I just noticed today, as I was logging into safe mode to check some nasties that wandered into my computer, that there is an Administrative account that is hidden unless you are logging into safe mode. After seeing this, and "blessing" MS for their intelligence, I proceeded to secure said account and thought to myself that perhaps some others would benefit from reading about this issue.

Instead of using the GUI that you can locate through control panel/user accounts, bring up your DOS prompt and enter “control userpasswords2” (without the “quotes”) at the prompt. This will bring up a screen where you can see all of the user accounts enabled on your computer, including the hidden Administrative account.

1) Double click on the hidden Administrative account and rename it to something else. Give this account a strong password (one at least 15 characters long comprised of letters, numbers and symbols with no certain meaning). I think there is at least one great tutorial here on selecting strong passwords.

2) Click "Add" and create a new account named Administrator and give it the guest level of access to the computer. Secure this account with a strong password also. If someone tries to access your computer they will try and access the Administrative account first, hoping that you haven’t followed these steps. Hopefully, by the time that they figure out that the “Administrator” account is merely a glorified guest account you will have noticed that something odd is going on and secured your system.

3) Go to settings/control panel/user accounts and disable the guest account by clicking “Turn off the Guest Account.”

And here’s one more thing that might come in handy with all of these new passwords, which are complex, meaningless and therefore inherently hard to remember. XP will let you create a floppy disk to reset your password for any of your accounts. In other words, if you forget your password all is not lost. Simply enter this floppy and XP will let you create a new password without losing all of your settings.

To do this log on as an Administrator. Go to settings/control panel/user accounts. Select the account that you want to make the password reset floppy for. In the left hand column select “Prevent a forgotten password.” Put a formatted floppy in the drive and *viola* you’re safe from memory lapses.

Happy & Safe Computing!