If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Rate Thread | Display Modes |
#31
|
|||
|
|||
Windows 8.1 User accounts
On Sat, 20 Sep 2014 16:26:54 -0400, . . .winston wrote:
Gene E. Bloch wrote: On Sat, 20 Sep 2014 02:38:20 -0400, . . .winston wrote: Gene E. Bloch wrote: 1. You are right - my user account can change the Administrator password w/o knowledge of the current password. Was that user account was a standard user account ? No, it was an admin account. I didn't even bother with testing a standard account. Which then raises the question...if one wishes to keep other user's from changing things on a system, why not password protect the Admin account and create standard users accounts for the others. As I've done. The full Administrator account and the Administrator user are both PW protected. No one else will know those passwords. But note that I haven't done the experiment mentioned. It's reasonable to assume what you've assumed, but not demonstrated (by me ATM). And I am also not sure if that is good enough for Joe User. Anyway, I have another challenge right now, so I won't be doing it. -- Gene E. Bloch (Stumbling Bloch) |
Ads |
#32
|
|||
|
|||
Windows 8.1 User accounts
On 20/09/14 21:26, . . .winston wrote:
Gene E. Bloch wrote: On Sat, 20 Sep 2014 02:38:20 -0400, . . .winston wrote: Gene E. Bloch wrote: 1. You are right - my user account can change the Administrator password w/o knowledge of the current password. Was that user account was a standard user account ? No, it was an admin account. I didn't even bother with testing a standard account. Which then raises the question...if one wishes to keep other user's from changing things on a system, why not password protect the Admin account and create standard users accounts for the others. Here's the thing. It is possible to arrange things so that a normal user can elevate themselves to admin status. The circumstances are specific but it can be done. It appears to be the case that the default 'hardcoded' unprotected Administrator account exists for just such a purpose or so I have been told by a[n apparent] microsoft 'spokesman' on the support forum. I can arrange this in a way that doesn't really reflect the general state of affairs on a 'normal' system and I have been told that it is possible in, but have been unable to reproduce the situation in, more normal conditions. I'm still working on this and will post the results here in the hope of getting them validated. I have to say I find it hard to believe it's possible. -- Not confused, just ... bewildered |
#33
|
|||
|
|||
Windows 8.1 User accounts
Joe User wrote:
On 20/09/14 21:26, . . .winston wrote: Gene E. Bloch wrote: On Sat, 20 Sep 2014 02:38:20 -0400, . . .winston wrote: Gene E. Bloch wrote: 1. You are right - my user account can change the Administrator password w/o knowledge of the current password. Was that user account was a standard user account ? No, it was an admin account. I didn't even bother with testing a standard account. Which then raises the question...if one wishes to keep other user's from changing things on a system, why not password protect the Admin account and create standard users accounts for the others. Here's the thing. It is possible to arrange things so that a normal user can elevate themselves to admin status. The circumstances are specific but it can be done. It appears to be the case that the default 'hardcoded' unprotected Administrator account exists for just such a purpose or so I have been told by a[n apparent] microsoft 'spokesman' on the support forum. I can arrange this in a way that doesn't really reflect the general state of affairs on a 'normal' system and I have been told that it is possible in, but have been unable to reproduce the situation in, more normal conditions. I'm still working on this and will post the results here in the hope of getting them validated. I have to say I find it hard to believe it's possible. Joe, thanks for the those details. Have you a link for that support forum discussion with the apparent MSFT spokesman's comments ? -- ...winston msft mvp consumer apps |
#34
|
|||
|
|||
Windows 8.1 User accounts
On 21/09/14 07:05, . . .winston wrote:
Joe User wrote: On 20/09/14 21:26, . . .winston wrote: Gene E. Bloch wrote: On Sat, 20 Sep 2014 02:38:20 -0400, . . .winston wrote: Gene E. Bloch wrote: 1. You are right - my user account can change the Administrator password w/o knowledge of the current password. Was that user account was a standard user account ? No, it was an admin account. I didn't even bother with testing a standard account. Which then raises the question...if one wishes to keep other user's from changing things on a system, why not password protect the Admin account and create standard users accounts for the others. Here's the thing. It is possible to arrange things so that a normal user can elevate themselves to admin status. The circumstances are specific but it can be done. It appears to be the case that the default 'hardcoded' unprotected Administrator account exists for just such a purpose or so I have been told by a[n apparent] microsoft 'spokesman' on the support forum. I can arrange this in a way that doesn't really reflect the general state of affairs on a 'normal' system and I have been told that it is possible in, but have been unable to reproduce the situation in, more normal conditions. I'm still working on this and will post the results here in the hope of getting them validated. I have to say I find it hard to believe it's possible. Joe, thanks for the those details. Have you a link for that support forum discussion with the apparent MSFT spokesman's comments ? Of course, would you mind if I finished my discussion with him first? It might muddy the waters if others add comments. Give it 48 hours and I'll post the link, you can check the dates when you view the thread. -- Not confused, just ... bewildered |
#35
|
|||
|
|||
Windows 8.1 User accounts
On Sat, 20 Sep 2014 13:42:21 -0700, Gene E. Bloch wrote:
On Sat, 20 Sep 2014 16:26:54 -0400, . . .winston wrote: Gene E. Bloch wrote: On Sat, 20 Sep 2014 02:38:20 -0400, . . .winston wrote: Gene E. Bloch wrote: 1. You are right - my user account can change the Administrator password w/o knowledge of the current password. Was that user account was a standard user account ? No, it was an admin account. I didn't even bother with testing a standard account. Which then raises the question...if one wishes to keep other user's from changing things on a system, why not password protect the Admin account and create standard users accounts for the others. As I've done. The full Administrator account and the Administrator user are both PW protected. No one else will know those passwords. But note that I haven't done the experiment mentioned. It's reasonable to assume what you've assumed, but not demonstrated (by me ATM). And I am also not sure if that is good enough for Joe User. Anyway, I have another challenge right now, so I won't be doing it. OK, that other challenge is resolved (enough to do my task, but not finished), so I did the experiment. If I switch user to a Standard (non-Admin) user, I can change that user's password, but the dialog requires me to enter that user's existing password first. In that user's user-management Control Panel, I can choose to Manage another account, and I can click on Change Password there. But the dialog won't open unless I enter an Administrator password. I am presented with edit boxes to enter either the PW for the Administrator or the PW for an Administrator level account. So without knowing an Administrator's password, a Standard User is locked out of any other user's password dialog. Nonetheless, that Standard User *can* change an Administrator password if he knows at least one of those PWs to get in with. It could be worse :-) Joe User, are you reading this too? -- Gene E. Bloch (Stumbling Bloch) |
#36
|
|||
|
|||
Windows 8.1 User accounts
On Sun, 21 Sep 2014 15:58:07 -0700, Gene E. Bloch wrote:
Joe User, are you reading this too? Having read Joe User's latest thread, I now hope the answer is and remains "No". -- Gene E. Bloch (Stumbling Bloch) |
Thread Tools | |
Display Modes | Rate This Thread |
|
|