How To Avoid Password Window in WIN XP?????? - Page 2
Page 2 of 6 FirstFirst 1234 ... LastLast
Results 11 to 20 of 54

Thread: How To Avoid Password Window in WIN XP??????

  1. #11
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,242
    Forgive me, HT. I guess I was wrong. A question like that coming from someone who describes himself as a "Know-it-All Master Beaver" had me thinking it was purely a rhetorical question.

    So, here it is from the horse'$ mouth:

    "Auto Logon stores your logon name and password in the registry, allowing you to automatically log on to Windows...without typing in your user name or password in the logon user interface. However, Auto Logon could also enable other users to access your files and use your name to commit malicious acts on the system (for example, anyone with physical access to the computer can boot the operating system and automatically be logged on). If you have Auto Logon enabled and you do not want to change it, make sure that you do not store any sensitive information on the computer. Since anyone who has physical access to your computer can use the autologon feature you should only use this feature in an environment that is both trusted and secured."

    https://www.microsoft.com/technet/se.../mbsa1/wp.mspx

    Hope that helps. We cool now?
    “Everybody is ignorant, only on different subjects.” — Will Rogers

  2. #12
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914
    Originally posted here by brokencrow
    Forgive me, HT. I guess I was wrong. A question like that coming from someone who describes himself as a "Know-it-All Master Beaver" had me thinking it was purely a rhetorical question.

    So, here it is from the horse'$ mouth:

    "Auto Logon stores your logon name and password in the registry, allowing you to automatically log on to Windows...without typing in your user name or password in the logon user interface. However, Auto Logon could also enable other users to access your files and use your name to commit malicious acts on the system (for example, anyone with physical access to the computer can boot the operating system and automatically be logged on). If you have Auto Logon enabled and you do not want to change it, make sure that you do not store any sensitive information on the computer. Since anyone who has physical access to your computer can use the autologon feature you should only use this feature in an environment that is both trusted and secured."

    https://www.microsoft.com/technet/se.../mbsa1/wp.mspx

    Hope that helps. We cool now?
    So that's reading into MS Marketing Shite... I still don't see the danger of that... Once again... physical access is physical access... That's where the big threat comes in... Yes in a corporate environment not a good idea... but really no big problem in a home... So the password is in the registry... People would need access to your registry... and if they can read your registry... odds are they have easier means of obtaining your password (key logger for instance... or taking the SAM db)

    You make it seem like Auto Logon is some horrible thing... It's not.. It's now more a risk than a share on your computer.
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  3. #13
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,242
    but really no big problem in a home...
    That's assuming the home is a trusted environment, or not part of a corporate office via VPN. I've seen homes that were NOT trusted, and others that plugged into corporate VPNs.

    And again, I take issue with you on laptops. They should NEVER be set to automatically logon if there's the least bit sensitive data. Laptops are very vulnerable to theft, even from homes, as demo'd by the theft of a VA laptop from an admin's home just this year, putting millions of US veterans at risk of ID theft.

    and if they can read your registry...
    Just curious how you'd handle an LSA encrypted password? You going to pull that one out reading the registry?

    As usual, we have our differences.

    Goodnight.
    “Everybody is ignorant, only on different subjects.” — Will Rogers

  4. #14
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    Personally...I dont use auto login on my machines...

    Everyone has there own profile ..and password...that way they have no access to MY profile.........yes ...basic security.....

    they also dont know how to use a bootdisk or safemode.......yet but the girls have set a boot password on the IBM machine........to lock out thier step brothers

    I never use auto login...MHO as always

    As for 98.....there is no security..........if you want basic security...dont use 98

    Cause I would just hit cancel, have access and reverse your reg edit ...... reboot

    again...if I had physical access to a machine......and a boot disk....doesnt mtter what os now ...does it..

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  5. #15
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914
    Originally posted here by brokencrow
    That's assuming the home is a trusted environment, or not part of a corporate office via VPN. I've seen homes that were NOT trusted, and others that plugged into corporate VPNs.

    And again, I take issue with you on laptops. They should NEVER be set to automatically logon if there's the least bit sensitive data. Laptops are very vulnerable to theft, even from homes, as demo'd by the theft of a VA laptop from an admin's home just this year, putting millions of US veterans at risk of ID theft.



    Just curious how you'd handle an LSA encrypted password? You going to pull that one out reading the registry?

    As usual, we have our differences.

    Goodnight.
    I never said I'd decrypt an LSA Encrypted password... But it looked to me from your post of MS's text that that was what you were using as your argument... that it's stored in the registry... I'm saying big deal if it's stored in the registry and you just supported that...

    When is a home not a trusted environment??? You've got a problem if that's the case... As for people accessing corporate VPNs... you shouldn't be saving your VPN password and if it's for fear of infection... regardless of which profile is access an infected machine is an infected machine... As it is corporations should have a policy in place that people cannot access the Corporate VPN from home machines... Those accessing the VPN should be provided with a work only laptop and that's how they should access them...

    I still stand firm that there is no security risk to having Auto Login... no risk that's any different from the other risks associated with other people having physical access to the machine... Because that's how it is... plain and simple.. you can't argue it..

    Physical Access = Risk
    Auto Login = Exact same Risk..

    Peace,
    HT

    PS -- I'm still shocked that you're quoting the MBSA whitepaper as a valid security resource... A program that looks at a default install of Windows and says "hey this is completely insecure but we shipped it to you that way"
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  6. #16
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    When is a home not a trusted environment??? You've got a problem if that's the case...
    Obviously you dont have kids HT......
    ...I dont want people....family..............or guests in my home using or accessing my profile

    I dont even want them to see my vpns..bookmarks...documents...pictures

    I think profiles work great...MHO as always

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  7. #17
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914
    Originally posted here by morganlefay
    Obviously you dont have kids HT......
    ...I dont want people....family..............or guests in my home using or accessing my profile

    I dont even want them to see my vpns..bookmarks...documents...pictures

    I think profiles work great...MHO as always

    MLF
    I'll state my previous comment about corporate policy not allowing VPNs on personal computers..

    as for guests... Why are guests roaming your home and accessing your computer... As for kids.. If you think multiple profiles keeps your kids from accessing your files.... come-on MLF... you're smarter than that.. As I said

    Physical Access = risk
    Auto Login = Exact Same Risk
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  8. #18
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    Well...guests that come to vistit me from the west coast... and stay for 4 days tend to roam around my house............and have access to everthing in my home...like the shower...fridge and ...omg...computers..........we have 6 all over the house....

    This doesnt by any means include extended family.........

    My profile is somewhat protcted.....till I reboot

    and I never save passwords.......

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  9. #19
    Banned
    Join Date
    Jul 2004
    Posts
    297
    hmmm, so the autologin stores the password in the reg, is that the same reg that gets game serials harvested by virii on a daily basis? Or do "speacal" xp macines have more than one reg.

  10. #20
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914
    Originally posted here by spamdies
    hmmm, so the autologin stores the password in the reg, is that the same reg that gets game serials harvested by virii on a daily basis? Or do "speacal" xp macines have more than one reg.
    Once again.. generally it will be encrypted... On top of that... If you're virus infected wouldn't you say you are already compromised?
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides