Jump to content

The Administrator


Recommended Posts

I was just wondering if its "safe" to use the Administrator as my normal login?

Its just a home personal PC, so Im thinking yes. As of now my uA cd boots up as the Administrator with no USER accounts made. Im just curious as to if its a safer practice to use a User acct over the Administrator in my situation. Thanks!

Link to comment
Share on other sites


well... I would suggest two thing:

1- rename the administrator account to something else... safer

2- put a password on this account... one with a certain complexity level

The rest is up to your network infrastructure and settings (router, firewall, etc.)

I should point out that once longhorn is available, a regular user account should be used for everyday use and if you want to execute some installation and configuration task, you will be prompted for an administrator password.

Link to comment
Share on other sites

And I dont like having to type a password to logon to my PC.

Dude. Please don't take this as a flame. It's not. However, the above quote sounds like music to a hacker's ears. Having to type a password is a minor inconvenience compared to the damage that not having one can bring. Choose your own path of course, but I STRONGLY recommend against using null password on any account on an internet-connected PC.

I'll also echo the suggestion to rename the administrator account. However, remember that it's pretty trivial to enumerate a windows system's accounts. If there's no password, then it's partytime if I'm scanning your PC for a way inside.

- Ravashaak

Link to comment
Share on other sites

Ive had my pc with a null password for over 8 years now, no one has attacked me. My Firewall keeps me reasonably safe, and I have nothing of value on my machine, unless he wants my resume or game saves lol. Any coding source files I keep on backup anyways.

Ive just never seen the need for one, im not scared about who comes onto my pc anyways. But I guess I could try it out.

Please explain how a password to logon to windows stops hackers (this is not meant as sarcasm, im genuinly curious).

Also, can you please outline how YOU rename your admin acct, have the pw setup etc etc? That post I linked too, seems very confusing and people keep changing their minds.

Link to comment
Share on other sites

2Hulk: In fact you can use Longhorn LUA today, too - try to have a look on SAFER technology (Michael Howards or even better Valery Pryamikov) - this is quite interesting. About renaming Administrator - I must agree, this is working quite well.

I am renaming Administrator account on my machines to something harmless (e.g. MS_Support) and creating fake account with name Administrator, that dont have membership in any group and have really strong password.

2Ctwizzy: Renaming administrator is quite important - most people dont know how to receive real administrator name through RID 500, so most script kiddies will burn on this trick.

Link to comment
Share on other sites

I personally disable the Administrator account and leave it as Administator so that if a hacker, bot, or work attempts to use the Administrator account it finds that it is disabled.

I make a new user that has administrator privliges, I use a password that is no shorter than 14 charactores, then I set my computer to automatically logon with that user and password.

It works well for me.

(On the same note, also not a flame)

Running the admin account with no password is the perfect setup for owning a zombie machine.

The idea in today's world is to be able to hack someone's computer without letting them know they have been hacked. To make the machine the hackers workhorse byt enlisting it as it's zombie machine.

You might not know if you have been hacked, Zone Alarm only detects what programs are attempting to access the internet by name, not by checksum or any hash. This can be easliy spoofed by a resourceful hacker... or that hacker can add some hooks into the explorer.exe shell which allows them close to kernel level priority for executing any code they want... and the user is none the wiser (and neither is any AV Software or Firewall unless they specifically scan for malicious hooks... which about 99% of them don't).

The fact you have been running with a null password for 8 years is common among most users that are not in any IT field. Passwords are a hassle, I will agree, but they are a neccisary evil to protect the PC from script kitties and novice hackers. If a more experienced hacker want's into your computer, there is nothing you can do about it except diconnect your network connection.

You can use the following registry entry to facilitate the automatic logon with a password, just replace the username and password entries to your values and save it as a .reg file. Then double click it to import it into your registry.

WARNING - This will store your password in the registry as plain text, but is still more secure than a blank password.

Windows Registry Editor Version 5.00 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"DefaultUserName"="Username"
"DefaultPassword"="Password"
"AutoAdminLogon"="1"

Next,

If you are using a broadband connection I HIGHLY reccommend a hardware router solution. While ZoneAlarm is free, it still responds to incomming TCP requests. A good firewall runs in 100% stealth mode and does not respond... most harware firewalls do this by default.

Also, if someone comptimises the harware firewall (they have to be really good and really want into your system) they will need to then from the hardware router they would have to break into your computer. This usually takes alot of time and is something that most basic hackers won't do alot of...

Anyways, I wan't talking down to you, so don't take it that way, I just want to inform you of the risks of running witout adequate protection (and what is consdered adequare at this moment in time).

Hope the autologon registry entry help you out.

Link to comment
Share on other sites

Thanks for the auto logon reg entry.

I am using this: (not tested it yet)

Use something like this for general good practices. Get netuser.exe and renuser.exe, drop the file(s) into the system32 folder however you like (I use $OEM$\$$\System32 during setup) and run a batch file like this from RunOnce:

CODE

@echo off

echo Renaming/Creating Accounts

net user guest {s2J234OPH}

renuser guest notguest

net localgroup guests notguest /delete

renuser Administrator admin

net user /add Administrator /active:no /passwordchg:no /passwordreq:yes

netuser Administrator /pwnexp:y

net user Administrator {s2J234OPH}

net localgroup users Administrator /delete

This way it will do this after setup, but before the first user logs in. It will rename the guest account and remove it from the guests group (If you install the .Net framework later it will put it back there FYI). It will also rename the administrators account to soemthing else and create a dummy Administrators account while removing the dummy account from the users group.

then I will throw a password on the newly named Admin acct. I will forego the autologin as having my password in the registry isnt exactly nice, tho I will leave it as an option if I get annoyed of typing my pw all the time.

So my next question is, in the WINNT.SIF

[GuiUnattended]
AdminPassword=*
EncryptedAdminPassword=NO
AutoLogon=Yes
AutoLogonCount=1
OEMSkipRegional=1
TimeZone=35

If i changed this to

[GuiUnattended]
AdminPassword=mypassword
EncryptedAdminPassword=NO [b]do I change this to yes?[/b]
AutoLogon=No
AutoLogonCount=1 [b] what does this do?[/b]
OEMSkipRegional=1
TimeZone=35

OemSkipWelcome=1

Then anyone who can read this file knows my logon, not to mention my XP CDKEY. Can I safely delete this winnt.sif after install in my cleanup script? Or should I be doing the admin password another way so that no one can read it? Thanks!

Link to comment
Share on other sites

EncryptedAdminPassword=yes

but I think it needs Setup Manager to encrypt it.

Can I safely delete this winnt.sif after install in my cleanup script?
No if it's on a CD but if the pw is encrypted then it won't be necessary to do so.
AutoLogonCount=1  what does this do?

It sets the no. of times you can autologon after Windows has been installed. When the count is used up, you have to type the password to logon.

Link to comment
Share on other sites

  • 2 weeks later...

I threw this in my cleanup.cmd code

Just renames the admin acct to whatever I want it, changes the guest name and diables it.

So far so good.

Now I boot up and the admin name is changed, which is exactly what I wanted. Problem is its only aesthetic.

The name to logon to windows is the new name, even the windows startmenu name is now the newly changed admin name. But for all other purposes (Docs and settings is still named Administrator) everything is named Administrator. Now this may be the purpose of what I just did, and if there is no way to actualy change the administrators $Docs name I will have to create a user account that is basically the same as the Administrator acct.

So how do I change the $Docs Admins name? If its not possible, how do I disable the administrator acct. And then ai create a user account with all the power of an Administrator acct.

And then upon boot up the only name it should ever show on the logon screen should be the newly created user account.

Thanks

Link to comment
Share on other sites

  • 2 weeks later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...