Kam Salisbury on Mon, 20 Jan 2003 14:20:17 -0500 |
Another update... Using this utility works when trying to just blank the password for Administrator. However, you cannot login as administrator (or use the 'runas' service) unless you lower the workstation's overall security policy by allowing blank password length in account policies and disabling the 'Limit local account use of blank passowrds to console login only' policy in Local Security Settings. I see this as a major threat to security of local workstations in an enterprise environment. Why? Because now someone can use this utility to blank out the password of the local Administrator account and quietly access the contents of the workstation's disk from somewhere else on the local network. The good thing here is that the utility can be used to rescue a system whose only issue is that someone of past employment set an Administrative password and no one remembers it now. 011010110110000101101101 Kam Salisbury MCSE, Linux+, CNA -- Believer in Open Source. http://www.kamsalisbury.com _________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.netisland.net/mailman/listinfo/plug-announce General Discussion -- http://lists.netisland.net/mailman/listinfo/plug
|
|