Jump to content

Autologon in Autounattend.xml


Recommended Posts


Oh and that's something else I've been meaning to ask since I skipped Vista. I have seen this UAC thing mentioned many times, and came to the understanding that most people don't use an administrator account, in XP, i never bother creating normal user accounts.. so what's the verdict in vista/win7. Is it necessary at all? Or is it for those folks who don't know what they are doing?

Link to comment
Share on other sites

Generally speaking the administrator account in Vista & W7 is not accessible by default. In Vista & W7 you must create a user, they can have administrative privileges. Their are ways to enable the admin account as recently posted on this board.
While M$ claims you are safer having it disabled, there are others who will claim you are no safer than if you had simply renamed your Administrator account. (via control userpasswords2) Both situations will prevent malicious software from hacking an account called "Administrator", now malicious programmers not only need to crack the password, but also need to guess the account name. All this is assuming said malicious software actually attacks via user/password, instead of buffer exploit like a normal piece of malware.

If said malware can access you non-administrator user account (which in M$ infinite wisdom has local administrator privileges), your false sense of security is out the window (pun not intended), as hacking any account with Local Admin rights will allow malicious software full access. :realmad:

I rank this up there with "Editing the Registry can cause catastrophic failure", sure technically that is true, but has it ever stopped anyone ?

Edited by MrJinje
Link to comment
Share on other sites

I personally don't use Administrator but I do turn LUA off and I think It's just as powerful as that Admin account who couldn't delete folder's i couldn't delete. I develop and I need to have an account which be on same level as 99.9% out there. Gives me better perspective and my Admin account does have a Pass I set with my Xml

I'd like to know just what is the difference between Administrator and a local Admin

Edited by maxXPsoft
Link to comment
Share on other sites

I'd like to know just what is the difference between Administrator and a local Admin
Administrator is a "Built-in account for administering the computer", it derives it power from being a member of the "Administrators" group.

A local administrator is "Administrator" and/or any other user account on the local machine in the "Administrators" group. Everyone in the Administrators group is equally powerful.

By default, the "Administrator" account is disabled and the user created by setup is in the "Administrators" group.

Notice that security on C:\Windows Directory has no permission entries for "Administrator" account but instead an entry for "Administrators" group. If you remove Administrator from the Administrators group, you would not be able to do much.

post-263685-1257818864_thumb.png

post-263685-1257820444_thumb.png

Edited by MrJinje
Link to comment
Share on other sites

:hello: You read pretty much what i have read.

It is a good account to keep in reserve for troubleshooting purposes.

By remaining relatively untouched, it is very likely that you will be able to log onto this account if/when the other accounts become damaged or inaccessible.

Another benefit of knowing this method is to keep the hidden Administrator account as a 'back door', for example, if you inadvertently lock out your main account. Sitting there at your computer, you can never believe that you will be so foolish as to lock yourself out, yet logic dictates that somewhere in the world today, someone has just done that: locked themselves out. Would not they like to know how to activate the administrator account?

Boot to Safe mode no pass on Administrator account by default

also the whoami vs Administrator. My account is identical

Whoami_vs_Administrator_Nov-09-2009

So I have decided that instead of typing out all that mess maybe I'll just call myself Admin. :lol:

Edited by maxXPsoft
Link to comment
Share on other sites

Note there are two major differences- the actual local Administrator account gets a full admin token on logon, whereas an Administrative group account gets a pseudo-token and is still affected by UAC and it's security (unless you of course disable UAC). Also, the admin account has a well-known SID GUID, and it's disabled (and a new user is made an administrator on install) to try and mitigate attacks that target the Administrator account, both by name AND by it's SID.

Link to comment
Share on other sites

  • 2 weeks later...
Note there are two major differences- the actual local Administrator account gets a full admin token on logon, whereas an Administrative group account gets a pseudo-token and is still affected by UAC and it's security (unless you of course disable UAC). Also, the admin account has a well-known SID GUID, and it's disabled (and a new user is made an administrator on install) to try and mitigate attacks that target the Administrator account, both by name AND by it's SID.
Here is good article detailing what Cluberti is touching on.

http://technet.microsoft.com/en-us/magazine/2007.06.acl.aspx

EDIT:Relevant

http://www.msfn.org/board/topic/144776-unable-to-open-an-elevated-windows-explorer-window/

Edited by MrJinje
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...