A Windows XP help forum. PCbanter

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » PCbanter forum » Microsoft Windows 8 » Windows 8 Help Forum
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

Windows 8.1 user accounts, you have GOT to be kidding.



 
 
Thread Tools Rate Thread Display Modes
  #31  
Old September 22nd 14, 05:44 PM posted to alt.comp.os.windows-8
mechanic
external usenet poster
 
Posts: 1,064
Default Windows 8.1 user accounts, you have GOT to be kidding.

On Mon, 22 Sep 2014 12:44:33 +0100, Joe User wrote:

Is it not disabled by default?


No, it's not, it's temporarily inactive.

On a machine with a single standard user account visible on the
login screen, password protected or not, all you need to do is
boot in safe mode and select command prompt(admin) from the
relevant context menu.

A dialog pops up asking for a password, leave it blank, there
isn't one, and bingo, you're an admin.

Make the hidden Administrator account active with net user
Administrator /active:yes and sign out.


So, yes, it's disabled by default.
Ads
  #32  
Old September 22nd 14, 05:49 PM posted to alt.comp.os.windows-8
mechanic
external usenet poster
 
Posts: 1,064
Default Windows 8.1 user accounts, you have GOT to be kidding.

On Mon, 22 Sep 2014 12:44:33 +0100, Joe User wrote:

And is this any different to Windows XP/Vista/7 ?


Why do I care?


It's just a question - I wondered if this behaviour was unique to
Windows 8.1 as the subject line implies. If not there's most likely
a misunderstanding of the security model somewhere. The
Administrator account has been there at least since XP.
  #33  
Old September 22nd 14, 05:51 PM posted to alt.comp.os.windows-8
mechanic
external usenet poster
 
Posts: 1,064
Default Windows 8.1 user accounts, you have GOT to be kidding.

On Mon, 22 Sep 2014 17:15:40 +0100, Good Guy wrote:

my machines can't be bootup from USB or DVD drives because I have
set it that way.


Another important precaution for admins of kiosk type machines!
  #34  
Old September 22nd 14, 05:51 PM posted to alt.comp.os.windows-8
felmon
external usenet poster
 
Posts: 68
Default Windows 8.1 user accounts, you have GOT to be kidding.

On Mon, 22 Sep 2014 10:19:46 +0100, Joe User wrote:

In circa 20 years of
installing and configuring *nix based systems I can't remember having
ever been presented with the opportunity to create any sort of
adminstrator (or sudoer) account without supplying some sort of
verifying credentials first.


I thought with the exceptions of Puppy Linux and Knoppix? I seem to
recall they run as root. but I guess one is advised against actually
installing the latter, not sure about the former.

are you saying that in Windows someone can get admin privileges if the
person who installed it did not set a password for admin? and that this
may happen because the install doesn't insist on setting an admin
password (thus the untutored may be unaware of the hazard)?

F.
  #35  
Old September 22nd 14, 05:54 PM posted to alt.comp.os.windows-8
felmon
external usenet poster
 
Posts: 68
Default Windows 8.1 user accounts, you have GOT to be kidding.

On Mon, 22 Sep 2014 11:51:12 -0500, felmon wrote:

On Mon, 22 Sep 2014 10:19:46 +0100, Joe User wrote:

In circa 20 years of
installing and configuring *nix based systems I can't remember having
ever been presented with the opportunity to create any sort of
adminstrator (or sudoer) account without supplying some sort of
verifying credentials first.


I thought with the exceptions of Puppy Linux and Knoppix? I seem to
recall they run as root. but I guess one is advised against actually
installing the latter, not sure about the former.

are you saying that in Windows someone can get admin privileges if the
person who installed it did not set a password for admin? and that this
may happen because the install doesn't insist on setting an admin
password (thus the untutored may be unaware of the hazard)?


scratch the last paragraph as you clarified things (again) down-thread.

F.

  #36  
Old September 22nd 14, 06:46 PM posted to alt.comp.os.windows-8
Joe User[_3_]
external usenet poster
 
Posts: 57
Default Windows 8.1 user accounts, you have GOT to be kidding.

On 22/09/14 17:44, mechanic wrote:
On Mon, 22 Sep 2014 12:44:33 +0100, Joe User wrote:

Is it not disabled by default?


No, it's not, it's temporarily inactive.

On a machine with a single standard user account visible on the
login screen, password protected or not, all you need to do is
boot in safe mode and select command prompt(admin) from the
relevant context menu.

A dialog pops up asking for a password, leave it blank, there
isn't one, and bingo, you're an admin.

Make the hidden Administrator account active with net user
Administrator /active:yes and sign out.


So, yes, it's disabled by default.


If you say so.


--
Not confused, just ... bewildered
  #37  
Old September 22nd 14, 07:33 PM posted to alt.comp.os.windows-8
Caver1
external usenet poster
 
Posts: 335
Default Windows 8.1 user accounts, you have GOT to be kidding.

On 09/22/2014 12:51 PM, felmon wrote:
On Mon, 22 Sep 2014 10:19:46 +0100, Joe User wrote:

In circa 20 years of
installing and configuring *nix based systems I can't remember having
ever been presented with the opportunity to create any sort of
adminstrator (or sudoer) account without supplying some sort of
verifying credentials first.


I thought with the exceptions of Puppy Linux and Knoppix? I seem to
recall they run as root. but I guess one is advised against actually
installing the latter, not sure about the former.


Linux does not set up a root root account by default. You can only
elevate to root temporarily. You can set up a root account and run as
root but that is not recommended. Only the user set up on installation
has the ability to be elevated to root. When elevated to root in Linux
you can enable anyother user to temporarily elevate to root and can
limit that user to specific programs when elevated to root.

are you saying that in Windows someone can get admin privileges if the
person who installed it did not set a password for admin? and that this
may happen because the install doesn't insist on setting an admin
password (thus the untutored may be unaware of the hazard)?

F.



--
Caver1
  #38  
Old September 22nd 14, 07:49 PM posted to alt.comp.os.windows-8
Uncle Peter
external usenet poster
 
Posts: 119
Default Windows 8.1 user accounts, you have GOT to be kidding.

On Mon, 22 Sep 2014 10:19:46 +0100, Joe User wrote:

On 22/09/14 08:46, Uncle Peter wrote:
On Sun, 21 Sep 2014 12:52:18 +0100, Joe User wrote:

On 21/09/14 12:04, Uncle Peter wrote:
On Sun, 21 Sep 2014 11:28:31 +0100, Joe User wrote:

On 21/09/14 10:31, Joe User wrote:
On 21/09/14 10:29, Uncle Peter wrote:
On Sun, 21 Sep 2014 10:23:03 +0100, Joe User wrote:

snip, snip, snip

I don't call the requirement for an admin password a security hole. It
depends on whether the machine is personal or public whether you'd want
one.


I do, most certainly, a gaping hole, particularly on a public computer
which as I have explained several times now is the situation I have to
deal with. I'm new to Windows 'security' as you can all probably tell so
this has come as quite a surprise to me. Now I know it's there I can
deal with it, I just wish I didn't have to. In circa 20 years of
installing and configuring *nix based systems I can't remember having
ever been presented with the opportunity to create any sort of
adminstrator (or sudoer) account without supplying some sort of
verifying credentials first.

I'm probably going to post a resume of what I have discovered so far, I
just need to triple check my facts.


But on a public computer anyone with at least two brain cells would have entered an admin password when setting it up.

--
"With god all things are possible" - yes: war, famine, pestilence, suffering, ..... -- Dave Moorman 2013
  #39  
Old September 22nd 14, 07:50 PM posted to alt.comp.os.windows-8
Joe User[_3_]
external usenet poster
 
Posts: 57
Default Windows 8.1 user accounts, you have GOT to be kidding.

On 22/09/14 17:04, Good Guy wrote:
On 22/09/2014 07:05, Roderick Stewart wrote:
On Mon, 22 Sep 2014 03:32:19 +0100, Good
wrote:

The point is that if you have an administrator account,
why do you not password protect it? Don't you think it is
stupid to keep that account open? Administrator account
aka the first account ever created on any new windows XP,
Windows 7 or Windows8 system, is always an administrator
account or a member of Admin group. Why do you
keep it open? Explain to us

I think the OP was referring to a "hidden" admin account, which many
users wouldn't know about, or even expect.

Rod.

Even if they knew about it, it is impossible to activate it without an
Administrator account!!


Rubbish

The administrator account that can activate a
hidden Admin account is the first user account you create when you
install Windows for the first time.


Rubbish

This first account SHOULD ALWAYS be
password protected. If you don't then you can't blame anybody except
yourself or whoever helped you to install Windows.


Listen, I have no axe to grind WRT Windows, really.
Do you run VirtualBox or vmware or whatever? if you do try this.

Install Windows 8.1

At the right time in the install process create the required admin user
and assign a password.

On completion you should be taken straight to the Metro interface, if
not log into your password protected 'created during install admin account'.

You are now logged in as an admin.

I think we can agree on this.

Now to test this out you need to convert your
'created during install Administrator account'
to a standard non-admin account.

You can't just convert it as if you try you get a message saying you
can't as there would then be no Administrator account on the system
so you have to temporarily enable the hidden unprotected admin account

Get an elevated command prompt
issue net user Administrator /active:yes
leave the command prompt open
You are still logged in to the 'created during install Administrator
account' but now you can change your 'created during install
Administrator account' to a standard non admin one.

go back to the command prompt
issue net user Administrator /active:no
log out.

When you log in again you have a single, standard, non-user log in icon
to check that all OK, log into your now non admin user account.
Try to get an elevated command prompt, you can't you are not an admin.
log out.

Do we now agree that we have a system in front of us with a single
available non-admin account and nothing else?

This is the situation we need. I've explained why several times before
but for the last time.

==================== We need this situation because ================
We help people with learning difficulties, mental illness, the
dispossessed, recovering addicts, recently released prisoners, the
elderly and confused, the homeless and so on. Actually we don't even
want a password on the standard account as it's a challenge for some
people just to get to where we are, the last thing they need is to be
unable to get to their email because nobody knows the password.
================================ end ================================

Good, now click the power button.
hold down shift and select restart.

navigate the maze and select 4 to boot into safe mode.

Do we agree that we are now logged in in safe mode with a standard non
admin account?

Good.

Now, select elevated command prompt.
A dialog pops up asking you to enter the Administrator password for the
hidden admin account, only thing is *there isn't one* so just click yes.
Bingo, even though you are still logged in as a non-admin standard user
you have a 'Admin powered command prompt'

Let's see if we agree.

We are now logged in as a standard non-admin user yet here we are
presented with an 'Admin powered command prompt' I don't know about you
but this concerns me somewhat (to say the least)

Now you have any number of options.

What I did was

Select elevated command prompt
click yes whan asked to enter Administrator password (remember, it
doesn't have one)

To activate(make visible to log in) the hidden account
issue net user Administrator /active:yes

The next command is just a bit of flummery, if I don't do this I'm still
in safe mode when I restart

From your 'logged in as standard user but with an Admin powered command
promp' command prompt issue

bcdedit /set {default} bootmenupolicy standard

sign out
shut down

start up
You now have two log in icons, one for your original, converted from
admin standard user account and one for a (still) unprotected
Administrator account.

QED

Even top brands systems from DELL or HP which comes with Windows
pre-installed should be password protected when you set them up for the
first time. DELL expects you to insert a password and I know this
because I buy DELL machines quite a lot.


I just fdisk my new laptops so I couldn't say
But the charity got theirs from a large reputable supplier configured as
above.

Go figure.

--
Not confused, just ... bewildered
  #40  
Old September 22nd 14, 07:54 PM posted to alt.comp.os.windows-8
Joe User[_3_]
external usenet poster
 
Posts: 57
Default Windows 8.1 user accounts, you have GOT to be kidding.

On 22/09/14 19:33, Caver1 wrote:
On 09/22/2014 12:51 PM, felmon wrote:
On Mon, 22 Sep 2014 10:19:46 +0100, Joe User wrote:

In circa 20 years of
installing and configuring *nix based systems I can't remember having
ever been presented with the opportunity to create any sort of
adminstrator (or sudoer) account without supplying some sort of
verifying credentials first.


I thought with the exceptions of Puppy Linux and Knoppix? I seem to
recall they run as root. but I guess one is advised against actually
installing the latter, not sure about the former.


Linux does not set up a root root account by default.


Not so, several Linux based distributions I have experience of have a
default root account with no password. A standard user is created on
install and protected with a compulsory password, this user is added to
sudoers

When you log in as a sudoer you can enable the root account with sudo
passwd root.

You can only
elevate to root temporarily. You can set up a root account and run as
root but that is not recommended. Only the user set up on installation
has the ability to be elevated to root.


Incorrect, any account can be added to sudoers


--
Not confused, just ... bewildered
  #41  
Old September 22nd 14, 09:07 PM posted to alt.comp.os.windows-8
Char Jackson
external usenet poster
 
Posts: 10,449
Default Windows 8.1 user accounts, you have GOT to be kidding.

On Mon, 22 Sep 2014 19:50:08 +0100, Joe User wrote:

This is the situation we need. I've explained why several times before
but for the last time.

==================== We need this situation because ================
We help people with learning difficulties, mental illness, the
dispossessed, recovering addicts, recently released prisoners, the
elderly and confused, the homeless and so on. Actually we don't even
want a password on the standard account as it's a challenge for some
people just to get to where we are, the last thing they need is to be
unable to get to their email because nobody knows the password.
================================ end ================================


Any additional consideration for kiosk mode? It sounds like it might be
exactly what you need since it provides very limited access to the machine
itself, while allowing access to specific application(s).

If it's not a good fit, I'll stop suggesting it.

  #42  
Old September 22nd 14, 09:31 PM posted to alt.comp.os.windows-8
Joe User[_3_]
external usenet poster
 
Posts: 57
Default Windows 8.1 user accounts, you have GOT to be kidding.

On 22/09/14 21:07, Char Jackson wrote:
On Mon, 22 Sep 2014 19:50:08 +0100, Joe User wrote:

This is the situation we need. I've explained why several times before
but for the last time.

==================== We need this situation because ================
We help people with learning difficulties, mental illness, the
dispossessed, recovering addicts, recently released prisoners, the
elderly and confused, the homeless and so on. Actually we don't even
want a password on the standard account as it's a challenge for some
people just to get to where we are, the last thing they need is to be
unable to get to their email because nobody knows the password.
================================ end ================================


Any additional consideration for kiosk mode? It sounds like it might be
exactly what you need since it provides very limited access to the machine
itself, while allowing access to specific application(s).

If it's not a good fit, I'll stop suggesting it.


No, it's fine, you are right to remind me. I don't know anything about
kiosk mode ATM, I've been too busy. What I have read seems to limit to
one application, our clients need Open Office for their cvs, Firefox for
their browser to access the government portal, claim benefits etc.
I will look at it, can we have more that one application in kiosk mode?

We're also trying to help people understand things like the filesystem,
path, folders etc so we need the file mangler as well :-) some of them
are so engaged they want to get their own machines but it's difficult
when they don't even have anywhere safe to sleep at night.

Life can be a ****storm for some of these folks, we just do our bit.

I WILL look at it in some detail as soon as I get time.

Thanks for the reminder


--
Not confused, just ... bewildered
  #43  
Old September 23rd 14, 04:53 AM posted to alt.comp.os.windows-8
. . .winston
external usenet poster
 
Posts: 1,345
Default Windows 8.1 user accounts, you have GOT to be kidding.

Joe User wrote:
On 22/09/14 00:14, Gene E. Bloch wrote:
On Sun, 21 Sep 2014 11:28:31 +0100, Joe User wrote:

Actually I think the solution is quite simple, put a password on the
hidden admin account.


Ça va sans dire...


Does it? How many everyday uninterested users know about this I wonder.


How many uninterested users actually care.

You wrote:
qp
I'm a volunteer for a local charity. Recently we received a grant to
replace our aging equipment and got 4 spanky new computers running
Windows 8.1. A wide range of people have access to these machines
including the elderly, the homeless, the unemployed the disadvantaged,
dispossessed, and other groups on the outskirts of society. We have no
idea who's using the machines at any moment as I and the other
reasonably competent volunteer can't be there all the time. We *know*
someone has been trying to get into the guts of the things and now we
are beginning to understand how they might be doing it.
/qp

What every you can do with admin account (first Windows 8x admin created
or real admin enabled by an admin account) when both admin accounts have
strong password protection is of little consequence if all subsequent
accounts for those who have access are standard accounts.

All you've proven is the ability to change an admin account with or
without a password by another admin or elevated privelege access.
Protect both admin accounts.

MSFT isn't going to change anything....or would you feel better if the
hidden admin account was given a default password which everybody on the
internet would know in 2 sec.

Bottom line, its your responsibility to to configure passwords for all
admin account before creating standard accounts for use.


--
...winston
msft mvp consumer apps

  #44  
Old September 23rd 14, 06:40 AM posted to alt.comp.os.windows-8
felmon
external usenet poster
 
Posts: 68
Default Windows 8.1 user accounts, you have GOT to be kidding.

On Mon, 22 Sep 2014 19:54:25 +0100, Joe User wrote:

Not so, several Linux based distributions I have experience of have a
default root account with no password. A standard user is created on
install and protected with a compulsory password, this user is added to
sudoers


again, I think you run Knoppix as root but Knoppix is not meant to be
installed, it's more for trying out hardware or doing some kind of damage
control. (I once did install it and it was neat but (as I recall) there
were few mechanisms for updating.)

puppy linux runs as root by default if I understand alright; see http://
www.puppylinux.com/technical/root.htm

F.
  #45  
Old September 23rd 14, 07:18 AM posted to alt.comp.os.windows-8
Joe User[_3_]
external usenet poster
 
Posts: 57
Default Windows 8.1 user accounts, you have GOT to be kidding.

On 23/09/14 04:53, . . .winston wrote:
Joe User wrote:
On 22/09/14 00:14, Gene E. Bloch wrote:
On Sun, 21 Sep 2014 11:28:31 +0100, Joe User wrote:

Actually I think the solution is quite simple, put a password on the
hidden admin account.

Ça va sans dire...


Does it? How many everyday uninterested users know about this I wonder.


How many uninterested users actually care.


Well quite, or to put it another way, what you don't know can't hurt you
eh?

Well that I'm afraid is a very *dangerous attitude* and is guaranteed to
expose you to all manner of nasty little spooks and goblins.

snipped irrelevant quote

What every you can do with admin account (first Windows 8x admin created
or real admin enabled by an admin account) when both admin accounts have
strong password protection is of little consequence if all subsequent
accounts for those who have access are standard accounts.

All you've proven is the ability to change an admin account with or
without a password by another admin or elevated privelege access.


No, what I proved is that it is possible to elevate a standard user to
an admin user in certain circumstances with very little effort. This is
quite different to what you describe, then I looked at your sig and it
all became clear.

Protect both admin accounts.


Already done, as I have explained before, but you need to know they
exist first don't you?

MSFT isn't going to change anything....


ICGAF, I haven't used Windows personally for years and this is hardly
going to convince me that I should start now.

or would you feel better if the
hidden admin account was given a default password which everybody on the
internet would know in 2 sec.


Now *that* would be almost as stupid as leaving an open Administrator
account lying around wouldn't it? Far better to require the addition of
a password to this hidden account at install time, but then it wouldn't
be hidden would it? The more I think about this the more I question the
real purpose of this gaping hole.

Bottom line, its your responsibility to to configure passwords for all
admin account before creating standard accounts for use.


You are (possibly deliberately) missing the point. How can you protect
an account if you don't know it exists?

So, the 'bottom line' is that nothing will ever convince me that
allowing a hidden, unprotected Administrator account is anything but a
*very bad idea* indeed. In fact I am now so unconvinced of the integrity
of our machines that I'm seriously considering wiping them, installing a
secure(er) Operating System and running this Windows 8.1 security
nightmare in a virtual machine.

Putting on my tinfoil hat, I can't in all honesty sit there and advise
people on how to log in to their e-mail when I have no idea who's watching.

Hidden open Administrator account idea? ... 0/10 from me.


--
Not confused, just ... bewildered
 




Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off






All times are GMT +1. The time now is 12:29 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004-2024 PCbanter.
The comments are property of their posters.