A Windows XP help forum. PCbanter

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » PCbanter forum » Microsoft Windows 8 » Windows 8 Help Forum
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

Windows 8.1 user accounts, you have GOT to be kidding.



 
 
Thread Tools Rate Thread Display Modes
  #16  
Old September 22nd 14, 12:15 AM posted to alt.comp.os.windows-8
Gene E. Bloch[_2_]
external usenet poster
 
Posts: 7,485
Default Windows 8.1 user accounts, you have GOT to be kidding.

On Sun, 21 Sep 2014 17:31:45 +0100, Joe User wrote:

On 21/09/14 16:52, Dave wrote:
On Sun, 21 Sep 2014 12:52:18 +0100, Joe User wrote:

I once knew a guy who bought an expensive home with an elaborate security
system. However, setting the alarm each time he left the house was a pain
so he didn't bother.
One day he was robbed. Naturally he tried to sue the alarm company,
claiming that their system failed to protect him. The case is still in
litigation.


Your point being?


Obvious.

--
Gene E. Bloch (Stumbling Bloch)
Ads
  #17  
Old September 22nd 14, 12:23 AM posted to alt.comp.os.windows-8
Gene E. Bloch[_2_]
external usenet poster
 
Posts: 7,485
Default Windows 8.1 user accounts, you have GOT to be kidding.

On Sun, 21 Sep 2014 17:28:40 +0100, Joe User wrote:

From your restricted account ("standard non-admin account") whether it
has a password itself or not, you asked for elevated privileges, you
entered the Administrator's password to get elevated privileges, so you
got elevated privileges.


Incorrect, there is no need to enter the Administrator password as the
default embedded Administrator account does not have a password nor is
there any chance to add a password during install. I just wonder how may
people running Windows 8.1 know that their system is wide open like this.


Brief lesson in mathematical logic: members of the empty set have all
properties.

Hint: the missing password is a member of the empty set. Everyone knows
it.

--
Gene E. Bloch (Stumbling Bloch)
  #18  
Old September 22nd 14, 02:04 AM posted to alt.comp.os.windows-8
. . .winston
external usenet poster
 
Posts: 1,345
Default Windows 8.1 user accounts, you have GOT to be kidding.

Gene E. Bloch wrote:
On Sun, 21 Sep 2014 11:28:31 +0100, Joe User wrote:

Actually I think the solution is quite simple, put a password on the
hidden admin account.


Ça va sans dire...




I'm still failing to see why this thread has lasted so long without the
obvious being the best practice (password protect all Admin accounts)
then create as many standard accounts as necessary.



--
...winston
msft mvp consumer apps

  #19  
Old September 22nd 14, 03:32 AM posted to alt.comp.os.windows-8
Good Guy[_2_]
external usenet poster
 
Posts: 3,354
Default Windows 8.1 user accounts, you have GOT to be kidding.

On 21/09/2014 17:31, Joe User wrote:
On 21/09/14 16:52, Dave wrote:
On Sun, 21 Sep 2014 12:52:18 +0100, Joe User wrote:

I once knew a guy who bought an expensive home with an elaborate
security
system. However, setting the alarm each time he left the house was a
pain
so he didn't bother.
One day he was robbed. Naturally he tried to sue the alarm company,
claiming that their system failed to protect him. The case is still in
litigation.


Your point being?



The point is that if you have an administrator account, why do you not
password protect it? Don't you think it is stupid to keep that account
open? Administrator account aka the first account ever created on any
new windows XP, Windows 7 or Windows8 system, is always an administrator
account or a member of Admin group. Why do you keep it open? Explain to us.

Think about it.



  #20  
Old September 22nd 14, 07:05 AM posted to alt.comp.os.windows-8
Roderick Stewart
external usenet poster
 
Posts: 456
Default Windows 8.1 user accounts, you have GOT to be kidding.

On Mon, 22 Sep 2014 03:32:19 +0100, Good Guy
wrote:

The point is that if you have an administrator account,
why do you not password protect it? Don't you think it is
stupid to keep that account open? Administrator account
aka the first account ever created on any new windows XP,
Windows 7 or Windows8 system, is always an administrator
account or a member of Admin group. Why do you
keep it open? Explain to us


I think the OP was referring to a "hidden" admin account, which many
users wouldn't know about, or even expect.

Rod.
  #21  
Old September 22nd 14, 08:05 AM posted to alt.comp.os.windows-8
Joe User[_3_]
external usenet poster
 
Posts: 57
Default Windows 8.1 user accounts, you have GOT to be kidding.

On 22/09/14 00:14, Gene E. Bloch wrote:
On Sun, 21 Sep 2014 11:28:31 +0100, Joe User wrote:

Actually I think the solution is quite simple, put a password on the
hidden admin account.


Ça va sans dire...


Does it? How many everyday uninterested users know about this I wonder.


--
Not confused, just ... bewildered
  #22  
Old September 22nd 14, 08:17 AM posted to alt.comp.os.windows-8
Joe User[_3_]
external usenet poster
 
Posts: 57
Default Windows 8.1 user accounts, you have GOT to be kidding.

On 22/09/14 03:32, Good Guy wrote:
On 21/09/2014 17:31, Joe User wrote:
On 21/09/14 16:52, Dave wrote:
On Sun, 21 Sep 2014 12:52:18 +0100, Joe User wrote:

I once knew a guy who bought an expensive home with an elaborate
security
system. However, setting the alarm each time he left the house was a
pain
so he didn't bother.
One day he was robbed. Naturally he tried to sue the alarm company,
claiming that their system failed to protect him. The case is still in
litigation.


Your point being?



The point is that if you have an administrator account, why do you not
password protect it?


Well quite, perhaps you'd be better off asking M$ about this.

Don't you think it is stupid to keep that account
open?


Utterly stupid yes, remind me again where I said this was a good idea.

Administrator account aka the first account ever created on any
new windows XP, Windows 7 or Windows8 system, is always an administrator
account or a member of Admin group. Why do you keep it open?


I can't, I have no idea why it is possible to create an administrator
account without a password nor do I really understand *exactly* why a
hidden unprotected administrator account is required.

There is a *very specific* situation where it is a good idea to have an
unprotected admin account. Getting the system into this state requires a
fair bit of knowledge on the part of the user, if they have that level
of knowledge in the first place then I'd question their motives anyway.

All I can think of is that it's a way for a knowledgeable user to charge
$160.00 dollars or whatever to 'retrieve' a locked system.

Explain to us.


I wish I could, I was hoping someone could explain it to me.

Think about it.


Take your own advice, do your own research.


--
Not confused, just ... bewildered
  #23  
Old September 22nd 14, 08:46 AM posted to alt.comp.os.windows-8
Uncle Peter
external usenet poster
 
Posts: 119
Default Windows 8.1 user accounts, you have GOT to be kidding.

On Sun, 21 Sep 2014 12:52:18 +0100, Joe User wrote:

On 21/09/14 12:04, Uncle Peter wrote:
On Sun, 21 Sep 2014 11:28:31 +0100, Joe User wrote:

On 21/09/14 10:31, Joe User wrote:
On 21/09/14 10:29, Uncle Peter wrote:
On Sun, 21 Sep 2014 10:23:03 +0100, Joe User wrote:

I can't believe the following even though I have seen it with my own
eyes, surely I'm missing something.

From a clean install

*Create the standard admin account during setup, no password

*log into your standard account

*enable built in Administrator from elevated command prompt with net
user Administrator /active:yes

*Don't change users but change your standard admin to non admin

*disable built in Administrator from elevated command prompt with net
user Administrator /active:no

*sign out
You now have a standard non-admin account with no password (stupid I
know but bear with me)

*log in to standard non admin account

*from desktop WinKey + x

select elevated command prompt. You will be asked for an Administrator
password, leave the field blank and select yes
You now have an all powerful Administrator CLI that you can use to
enable the hidden Administrator account and do whatever you like.

!!!!!!!!!!
So, from an uprotected non-admin user account anyone can elevate
themselves to an all powerful Admin.
!!!!!!!!!!

Now with a password on the original account
reload clean install from saved virtualbox snapshot

*log into your standard account
*add a password in PC Settings
*sign out
*go to the log in screen

Now you need to take a slightly different approach

*click the power button
*hold down the shift key and select restart
*navigate to the safe boot mode (menu item 4)

now, you need to know your password,

*log into safe mode
*from desktop WinKey + x

select elevated command prompt. You will be asked for an Administrator
password, leave the field blank and select yes
You now have an all powerful Administrator CLI that you can use to
enable the hidden Administrator account and do whatever you like.

!!!!!!!!!!
So, from an password protected non-admin user account anyone who knows
the non-admin account password can elevate themselves to an all
powerful
Admin.
!!!!!!!!!!

This just can't be right can it???

Tell me I've missed something ... (yes I know that most of this can be
obviated by adding a password to the default admin account but I'd be
prepared to bet that most people don't know this).

So you managed to hack your own computer. Now tell me how you can use
this to hack someone else's, otherwise I fail to see what you achieved.

If you can't figure that out from the above I fail to see how I can help
you further. Probably better that you stick to your abacus.

Maybe that was a bit unfair, OK, here's the problem.

I'm a volunteer for a local charity. Recently we received a grant to
replace our aging equipment and got 4 spanky new computers running
Windows 8.1. A wide range of people have access to these machines
including the elderly, the homeless, the unemployed the disadvantaged,
dispossessed, and other groups on the outskirts of society. We have no
idea who's using the machines at any moment as I and the other
reasonably competent volunteer can't be there all the time. We *know*
someone has been trying to get into the guts of the things and now we
are beginning to understand how they might be doing it.

What is out solution?

A non admin account with no password is the most open solution we have
but as we can see, that leaves us wide open. A password protected non
admin account is the only other option but that also leaves us exposed.

Actually I think the solution is quite simple, put a password on the
hidden admin account.

Would that do the trick? well possibly but I'm no expert on Windows
security so I came here looking for advice.

Does that make things a bit cleared?


I can't remember, but aren't you prompted to put in a password for the
standard admin account when installing? Anything but a home PC where
everyone is trusted should have one. If you aren't prompted, then this
is a large glaring bug. You could report it to M$ but I doubt they'll
listen.


You are indeed prompted for a password but one is not *required*
personally I think this is an obvious security hole.

What ideally we want is a single non-admin user account with no password
required. We need as few obstacles as possible so people who are
completely unfamiliar with computers but unfortunately required by our
beloved government to have access to the interweb can get to the
interfaces without unnecessary problems.

If you leave the built in administrator unprotected you are wide open.
Just about anybody can promote themselves to an admin.

So, I think the answer is to password protect the built in administrator
account but make it active so we can access admin features. We can then
create an unprotected non-admin account and due to the fact that the
built in is protected and visible the non-admin will need to know the
built in password to elevate themselves to admin.

This is what I'm going to try.

Thanks to all who have contributed.


I don't call the requirement for an admin password a security hole. It depends on whether the machine is personal or public whether you'd want one.

--
Circular Definition: see Definition, Circular.
  #24  
Old September 22nd 14, 10:19 AM posted to alt.comp.os.windows-8
Joe User[_3_]
external usenet poster
 
Posts: 57
Default Windows 8.1 user accounts, you have GOT to be kidding.

On 22/09/14 08:46, Uncle Peter wrote:
On Sun, 21 Sep 2014 12:52:18 +0100, Joe User wrote:

On 21/09/14 12:04, Uncle Peter wrote:
On Sun, 21 Sep 2014 11:28:31 +0100, Joe User wrote:

On 21/09/14 10:31, Joe User wrote:
On 21/09/14 10:29, Uncle Peter wrote:
On Sun, 21 Sep 2014 10:23:03 +0100, Joe User wrote:

snip, snip, snip

I don't call the requirement for an admin password a security hole. It
depends on whether the machine is personal or public whether you'd want
one.


I do, most certainly, a gaping hole, particularly on a public computer
which as I have explained several times now is the situation I have to
deal with. I'm new to Windows 'security' as you can all probably tell so
this has come as quite a surprise to me. Now I know it's there I can
deal with it, I just wish I didn't have to. In circa 20 years of
installing and configuring *nix based systems I can't remember having
ever been presented with the opportunity to create any sort of
adminstrator (or sudoer) account without supplying some sort of
verifying credentials first.

I'm probably going to post a resume of what I have discovered so far, I
just need to triple check my facts.

--
Not confused, just ... bewildered
  #25  
Old September 22nd 14, 11:22 AM posted to alt.comp.os.windows-8
mechanic
external usenet poster
 
Posts: 1,064
Default Windows 8.1 user accounts, you have GOT to be kidding.

On Sun, 21 Sep 2014 17:28:40 +0100, Joe User wrote:

Incorrect, there is no need to enter the Administrator password as
the default embedded Administrator account does not have a
password nor is there any chance to add a password during
install. I just wonder how may people running Windows 8.1 know
that their system is wide open like this.


Is it not disabled by default? And can it be logged into remotely?
And is this any different to Windows XP/Vista/7 ?
  #26  
Old September 22nd 14, 12:44 PM posted to alt.comp.os.windows-8
Joe User[_3_]
external usenet poster
 
Posts: 57
Default Windows 8.1 user accounts, you have GOT to be kidding.

On 22/09/14 11:22, mechanic wrote:
On Sun, 21 Sep 2014 17:28:40 +0100, Joe User wrote:

Incorrect, there is no need to enter the Administrator password as
the default embedded Administrator account does not have a
password nor is there any chance to add a password during
install. I just wonder how may people running Windows 8.1 know
that their system is wide open like this.


Is it not disabled by default?


No, it's not, it's temporarily inactive.

On a machine with a single standard user account visible on the login
screen, password protected or not, all you need to do is boot in safe
mode and select command prompt(admin) from the relevant context menu.

A dialog pops up asking for a password, leave it blank, there isn't one,
and bingo, you're an admin.

Make the hidden Administrator account active with net user Administrator
/active:yes and sign out.

When you return to the login screen there is an unprotected
Administrator account there for you to use and abuse.

There is an issue with getting out of safe mode but it's a side issue to
the main subject.

The answer seems to put a password on the hidden Administrator account,
the thing is you have to know about it first, nothing in the install
sequence indicated such an account exists.

I'd be fascinated to see how you put a positive spin on this.

And can it be logged into remotely?


No idea, it's more about providing unfettered public access from the
chair in front of the screen. The larger network is operated by someone
else and they seem to know what they are doing, it's Linux based and
allowing rlogin would require a port opening on the firewall which is
about as likely as me winning the lottery. We are just hard wired via
Ethernet.

And is this any different to Windows XP/Vista/7 ?


Why do I care?


--
Not confused, just ... bewildered
  #27  
Old September 22nd 14, 12:52 PM posted to alt.comp.os.windows-8
Andy Burns[_3_]
external usenet poster
 
Posts: 399
Default Windows 8.1 user accounts, you have GOT to be kidding.

Joe User wrote:

I can't believe the following even though I have seen it with my own
eyes, surely I'm missing something.

*click the power button
*hold down the shift key and select restart


It requires physical access, so all bets are already off.


  #28  
Old September 22nd 14, 05:04 PM posted to alt.comp.os.windows-8
Good Guy[_2_]
external usenet poster
 
Posts: 3,354
Default Windows 8.1 user accounts, you have GOT to be kidding.

On 22/09/2014 07:05, Roderick Stewart wrote:
On Mon, 22 Sep 2014 03:32:19 +0100, Good Guy
wrote:

The point is that if you have an administrator account,
why do you not password protect it? Don't you think it is
stupid to keep that account open? Administrator account
aka the first account ever created on any new windows XP,
Windows 7 or Windows8 system, is always an administrator
account or a member of Admin group. Why do you
keep it open? Explain to us

I think the OP was referring to a "hidden" admin account, which many
users wouldn't know about, or even expect.

Rod.

Even if they knew about it, it is impossible to activate it without an
Administrator account!! The administrator account that can activate a
hidden Admin account is the first user account you create when you
install Windows for the first time. This first account SHOULD ALWAYS be
password protected. If you don't then you can't blame anybody except
yourself or whoever helped you to install Windows.

Even top brands systems from DELL or HP which comes with Windows
pre-installed should be password protected when you set them up for the
first time. DELL expects you to insert a password and I know this
because I buy DELL machines quite a lot.



  #29  
Old September 22nd 14, 05:07 PM posted to alt.comp.os.windows-8
Good Guy[_2_]
external usenet poster
 
Posts: 3,354
Default Windows 8.1 user accounts, you have GOT to be kidding.

On 22/09/2014 10:19, Joe User wrote:

I'm probably going to post a resume of what I have discovered so far,
I just need to triple check my facts.


When you do your research please make sure you cover how to activate the
hidden Admin Account as well because you can't without a USER account
with Admin privileges. When you have confirmed this post back if there
is another way round to activate the hidden account.
  #30  
Old September 22nd 14, 05:15 PM posted to alt.comp.os.windows-8
Good Guy[_2_]
external usenet poster
 
Posts: 3,354
Default Windows 8.1 user accounts, you have GOT to be kidding.

On 22/09/2014 12:44, Joe User wrote:

On a machine with a single standard user account visible on the login
screen, password protected or not, all you need to do is boot in safe
mode and select command prompt(admin) from the relevant context menu.


Have you tried this? I challenge you to login to my machine in safe
mode! I live and work in Central London so if you are around pop in and
I shall buy buy you a drink if you can get into my machine in safe
mode. I can provide Windows 7 and Windows 8 machines to test it out.

The only way you can do is to boot up the machine using using password
crackers and reset the Admin password but my machines can't be bootup
from USB or DVD drives because I have set it that way. First boot drive
is Hard disk. For network machines the setup is rather complex. The
boot drive is remote not HD!!






 




Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off






All times are GMT +1. The time now is 11:08 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004-2024 PCbanter.
The comments are property of their posters.