January 20th, 2004 05:01 AM
XP Password/Account Questions
I was wondering if you all could please clear up some questions I have concerning XP Home?
1. When typing control userpasswords2 at a command prompt, I see an option that says "Users must enter a user name and password to use this computer". If I were to uncheck this option, would it then allow users to "remotely" log in to my system without a password? Or does this option strictly refer to physical access? Like if a user actually turned on my computer from home, he/she would automatically be logged in?
2. When I use the command net user to manage my other accounts, it allows you to change the "Full Name" of user account with net user username /fullname:"name". I've heard that this is the "proper" way to change your username (is this true?), but when I change the Full Name of an account, the username remains the same, yet the the Full Name of the account seems to change.
3. I've heard that by renaming the Administrator account, users encounter problems when using system restore. Is this true?
4. I've noticed that I also have 3 questionable accounts on my system, I think they are hidden, but nonetheless, I was wondering if it's safe to either delete them OR at least password protect them. They are: HelpAssistant, and two Support accounts, which are described as being:"This is a vendor's account for the Help and Support service".
Thanks so much!!!!!
January 20th, 2004 07:03 AM
I cant help you much with 1-3 (to 3: why bother changing the Admnistrator username while u can make another one with admin rights, for the rest I'm sure there are some explanations on how the security work within the XP help files)
to 4: If you did some exploring of the Computer Properties you might did find some things like "Enable Support Requests" from this computer or something like that... Things you can turn off.
Actually those accounts are made by Micro$oft for solving some problems remotely... If you do a search on AO I'm sure you'll find a topic on these - question asked already.
Anyway good luck with it!
January 20th, 2004 01:22 PM
instead of renaming the ADMIN acount just give it a realy long and oddball password. before you do thagt make sure you have 1 other acount with admin rights. Then plan on never using the admin acount again. the reasoning behind the long and obscure pass ford (i.e. hs9^jjn#j&&&%^#$@jGjklN<<kl) is to make it virtualy unusable. default acounts like that are the bane of security oriented people everywhere. The really bad part is that ur average home user has no idea that acount is even there
January 20th, 2004 01:32 PM
1. As far as I know no it wouldn't... XP home uses the guest account to authenticate credentials over a network - by default the guest account has no password anyway. I'm fairly sure this option refers only to physical log ins - so if you turn it off users do not have to supply passwords. If you only have one user I beleive it negates the need for a username as well but if you have more than one users you'll still get the welcome screen so that you can select which user to log in as
2. I think thats normal behaviour in XP home but I'm not sure... I think changing the 'username' causes problems with some programs (almost as if the 'fullname' is a pseudoname/alias and the 'username' is the actual user ID). Someone else may be able to help with this better
3. I have heard this too... but my XP home box Admin account has been renamed several times and I've never noted any problems. I also renamed the guest account and that has also never caused problems but I'm told that renaming the guest account is also unadvisable - dunno I think it's more an attempt by MS to cover their ass personally
ghost has already answered question 4 for you so I shan't reiterate
 unlike Zombie I already assumed you would have passworded the default admin account... of course if you haven't that would be a really good first step
Quis Custodiet Ipsos Custodes
January 20th, 2004 08:43 PM
Zonewalker is correct about #1, it is for local (physical access) login only. The <ctrl>+<alt>+<Delete> keypress sequence terminates any TSR program (like keyloggers) that may be on the system, thereby keeping the password secure.
On #2, Zonewalker is correct as well. This behavior is indeed by design in XP home. The fullname has absolutely nothing to do with the Login name from the SAM and LSA point of view (think of it as a short discription, or alias, as Zonewalker said. Many security administration features are turned off by default, however "net user" and "net accounts" still work, so you can define a local security policy using them (although it's a little archaic).
#3...If you're running SP1 or higher you'll be OK. Also, if you rename the account, update your ERD.
On #4, I'd delete them using "net user".
on the Admin password, I'd also include some non-printable ASCII characters in the password (hold <Alt> and type a 3 digit ASCII code).
Also change the description on the renamed Administrator.
For extra fun, add a guest account named "Administrator" and give it a strong password, disable it, and give it the description from the default one.
January 23rd, 2004 05:10 PM
There isnt much i can tell you about the questions you are asking. I do have one bit of adive for you tho. dont use XP. It sucks. Security is way out of hand this time.
January 23rd, 2004 05:12 PM
Mehly20, I can not disagree with you more. XP security by default is quite secure, and while it does have a few holes or two, they are completely fixable and lockdownable. XP, when in the proper hands, can be turned into an mithril prison. The admin makes the OS, the OS does not stand by itself alone.
I've also been using and testing XP as my primary desktop system for quite some time now, and have fine tuned and tweaked it beyond all belief. XP is the best OS to date for the windows system, and if you don't want to spend time and actually preform the benchmark and actually learn the OS beyond it's stereotypes, then remember one quote when offering your "advice on XP":
"If you can not help someone, then do not try to hurt them"
January 23rd, 2004 05:40 PM
That's like saying "Don't use Athlon, it sucks", or "don't use Intel", or "don't use the Internet", or don't use IRC!
Every piece of hardware and software has a purpose and task that it's best suited for, and some people prefer one to the other. I value and respect the opinion of others, as should you. I get offended, however, when someone makes a comment such as this.
I "prefer" to use Windows XP and as far as MS desktop OSes go, it's the best yet. However, I wouldn't use it for everything. Just because you may or may not like something about it doesn't mean that it sucks. There are plenty of things I don't like about it, but overall, it's a very nice OS.
There are tings I don't like about Linux and Unix and MacOS, and NetWare, and so on, and so on. That doesn't mean they suck.
January 23rd, 2004 08:19 PM
On question no. 2, you can also change the full name using control userpasswords 2, selecting the username and clicking on properties.
For 3, the problems aren't caused while using system restore, but the rescue console. If you boot from the CD and try to access the rescue console, it asks you for the admin password (no username, just the password). That's where you're screwed if you need to use the recovery console.
January 25th, 2004 05:09 AM