Help: Avoid admin password acking

[Guest]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Dear all,

We are deploying to our worldwilde customers a set of application which is
installed on an standard industrial PC (we are delivery the same PC to all
our customer).

The system need to be stable and fully functionnal 24h/day.
For that we have issue a deployement security policy which is as follow:
- Administrator user has been rename to something else
- our customers can update any program on the system
- our customers can not install any windows update
- our customers cannot coonect the PC to they company Domain Controler
- Administrator password is know only by us for maintenance purpose

With this rules in place, we have a really stable and fully tested known
environment.
This to avoid library conflict as every developer is faced on each time

Unfortunatly, we have some customer which managed to hack administrator
password either by knowing it or by resetting it.

As far as I know tools that can be found on the internet can just reset the
password, or is there some which are able to show in clear text passwords?

If this occurs, which procedure can I put it place in order to block my
application if administartor password is changed ?

thnaks helping me to solve that issue
regard
serge

 

[Malke]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

serge calderara wrote:

> Dear all,
>
> We are deploying to our worldwilde customers a set of application
> which is installed on an standard industrial PC (we are delivery the
> same PC to all our customer).
>
> The system need to be stable and fully functionnal 24h/day.
> For that we have issue a deployement security policy which is as
> follow:
> - Administrator user has been rename to something else
> - our customers can update any program on the system
> - our customers can not install any windows update
> - our customers cannot coonect the PC to they company Domain
> Controler - Administrator password is know only by us for maintenance
> purpose
>
> With this rules in place, we have a really stable and fully tested
> known environment.
> This to avoid library conflict as every developer is faced on each
> time
>
> Unfortunatly, we have some customer which managed to hack
> administrator password either by knowing it or by resetting it.
>
> As far as I know tools that can be found on the internet can just
> reset the password, or is there some which are able to show in clear
> text passwords?
>
> If this occurs, which procedure can I put it place in order to block
> my application if administartor password is changed ?

I read your post as you saying that the issue is with the password to
your application and not to Windows. Obviously you know that any
operating system password can be changed by a skilled person with a
little time and physical access to the machine. You will need to
contact the developers of your application and ask them to code in the
functionality (not starting if the password isn't the expected one) you
want. This isn't a Windows issue.

Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User

 

[Guest]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

I was in fact wondering if there was a possibility with a windows function
like script or special tips to overwrite password at startup before the login.
and of course just before security policies gets collected

I was imagininga kind of low level script which always run which will always
overwrite default admin password.

Am I saying something crazy ?


"Malke" wrote:

> serge calderara wrote:
>
> > Dear all,
> >
> > We are deploying to our worldwilde customers a set of application
> > which is installed on an standard industrial PC (we are delivery the
> > same PC to all our customer).
> >
> > The system need to be stable and fully functionnal 24h/day.
> > For that we have issue a deployement security policy which is as
> > follow:
> > - Administrator user has been rename to something else
> > - our customers can update any program on the system
> > - our customers can not install any windows update
> > - our customers cannot coonect the PC to they company Domain
> > Controler - Administrator password is know only by us for maintenance
> > purpose
> >
> > With this rules in place, we have a really stable and fully tested
> > known environment.
> > This to avoid library conflict as every developer is faced on each
> > time
> >
> > Unfortunatly, we have some customer which managed to hack
> > administrator password either by knowing it or by resetting it.
> >
> > As far as I know tools that can be found on the internet can just
> > reset the password, or is there some which are able to show in clear
> > text passwords?
> >
> > If this occurs, which procedure can I put it place in order to block
> > my application if administartor password is changed ?
>
> I read your post as you saying that the issue is with the password to
> your application and not to Windows. Obviously you know that any
> operating system password can be changed by a skilled person with a
> little time and physical access to the machine. You will need to
> contact the developers of your application and ask them to code in the
> functionality (not starting if the password isn't the expected one) you
> want. This isn't a Windows issue.
>
> Malke
> --
> Elephant Boy Computers
> www.elephantboycomputers.com
> "Don't Panic!"
> MS-MVP Windows - Shell/User
>

 

[Malke]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

serge calderara wrote:

> I was in fact wondering if there was a possibility with a windows
> function like script or special tips to overwrite password at startup
> before the login. and of course just before security policies gets
> collected
>
> I was imagininga kind of low level script which always run which will
> always overwrite default admin password.
>
> Am I saying something crazy ?
>
Again, are you referring to the password for Windows or the password for
your proprietary application? Don't you have a similar thread with lots
of answers going in another newsgroup? I seem to remember a posting
from you, perhaps in microsoft.public.security?

Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User

 

[Guest]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Yes I am talking about windows login not my application.
And yes also at first I have post it in another group but them thought it
was not the correct place as they are all similar



"Malke" wrote:

> serge calderara wrote:
>
> > I was in fact wondering if there was a possibility with a windows
> > function like script or special tips to overwrite password at startup
> > before the login. and of course just before security policies gets
> > collected
> >
> > I was imagininga kind of low level script which always run which will
> > always overwrite default admin password.
> >
> > Am I saying something crazy ?
> >
> Again, are you referring to the password for Windows or the password for
> your proprietary application? Don't you have a similar thread with lots
> of answers going in another newsgroup? I seem to remember a posting
> from you, perhaps in microsoft.public.security?
>
> Malke
> --
> Elephant Boy Computers
> www.elephantboycomputers.com
> "Don't Panic!"
> MS-MVP Windows - Shell/User
>

 

[Malke]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

serge calderara wrote:

> Yes I am talking about windows login not my application.
> And yes also at first I have post it in another group but them thought
> it was not the correct place as they are all similar
>

I think you got good answers in the other newsgroup. Multiposting is
bad. Here is a link explaining why:

http://www.blakjak.demon.co.uk/mul_crss.htm

I can't help you with startup scripts and what you are trying to do.
Since this is a business requirement, contact a local computer
professional who does scripting and pay their consulting fee. This is a
cost of doing business.

You might want to think about why your one customer is doing what they
are doing as a different approach to the problem.

Malke
--
MS-MVP Windows User/Shell
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic"

 

[Guest]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Hi

It is a piece of cake to reset an admin password in xp/2k it takes
physical access to machine and about 5 mins. can we all say LINUX BOOT
DISK lol

however the only way to stop this is remove the ability to boot from
anything other than the hdd which can be done in the bios and then add
a bios password

job done

S


--
pscyimePosted from http://www.pcreview.co.uk/ newsgroup access