Password for Admin account

[moontan]

i started using a standard account to increase security.

i used to use an Admin account without a password, being the sole user of this machine.

my question is:
is there any benefit security-wise of using an admin password when i run an app inside a standard account that needs a password?
or can i just run without a password?

[Kees1958]

In early XP days, I can remember vaguely a vulnability (dont know whether it was theoretical or exploitable) based on poor firewall, guest account and network shares, where a change of user to admin implicated that the intruder owned the machine. At least I can remember an advice to allways add a password for the admin, based on this story.

[Brocke]

well really password are weak in windows. Windows puts the password to all CAPS when being verified. unless that changed.

[moontan]

tnx for taking the time to answer folks!

i have removed the admin password for the time being and unless someone can bring conclusive evidences as to why it should be on it will stay off.

[safeguy]

I like to think of it as a simple way to avoid rogue people (with not much PC knowledge) tampering with your Windows settings.

[blasev]

Sry double post

[blasev]

I've once been bypassed by an admin on my workplace ( I chalenge him to do it)
Even though I use password on log in
he is able to make a new admin account to access my laptop.

Can someone teach me how he did that?
Or at least tell how to stop that? (Without setting up bios password)

Since he still kept it as a secret from me ;p

[Sadeghi85]

Quote:

Originally Posted by blasev

Can someone teach me how he did that?

There are lots of software to do that.

Quote:

Originally Posted by blasev

Or at least tell how to stop that? (Without setting up bios password)

full disk encryption


EDIT:

Quote:

Originally Posted by blasev

(Without setting up bios password)

bios password on most computers can be bypassed, there are lots of software to do that too.

[Greg S]

Quote:

Originally Posted by moontan

tnx for taking the time to answer folks!

i have removed the admin password for the time being and unless someone can bring conclusive evidences as to why it should be on it will stay off.

I see in your sig that you use UAC. What do you do in the standard account when presented with the UAC alert? Just click OK. I've always had a password and have mine set to provide credentials which includes entering the password so I have no knowledge of how it works without a password.

[m00nbl00d]

Quote:

Originally Posted by Greg S

I see in your sig that you use UAC. What do you do in the standard account when presented with the UAC alert? Just click OK. I've always had a password and have mine set to provide credentials which includes entering the password so I have no knowledge of how it works without a password.

You'd still get the same exact alert from UAC, the only exception being you'd have no password to enter; no username would be required either.

I believe the major concern would be whether or not you're part of a network, and if other machines may get compromised at some point; other concern would be other people at home/at work (if they could get their hands at your laptop/desktop).

Am I missing some other scenario?

Oh yeah, computer shops! Some folks enjoying seeing the photos, etc., specially if the client is a sexy lady. I don't think they would bother booting with some Linux live CD, would they? lol

[Greg S]

Quote:

Originally Posted by m00nbl00d

You'd still get the same exact alert from UAC, the only exception being you'd have no password to enter; no username would be required either.

I believe the major concern would be whether or not you're part of a network, and if other machines may get compromised at some point; other concern would be other people at home/at work (if they could get their hands at your laptop/desktop).

Network as in four Win 7 laptops in the house being able to see and use files from each other or use one printer for all? Presently on mine, I've disabled all the things that allow them or me to communicate with each other. They can do it with each other but I can't.

Quote:

Originally Posted by m00nbl00d

Oh yeah, computer shops! Some folks enjoying seeing the photos, etc., specially if the client is a sexy lady. I don't think they would bother booting with some Linux live CD, would they? lol

Uh, probably, lol

[moontan]

Quote:

Originally Posted by Greg S

I see in your sig that you use UAC. What do you do in the standard account when presented with the UAC alert? Just click OK. I've always had a password and have mine set to provide credentials which includes entering the password so I have no knowledge of how it works without a password.

it works the same, i just click OK.

i'm not on a network and i'm the only one using this computer.

of course, if that is not the case you'd want to use a password...

[blasev]

Quote:

Originally Posted by Sadeghi85

There are lots of software to do that.
full disk encryption
EDIT:
bios password on most computers can be bypassed, there are lots of software to do that too.

Wow, my laptop is weak

[bollity]

there is a security whole in windows called " hidden sharing". most users don't know anything about this whole.
hidden sharing will allow other network pc to see your files on the harddisk even if you don't make any sharing. so a password for any account including the administrator account is necessary.

go to control panel -- administrative tools--computer management ---shared folders --- shares and you will see what i mean.C$ D$ E$ ... etc, all are hidden sharing.

you can get rid of hidden sharing by editing registry. google " disable hidden sharing"

this is for 32 bit xp and win 7 :
add this value to this registry key
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanServer\Parameters]

Value Name:AutoShareWks
Data Type: REG_DWORD (DWORD Value)
Value Data: (0 = disable shares, 1 = enable)

then restart and now there is no hidden shares.

http://www.petri.co.il/disable_admin...ive_shares.htm

[blasev]

Thx for the info