Why does XP allow empty admin accounts? | The Coffeehouse

nektar

In Windows XP, like in previous versions of NT, there is a default account called Administrator. Naturally though, when you install XP it can create for you your own account in the administrators group and call it whatever you wish. Once your account is in place after installation the default administrator account does not even appear on the welcome screen.
However, the default administrator account is still active and has an empty password! And although having an empty password coupled with a new policy setting in XP does not allow anyone to log on using the default admin account from the network, anyone can still log on from the console. So, even though you have secures your new home computer with a password and you have even created a password reset disk, your security is only imaginary.
This is because anyone can walk up to your computer, ignore the welcome screen and press ctrl+alt+delete twice for the old log on screen. Then, he/she can simply type in the username administrator and very well! he has bypassed your password protected computer. Is this axceptable os behaviour? Do you think so? Does Microsoft think so? And what is even more alarming is that XP does not make this fact known to the user. An ordinary user when looking in the User Accounts dialog in Control Panel will not find any mention to a default administrator account or that it has an empty password. So, the everyday user will be happy believing and strusting in Windows security.

tbeckner
Blissful

nektar wrote:
Then, he/she can simply type in the username administrator and very well! he has bypassed your password protected computer.

Not true. The Administrator account has a password from the original install.

Sven Groot
My name has 9 letters. Coincidence? I think not...

Also not true. The Administrator account password can be set during installation, but iirc you're not required to do so. If you didn't (and I do believe many OEMs don't if Windows comes pre-installed), you have a security hole. Granted, not one you can exploit without physical access to the computer, but it's still not as secure as could be.

If you really want to secure your system, make an account with administrative privileges a hard to guess name and a strong password, then delete the built-in Administrator and create a new account named Administrator that is a member of only the Guests group and give it an insanely difficult password. Nothing like hacking away at the Admin password for a coupla hours only to find out the Admin account can't do anything. Of course you have login attempts to the Admin account audited so by the time they figure it out you know someone is trying to compromise your system. Wink

Cider
Daze-d & Confused

nektar wrote:
And what is even more alarming is that XP does not make this fact known to the user. An ordinary user when looking in the User Accounts dialog in Control Panel will not find any mention to a default administrator account or that it has an empty password.

So, are you wanting a dialog box to come up when a non-admin user logs in that says "Non-Admin User, the password for the Administrator account is blank. So, if you want to have administrative priviledges, log out and log in as administrator with no password"? Hey, that's too helpful!

Seriously, I don't find the administrator account is still there. Surely the account you set up with on a manual build is the Administrator account renamed?

Sven Groot
My name has 9 letters. Coincidence? I think not...

Nope. If you create an Admin account from the OOB wizard, the good, old-fashioned, traditional Administrator account is still there. You can't see it on the welcome screen, you can't see it in User Accounts, but it is still there.

As nektar said, just press CTRL-ALT-DEL twice on the welcome screen to get a normal login dialog and you can login with the Admin account.

Alternatively, use Local Users and Groups (Pro only) to see that the account is in fact still there.

Additionally, if there are no other accounts with Administrative privileges, the Administrator account will show up on the Welcome Screen.

Jorgie
Jorgie

If you don't have physical security, you don't have security.

Anyone techie enough to know about the missing admin password is smart enough to use google to fine software like BartPE.

I carry a BartPE disk (among other tools) in my laptop bag. If I can get to your machine (the cd-drive or the floppy, or even a USB port), I can reboot and set the XP's root account (Administrator) password to anything I like.

For Microsoft, leaving the root password blank unless someone knows enough to change it themselves makes a great deal of of sense when you look at the cost of supporting Windows. The cost of the tech support calls from folks that need to use root access to fix something but are locked out of their machines because they were forced to set the root password 6 months ago during install and then never used the account again,would not be worth the small abount of extra security.

I remember thinking that NeXT Step was broken because there was a set of keys you could hold down duing the boot cycle that would put you into single user mode... then I spent a few years supporting end-users and really wished NT4 had the same thing!

These days real administrators have the tools they need to reset a root passord if they need to and end-users usually don't even know that root exists until they have a problem. It is much better for XP to require you to have a certain level of knowledge to set the root password and maybe lock yourself out of your own machine.

Jorgie

gswitz
Geoff

I agree with Jorgie for the large part. I want to bring up another threat to companies' security I think they may not be aware of. If you set all your root local administrator passwords to be the same, and log onto one of those computers using that password, you can now access any of the other PCs or Servers on the network (with the same root account name and password, although a different machine name) as administrator.

Additionally, it's not possible to delete built in accounts, so the best you can do is rename it. Indeed, it is a best practice to then create an administrator account with a complicated password and no rights. So then, you must create unique passwords (or admin account names) for each built in local Administrator account for each PC on your network. You can then create a method to track all these passwords, should you need one. An alternative is to teach your IS Department how to reset them and let the IS Department run around arbitrarily renaming admin passwords as they work. This might not ensure unique passwords, and again, if the admin account name and passwords are the same on two computers and you log into one of them with the admin account you can then access the other as admin.

By the way, this goes for Server Class as well (although I haven't tested for W2003 Server).

Can't you guys see some wiley new guy adding a Users account (we're all used to seeing the Users group) to a bunch of PCs on the network after logging in with an Admin password so he can later do what he wants, even if security gets tighter?

Happy New Year, all!

Geoff

ZippyV
Fired Up

I hate that Out-of-box wizard.

I had to install a new Dell client and connect it to the corporate network (so you could log in via AD), but the oob wizard still wanted me to create a local user account. Aaarrgggh

Mike Dimmick

Jorgie wrote:
I remember thinking that NeXT Step was broken because there was a set of keys you could hold down duing the boot cycle that would put you into single user mode... then I spent a few years supporting end-users and really wished NT4 had the same thing!

You can still do it on Linux. I can't remember the exact steps but you can press a key at the LILO (or GRUB) prompt then pass the word 'single' as a boot-time parameter to the Linux kernel. The system boots up in a single-user mode with networking turned off, without prompting for a root password. You just get a bash # prompt.

Windows 2000/XP/2003 Recovery Console does prompt for the Administrator password.