default winxp password (little hint

[aderkach]

Zonewalker: you are stupid. There is no hidden admin account on any of Microsofts OS's leading up to the current Longhorn beta. Research your **** before you talk about it. The only other accounts created on XP are IUSR account for XP pro (for IIS) and support accounts which have a random password (which may I add, is never blank).

Also, the normal admin account with no password is set up on some OEM versions of XP, or for some lazy bastards who click yes through ever screen and don't see that one of the screens asks for a password.

[sickyourIT]

it was probably originally put in there by M$ with the intent on being solely a backup account, so that techs and stuff could access the comptuer and set up accounts or whatever is the user forgot their password.

after that, it became an exploit.

for all the noobs who tried to neg me with their grey AP's:
upon posting this, it wasn't just because i figured it out, i just happened to be working on someone's new laptop, and i remembered to change the pword. I just wanted to give a heads up to the unknowing amongst the AO community.

[Zonewalker]

aderkach.... mmmhmmm before you continue to embarrass yourself try researching the topic a bit more fully and stop being a *****. If you want to know more about the default hidden adminstrative share try looking here

http://support.microsoft.com/default...-US;Q314984#2b

to quote MS

The versions of Windows that are listed at the beginning of this article create hidden administrative shares that administrators, programs, and services can use to manage the computer environment on the network. By default, the following hidden administrative shares may be enabled by Windows:
Root partitions or volumes
The system root folder...

and

Hidden administrative shares that are created by the system (such as ADMIN$ and C$) can be deleted, but they are re-created by the system after you stop and restart the Server service or restart your computer.

and

IMPORTANT: The default IPC$ administrative share is required by the Server service and cannot be deleted. Microsoft recommends that you not delete administrative shares that were created by Windows for root partitions and volumes (such as C$) and the system root folder (ADMIN$). This can cause problems for administrators and programs or services that rely on these shares. For example, both Microsoft Systems Management Server (SMS) and Microsoft Operations Manager 2000 require administrative shares for correct installation and operation.

also try typing in control userpasswords2 at the run command... there you will find an account not listed during normal start up called 'Adminstrator'. Then click on the properties for that account... I'd be quite willing to tell you now that in the description it says
'Built-in account for administering the computer/domain'

and if you're trying to imply I'm a lazy bastard who hasn't looked into setting up my XP installation well go **** yourself with a sharp stick... the hidden admin account does exist and it is blank - but of course if you had a brain you'd know that.

On the other hand I applaud sickyourIT for being helpful and trying to point out this bit of info.

Darksnake... yes I have used it during a safe mode boot up and with the XP recovery console.

Z

[Darksnake]

First off id like to quote sickyourit

by default, after installing windows xp (PRO, although it's possible this happens on HOME as well) the default administrator password is.... you guessed it. Nothing

That cleary shows that we were talking about admin accounts not default shares.... Those are two different things. I also wouldnt exactly call them hidden because they are listed in the computer management mmc.

Now when you say you have used them in the recovery console are you talking about the administrative shares or the "blank" administrator password. If your administrative password is blank, then you know what needs to be done and I wont explain.

[Zonewalker]

granted you make a valid point darksnake... there is a difference between hidden shares and a hidden account. However I am still talking about a hidden admin account. If I may ask a question... when you started up in safe mode did you log in via the XP welcome screen or the old style logon prompt? I'm not sure if the hidden account will be shown on the welcome screen... which may be why you never saw it

second... have you used control userpasswords2 at the run command? You should come up with a popup box titled User accounts... it lists all accounts on the box.... and one of those won't (or at least shouldn't!) show up on the normal User accounts applet which is accessed via the control panel...

for example on my box if I type in control userpasswords2 to bring up the popup box I have my main account (which I'll call Zonewalker) and another account called Administrator (it's not actually called that because I renamed it). The Zonewalker account is shown on the User accounts applet but the Administrator account isn't. Clicking on the properties of the Adminstrator account shows in the description that it is a

'Built-in account for administering the computer/domain'

it was originally set (from a full clean install) with no password - and before aderkach pipes up - I did not simply click on yes all the way through the install.... the Zonewalker account was also there from day one as an admin account and it was password protected as expected. Now if thats not a hidden account (bearing in mind it doesn't show up on the usual User account applet accessible via the control panel) - then what is it??

Obviously the Adminstrator account on my box has been renamed and password protected (I'm not some 16yr old kid and neither am I stupid like aderkach seems to think)...

The hidden admin shares are what you can access using the hidden admin account... like sickyouIT has already implied its for recovering from a fuxored installation.

Now actually I have a question for aderkach..... first I'll apologise for the language in the previous post.... it wasn't necessary and was probably a bit over the top... however if you're going to start calling people stupid then expect people to bite back at you.... we are supposed to be a community here and I don't particularly want to have slanging matches especially after a day at work that has been less than pleasant. However given your post... would you like to back up what you've said either with a link to further information or at least describe your experiences?


Z

[Gravity]

Darksnake I recently used the secret admin account to change my admin account as i forgot my pass :S. I didn't know about the secret admin so I was stuck with the guest account which has no internet access so I had to call up MS and after like two weeks they decided to tell me about the safe mode login :@

[aderkach]

ZoneWalker: You are an idiot, the administrator account will remain on the machine no matter what you do, they put that feature in for idiots like you, who rename their admin accounts to something ub3r j33t and then email MS tech support when they cannot log on to a network domain. There must be an "Administrator" account, any account you "rename" from it is just a new admin account that is created.... God, you are such a moron.

[Darksnake]

ZoneWalker its clear to me now, the secret Administrator account you speak of does not show up on the logon screen no, but when you goto administrative tools and computer management and then users it is shown. This is the same as the control userpasswords 2 control popup window. Which does show every account on the box. The administrator account which you renamed, is this the secret account which you speak of?
If so then I still stick by every word which I say because they reference that account. Or is there another account which you speak of that you have just failed to mention the name of?

[souleman]

Just because it doesn't show up on the user list doesn't mean it is a hidden account. And if you installed Win XP Pro yourself, then you set up a password for it. At least I did every time I installed it. I guess you could install it and give it a null password (blank password for those that don't know what null means), but that is your own damn fault. now if you purchase a machine that has XP Pro already installed, then I guess its possible that the admin account has a null password, but it seems like durring the setup of the computer, it would ask you for a password. But I could be wrong, I have never set up a machine that came with XP pro installed on it.

Thats like saying that my mac has a default root account that is hidden.. Its almost impossilbe to log in as root into the gui, unless you mess with a couple things that you are not supposed to, but it is possible. But the root account never shows up in the user list....any user list for that matter... the only way to see it is if you look at etc/password and that file is only used on very rare occassion. OSX normally uses a differnt way to login that doesn't mess with that file, but it is used on occassion.

aderkach> can you make 1 post that makes a point and doesn't sound like a whiny child calling people names?

[Zonewalker]

Darksnake .. point taken... I think souleman explains it well... however can I point out one thing... I don't think I've ever called it a 'secret' account... merely 'hidden'. The use of 'secret' implies that there is a backdoor which isn't quite the same as what I was saying! I think this is a case of semantic's but one which may have been causing confusion. I AM NOT implying that XP has a secret account... just hidden from normal use. The account you're on about is the one I'm talking about.... it's hidden from the normal user list.... hence my terminolgy of hidden (rather than secret!) The point I think Sick and I were trying to make was that the built in (previously called hidden) admin account sometimes does have a null password and that if you're not aware of it (because it doesn't show up on the normal user list) then it would be a good idea to make sure that it does have a password.

souleman... yes machines with XP pro already installed do (at least in my experience) come with null passwords for the built in account... upon setup XP asks for a user account to be set up which is where you type in a password and set it to a limited or (additional) admin account. In itself this is fine but if you're not aware of the built in admin account then you leave yourself wide open. The only reason I ws using the terminology of 'hidden' was because it doesn't show up on the normal user list but again I take your point

As Sick said

I just wanted to give a heads up to the unknowing amongst the AO community.

aderkach - last and definitely least.... I tried to be understanding and give you the benefit of the doubt. There is obviously a difference between how people use words here to mean similar things.... but all you've done is show your self to be the child you are. If you were anything other than a 733t kid yourself then you would have approached this in a reasonable manner like Darksnake and Souleman have done.

Z