself or not, you asked for elevated privileges, you
entered the Administrator's password to get elevated privileges, so you
got elevated privileges.

That you, the administrator of that host, decided to leave blank the
password for the Administrator account was your choice to leave open
that account's use for any account to elevate its privileges. A host
with a blank password for the Administrator account is highly vulnerable
to virus, trojan, hacker, and user abuse.
Ads