Compromise Security with XP Install

Discussion in 'Windows Desktop Systems' started by cruiser78, Feb 1, 2003.

  1. cruiser78

    cruiser78 Me

    Messages:
    235
    I was just thinking today that you can install XP (or do a repair install) overtop of the current install W/O having to give an admin password to veryify that it's ok for the install to happen.
    If you have XP Pro and use the security features to set permissions for directories, files, etc. and one of your users who wasn't an admin wanted to access a folder, etc that you denied access to then if they got their hands on your XP cd, they could reinstall (repair install) XP and make a new admin account (or use the Administrator account) to get at the folder, etc.
    I know that when your an admin and another admin denys access to a folder you can change it... I was playing around with my music folder and somehow locked my login from the folder... so since my account is an admin account I just reset myself as the owner and I could access it again... so if you have your protected data on another partition or drive they could do the same thing after reinstalling (repair installing) XP.

    Or they could just decide to trash the computer by doing a clean install and then delete the rest of it from your other partitions. :D

    Personally I think that if you want to try to install overtop of a current install... or repair it... that you should have to give the password for the Administrator account. That would make it a lot more secure.
     
  2. sboulema

    sboulema Moderator

    Messages:
    2,846
    Location:
    Amstelveen, The Netherlands
    you got a good point there, but there are so many ways to by-pass the password wihout reinstalling. :rolleyes: :blink:
     
  3. cruiser78

    cruiser78 Me

    Messages:
    235
    I don't know if agree with you on that... I'm just talking about XP here... and if you give everyone else who uses your computer "User" rights then they can't do much to change it... they can't even abort a system shutdown scheduled by an admin using shutdown.exe... (I just tried that to see if they could :))... and they can't change their access rights with only "User" privileges. So if the admin denies them access to a folder, etc. then they can't really do anything to get at it unless they reinstall XP... which they can do w/o a password.
    Or if the admin is dope, they can do the Kevin Mitnik thing and get the admin to tell them the password one way or another :D:p
     
  4. sboulema

    sboulema Moderator

    Messages:
    2,846
    Location:
    Amstelveen, The Netherlands
    you can change the password with a program on a linux bootdisk. I know it works tested it at school :):rolleyes: :p
     
  5. cruiser78

    cruiser78 Me

    Messages:
    235
    ahhh... i see... that's good to know. i didn't know that till now :)
    but still... the average user won't be able to get by a password w/o reinstalling...
    can you send me the bootdisk w/ that program? or upload somewhere so that I can download it? I'd be interested in checking that program out.
    thanks