Sup yaa,
I need to know the different ways to bypass and secure the Login in a Windows Me environment. This is for a client of mine. Does anyone know where I may get the information?
God Bless
Printable View
Sup yaa,
I need to know the different ways to bypass and secure the Login in a Windows Me environment. This is for a client of mine. Does anyone know where I may get the information?
God Bless
I'm not sure on that one, but my first suggestion to the client would be to get rid of Me as soon as possible. Oh, that's a horrid, horrid OS, problems abound.
Ohh I know that. But you know some people won't listen. I support a full NT shop instead.
I know there ways different ways to get in a win9xme without a password. Especially like clicking cancel and booting into dos to rename some files.
I'm just looking for the Top 5 ways. Without the use of other programs.
One easy way to get past the login screen: (works in 98, dont remember about ME)Quote:
Originally posted here by HolyRollerZ
Ohh I know that. But you know some people won't listen. I support a full NT shop instead.
I know there ways different ways to get in a win9xme without a password. Especially like clicking cancel and booting into dos to rename some files.
I'm just looking for the Top 5 ways. Without the use of other programs.
Hit Escape when you get to the login screen. It will allow you to get into the computer.
Unfortunately ME uses FAT32 and not NTFS so there is not much you can do security wise without going to third party software. :(
You could set the power up password in the BIOS as a last resort.
Hey CXGJarrod thanx for adding to the list.
Is that a Ghost Recon gaming Clan?
Man I Love that Game.
It's that easy? Holy cow, it's even suckier than I thought! :)Quote:
Hit Escape when you get to the login screen. It will allow you to get into the computer.
Hey CXGJarrod thanx for adding to the list.
Is that a Ghost Recon gaming Clan?
Man I Love that Game.
;) You can get it to force a network login, but in the default setup it will allow you to bypass the password screen with escape.Quote:
Originally posted here by AngelicKnight
It's that easy? Holy cow, it's even suckier than I thought! :)
We play CounterStrike 1.6 in our clan. (No other games at the moment)Quote:
Hey CXGJarrod thanx for adding to the list.
Is that a Ghost Recon gaming Clan?
Man I Love that Game.
:rofl:
:D
WinME does not offer a security policy, consequently it should not be used in environments that feature confidential or even private data for that matter... even with third party security tools.
catch
Holy:
Show this to your client.Quote:
Ohh I know that. But you know some people won't listen.
Windows ME was really just an "interface introduction" by Microsoft. It was a way of allowing users to see and get used to the interface that they would be moving towards, (or something very similar). What it achieved was a feeling of a more sophisticated operating system without any of the benefits. As such, the vital portions of the operating system that could provide any security whatsoever were still based on an operating system that, while network/internet aware, was still based in older operating systems that were never intended to be connected to an insecure world. Furthermore, hotfix support for WinME ended last year meaning that even if there are new vulnerabilities found Microsoft will not be publishing patches for them making the operating system even more insecure. If you have any data you need to protect, (which it sounds like you feel like you do), then at an absolute minimum you should install Windows 2000; XP professional would be better but the security in Windows 2000 is more than adequate if managed properly. Windows ME simply isn't designed to allow even the best system administrator to assure any level of security. Then again, it all depends upon how much you value your data.......
Secure the login prompt for Windows ME LOL. If the person has physical access to your Windows ME box your a dead duck. Windows ME doesnt offer any security. To show you what I mean for example If I had physcal access to your PC I could go to start, find, files or folders. In the named box type *.pwl (thats asterik period pwl all together), change the look in to my computer by clicking on the drop down tab. Next click search now. The Windows Find utilty will find it. Right click and delete it. Next reboot PC. No security as everyone stated. But I would recommend 3rd party software. Like the other members mentioned setup an BIOS password on the system. If they dont give the correct password it will not load the operating system. But the promblem with this is its a pain in the ass to change it back to orginal way not having a password prompt. The way to bypass this is to remove the battery and put it back in. Hope this helps Computernerd22Quote:
I need to know the different ways to bypass and secure the Login in a Windows Me environment. This is for a client of mine. Does anyone know where I may get the information?
WinME is the last of the single user home operating systems from Microsoft...............I use it on several machines, some of which are stable, some are not.
If I stuck a Win98 boot disk into an ME machine, I am there..............unless you fix the boot sequence to use the HDD first. The BIOS password will not work if physical access is allowed......even if you have a C22 eprom chip, I can still get in :D with a screwdriver and some knowledge (Dell laptops?)
If you want security, you have to go to NT based operating systems. Sure, there are third party softwares that "claim" to secure 9x.................trust me, they don't
You have a lot of good advice here, if you really have an issue with your client, please PM me and I will write you a formal advisory.......free of charge :)
Good luck and happy Easter
johnno
Sort of reitterating what was said...
You can't really secure Windows ME against physical attacks, where someone has access to the computer. There is no built in protection against that stuff, the login is just a fancy way to allow you to customize your desktop. I have seen Windows 98 machines used in corporate environments, with network logins required. And I have found a way to completely bypass the login requirement to launch programs. And the whole reason I could was because an application installed on the computer allowed me to access a Browse for a File dialague during the login process. (Browse for file...right click a file, open, etc., from the file selection thing -- bad).
From a network standpoint though, you can do the normal install a personal firewall (and av) and use it to block unnecessary services. With Windows File Sharing Server turned off, you should be pretty safe. Just allow outbound connections and deny inbound ones, and as long as this box doesn't have any necessary services (file sharing, http, ftp, remote access, etc.) it will be okay set up like that.
Add this to your list - other programs can intercept CTRL+ALT+DEL. In Windows 2K/XP at least, only the OS can intercept these keys and other applications can't. (Aids in safe logins if you have to press those keys, only the OS can intercept it to show a real login prompt -- but keyloggers can still record keystrokes, etc.)
Good luck convincing your customer...
Use a boot diskQuote:
I need to know the different ways to bypass and secure the Login in a Windows Me environment. This is for a client of mine. Does anyone know where I may get the information?
or
hit ESC
:)