Windows account passwords

Discussion in 'other security issues & news' started by xxJackxx, Nov 15, 2011.

Thread Status:
Not open for further replies.
  1. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    4,047
    Location:
    USA
    For a joke one of my coworkers deleted the password from my Windows account on my PC to get in and mess with it while I was out of the office. I let it go as I doubt he understood the seriousness of his actions but as his supervisor and the system admin I advised he never do it again. I was aware such a thing was possible and suspected he was the only one on the office smart enough to pull it off but didn't suspect it was anything that anybody would actually try in the office. Short of logging into a domain account and disabling all local accounts, is there anything I can do that will make this impossible?
     
  2. wat0114

    wat0114 Guest

    How did he manage to do that?
     
  3. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    4,047
    Location:
    USA
    There are boot disks that will delete the passwords. This can be done on Macs as well.
     
  4. wat0114

    wat0114 Guest

    Okay, I see. You might try disable booting off the optical drive in the BIOS, then passwording it, if you can.
     
  5. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    4,047
    Location:
    USA
    That would still leave USB boot which would be just as easy. Might be possible to disable them both and password it. I would assume full disk encryption would solve my problem as well.
     
  6. wat0114

    wat0114 Guest

    Right, the USB is another avenue of attack. If you can at least move it below the system drive in the boot order, I wonder if that would work, if disabling it won't? Disk encryption might be the way to go, especially if your hardware supports it.
     
  7. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    This is simple.

    1) Password the BIOS (No one is going to bypass a BIOS for a prank)
    2) Encryption
    3) Disable booting from media other than the hard drive
     
  8. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    I'm surprised you didn't sack him ?
     
  9. wat0114

    wat0114 Guest

    I've taken a quick look and so far as I can see on my m/board passwording the BIOS does not help. I can still hit F8 to bring up a boot menu and choose the optical drive to boot from.

    I also tried disabling the optical drive in the BIOS, but I can still select it from the F8 boot menu and boot from it. I see no way of disabling the F8 boot menu either. Maybe on newer m/boards (mine's a 2006 ASUS for AMD 4400+ CPU) it's possible?
     
  10. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    It could be specific to your BIOS.

    If in your BIOS you have it set to boot to your HDD first and you also disable booting from other media (separate options) you should not be able to do so. That's how it is on my machine. To change those settings would require getting into the BIOS.
     
  11. wat0114

    wat0114 Guest

    It's an AMI BIOS. I agree it should be possible to disable booting form other media, except I could find a way when I checked in the BIOS settings. I'll have another look tonight.
     
  12. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    4,047
    Location:
    USA
    Tempted. I was going to write him up and give a him a couple of days off but then I calmed down. If it ever happens again that will be the least of it. I think full disk encryption is my only reliable option here. But that complicates my backups. If I have to backup an entire encrypted volume I will need more storage. :(
     
  13. dantz

    dantz Registered Member

    Joined:
    Jan 19, 2007
    Posts:
    991
    Location:
    Hawaii
    Good thing you weren't using EFS, otherwise you might have lost access to all of the encrypted files stored under that username. Funny prank! Whoops, lost job.
     
  14. dantz

    dantz Registered Member

    Joined:
    Jan 19, 2007
    Posts:
    991
    Location:
    Hawaii
    It's also possible to "mess with" a TrueCrypt-encrypted system partition or system disk. Track 0 remains unencrypted and can be modified to run a pw-capture utility or various other unwanted actions, and of course there are always hardware keyloggers to consider. If I were one of your co-workers and I wanted to mess with your fully-encrypted system I wouldn't trust me any farther than I could throw me.
     
  15. Baserk

    Baserk Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    1,317
    Location:
    AmstelodamUM
    Have you made it official, as in 'It's been noted and now know at HR'?
    I mean, there is no way that this guy can say in a year 'I've never done such thing!'?
    I'd give an official warning and make him sign an 'official report' on this.
    It all depends on size and culture of the company and his position of course but be sure to cover your own behind...
     
  16. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    4,047
    Location:
    USA
    He's young and a good employee and he think he really didn't understand the seriousness of his actions. He did it to change the wallpaper on my screen for a joke. It's not ok but I believe he knows that now. I really don't think it will ever happen again. I'm more concerned with the possibility of the machines allowing it than the likelihood of him doing it in the future.
     
  17. chrismc2

    chrismc2 Registered Member

    Joined:
    Nov 7, 2011
    Posts:
    10

    Hi,

    Could you as suggested above go into Bios,

    1st Boot Option HDD
    2nd Disable Optical Drive
    3rd Lock your USB witha a USB Port Lock

    Just a thought.
     
  18. zakazak

    zakazak Registered Member

    Joined:
    Sep 20, 2010
    Posts:
    523
    Some BIOS have an option to enable a boot-password. So you can't log into the BIOS without the BIOS password (when enabled) as well as you can't boot from anything unless you have the boot-password.

    Very handy on my laptop :)
     
  19. chiraldude

    chiraldude Registered Member

    Joined:
    Jul 3, 2010
    Posts:
    157
    The complete answer to your question is this:
    If someone has physical access to your system, they can access anything.

    A BIOS boot password will stop most hacking attempts but not a determined hacker. Removing the HD and mounting on another system is fairly simple.

    One component of security is trust. If a company trusts the employees, there is no need to lock everything down like Fort Knox.
    If there are untrustworthy people working at a company, make sure everyone uses a BIOS boot password. Also, use a lock on desktop cases and put laptops in a locked drawer when not in use.

    You could also add encryption to your security protocol. That comes with other headaches however.
     
Loading...
Thread Status:
Not open for further replies.