Need some help. ;)
Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Need some help. ;)

  1. #1
    AO's MMA Fanatic! Computernerd22's Avatar
    Join Date
    Mar 2003
    Location
    Miami, FL
    Posts
    762

    Wink Need some help. ;)

    Hello fellow members of AO. How can I block users without 'Administrative priviledges' on my Windows Vista system and XP with SP2 from changing users passwords or worse Administarors password from the command prompt? We all know opening command prompt and entering net user or net users will display all users on the windows operating system. A simple net user administrator * can easily change the Administrator password. How can I block/prevent this from happening to my system on both XP and Vista home basic version? Also, is their a way to catch someone in the eventlog or something similar to detect this?

    All help is greatly appreciated.

    examples:

    Microsoft Windows (Version 6.0.6000)
    Copyright (c) 2006 Microsoft Corporation.
    C:\Windows\system32>net user /add pyr0 password
    net user /add pyr0 mypassword
    The command completed successfully.

    C:\Windows\system32>net localgroup administrators pyr0 /add
    net localgroup administrators pyr0 /add
    The command completed successfully.
    and this one:

    Microsoft Windows [Version 6.0.6000]
    Copyright (c) 2006 Microsoft Corporation. All rights reserved.User accounts for \\H4X0R
    -------------------------------------------------------------------------------
    C:\Users\mma>net users

    Administrator spanky ASPNET
    Guest mma
    The command completed successfully.

    C:\Users\mma>net users administrator *
    Type a password for the user:
    Retype the password to confirm:
    The command completed successfully.
    Last edited by Computernerd22; March 15th, 2008 at 02:40 AM.

  2. #2
    Some Assembly Required ShagDevil's Avatar
    Join Date
    Nov 2002
    Location
    New Jersey
    Posts
    718
    Well, on my home system (XP SP2), I created a new user account for testing purposes. I even moved this new account to the Power Users group and was not able to successfully run the net users command to change the admin password. I was able to view users, and even bring up the password prompt. But after retyping the password, I received an error code 5, along with an access denied message.

    I can test it out on a Vista Business machine on Monday when I go back to work. But, being Vista is supposed to have even tighter security, I think the results will be similar. What account were you using for those examples?
    The object of war is not to die for your country but to make the other bastard die for his - George Patton

  3. #3
    Senior Member
    Join Date
    Dec 2007
    Posts
    132
    Umm.... what?!?!?! lol... The simple answer is "you don't, windows does it for you." I don't mess with vista, but with xp, people can't change the admin pass unless they have admin rights. You'd have to go into the settings for that user and downgrade them from a computer administrator.

  4. #4
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914
    CN22:

    Is the account you are testing with an administrator account? Or did Administrator previously not have a password? That's the only way to explain what you just did.
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  5. #5
    Senior Member
    Join Date
    Dec 2007
    Posts
    132
    Even if the admin pass was blank he still couldn't have done that outside an admin account. Unfortunately that's what most xp users are, and don't even know it...

  6. #6
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,403
    Quote Originally Posted by Computernerd22
    A simple net user administrator * can easily change the Administrator password. How can I block/prevent this from happening to my system on both XP and Vista home basic version?
    Just a quick recap of what's been said. Only members of the administrators group are able to do this on all NT based versions of windows.

    Also, is their a way to catch someone in the eventlog or something similar to detect this?
    Turn on auditing.
    Last edited by SirDice; March 15th, 2008 at 10:08 AM.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  7. #7
    AO's MMA Fanatic! Computernerd22's Avatar
    Join Date
    Mar 2003
    Location
    Miami, FL
    Posts
    762
    but with xp, people can't change the admin pass unless they have admin rights. You'd have to go into the settings for that user and downgrade them from a computer administrator.
    I am currently on a *limited* user account on this Windows XP machine. I don't have administrator privileages, I have limited access. However, when I open the command prompt and enter net user administrator * I am able to change the adminstrator password from a limited user account. No, I don't have administrator privileages nor am I on doing this from a admin account.

    Even if the admin pass was blank he still couldn't have done that outside an admin account. Unfortunately that's what most xp users are, and don't even know it...
    I would know the difference if I had a limited account or running this from an Admin account. Again, I can do this from my Windows XP machine and my Windows Vista. I'm not looking on how to gain admin access I can already do that. I just want to pervent this from happening in the first place.

    To everyone who took the time out of their busy day to respond, thank you it's greatly appreciated.

  8. #8
    Senior Member
    Join Date
    Dec 2007
    Posts
    132
    Well I'd like to believe you, but I tend to believe the people who built the software more. Check the microsoft.com website and even they'll tell you that limited user accounts can't make changes that would affect other users. This isn't just us throwing out uninformed answers here. Someone must have went under the hood and changed things on your machine if your actually able to do this. And if that's the case, we couldn't help unless we know what was changed.

  9. #9
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914
    CN22: Did you perhaps set your command prompt to always run as administrator in the past and forgot about it?

    I'm on Vista as well and here's my output:
    Microsoft Windows [Version 6.0.6000]
    Copyright (c) 2006 Microsoft Corporation. All rights reserved.

    C:\Users\Tyler>net users

    User accounts for \\HT-DESKTOP

    -------------------------------------------------------------------------------
    __vmware_user__ Administrator ASPNET
    Guest Tyler
    The command completed successfully.


    C:\Users\Tyler>net users administrator *
    Type a password for the user:
    Retype the password to confirm:
    System error 5 has occurred.

    Access is denied.
    However, as soon as I go to command prompt and I "run as Administrator" I get the following:

    Microsoft Windows [Version 6.0.6000]
    Copyright (c) 2006 Microsoft Corporation. All rights reserved.

    C:\Windows\system32>net users Administrator *
    Type a password for the user:
    Retype the password to confirm:
    The command completed successfully.
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  10. #10
    Right turn Clyde Nokia's Avatar
    Join Date
    Aug 2003
    Location
    Button Moon
    Posts
    1,696
    Computernerd: On any default non domain Windows system a non-admin user can not change the local admin users password - this is not really an issue that is debatable as it is pretty much fact.

    if you can do it however, then either there is a non-default [miss]configuration that allows you to do so, or you are simply mistaken about the rights you have on the system.

    Is your work station on a domain or just a standalone home type jobby?
    Last edited by Nokia; March 16th, 2008 at 01:20 PM.
    Drugs have taught an entire generation of kids the metric system.

    http://tazforum.**********.com/

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides