An easy hack for resetting the Administrator password in XP/Win7

veritas_libertas

Anyone seen this before?

Forgot administrator password? The Sticky Keys trick - 4sysops

earweed

Never seen it before. Could have used it a while back but it was actually easier reimaging the computer I was working on. I'm gonna bookmark that page just for future reference.

Paul Boz

Pretty neat. It says "you don't need third party software" but you do need some type of media (in this case, Windows PE). I’d just download a 100kb Konboot .ISO and be done with it 

veritas_libertas

earweed wrote: »

Never seen it before. Could have used it a while back but it was actually easier reimaging the computer I was working on. I'm gonna bookmark that page just for future reference.

LOL, I'm actually looking at as a security issue more than fix-it trick

earweed

veritas_libertas wrote: »

LOL, I'm actually looking at as a security issue more than fix-it trick

Didn't think of it that way. It could be a real security issue.

rfult001

Nice. What measures can one really put in place to prevent anything like this? Other than physical barriers.

wedge1988

you'd have to use the tools given to you. ie. Use a gpo to disable the local admin account. Mess with the local accounts.

Disable booting from CD in bios? If you use winPE via network boot then password protect winPE.

Sounds simple, usually a git always finds something to break.

kalebksp

Number 3 on the 10 Immutable Laws of Security:

"If a bad guy has unrestricted physical access to your computer, it's not your computer anymore"

docrice

kalebksp wrote: »

"If a bad guy has unrestricted physical access to your computer, it's not your computer anymore"

This.

Once physical access is had, it's pretty much game over. All you can do is have enough barriers already in place to discourage someone from performing an offline attack.

veritas_libertas

Could this be prevented by using Software Restriction Policies?

rwwest7

There are much easier ways than this, but all it gets them is local admin rights. Which in a properly set up domain doesn't mean a whole hill of beans.

dynamik

rwwest7 wrote: »

Which in a properly set up domain doesn't mean a whole hill of beans.

I've done this on domain controllers. If you run a whoami you'll see that you're SYSTEM, not a local admin.

wd40

rfult001 wrote: »

Nice. What measures can one really put in place to prevent anything like this? Other than physical barriers.

use EFS, Bitlocker, Safeboot, truecrypt etc

with EFS Even if they manage to reset the admin account they will not be able to read any of your data files easily

earweed

wd40 wrote: »

use EFS, Bitlocker, Safeboot, truecrypt etc

with EFS Even if they manage to reset the admin account they will not be able to read any of your data files easily

a quote from the article

Please note that resetting the password from an account other than the corresponding user account always means that the user loses the credentials stored in the Windows Vault, stored Internet Explorer passwords, and files that you encrypted with the Encrypting File System (EFS).