Kam Salisbury on Mon, 20 Jan 2003 14:20:17 -0500


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Linux boot disk to replace XP Admin password?


Another update...

Using this utility works when trying to just blank the password for
Administrator. However, you cannot login as administrator (or use the
'runas' service) unless you lower the workstation's overall security policy
by allowing blank password length in account policies and disabling the
'Limit local account use of blank passowrds to console login only' policy in
Local Security Settings.

I see this as a major threat to security of local workstations in an
enterprise environment. Why? Because now someone can use this utility to
blank out the password of the local Administrator account and quietly access
the contents of the workstation's disk from somewhere else on the local
network.

The good thing here is that the utility can be used to rescue a system whose
only issue is that someone of past employment set an Administrative password
and no one remembers it now.


011010110110000101101101

Kam Salisbury
MCSE, Linux+, CNA -- Believer in Open Source.
http://www.kamsalisbury.com

_________________________________________________________________________
Philadelphia Linux Users Group        --       http://www.phillylinux.org
Announcements - http://lists.netisland.net/mailman/listinfo/plug-announce
General Discussion  --   http://lists.netisland.net/mailman/listinfo/plug