Win2k Logon Hacks

All Things Microsoft > Microsoft Software

Win2k Logon Hacks

<< < (5/5)

voidmain:
Yes it will because when you boot from a different OS (even NT or Win2K) you bypass the security when accessing the original file system. Unless of course you are using the encrypted file system in Win2k (hopefully you don't, as you will have much bigger problems if your OS becomes unbootable for any reason. What are the chances of that ever happening??? ).

[ May 04, 2002: Message edited by: VoidMain ]

Stryker:
very old thread... but perhaps this is why we (or at least used to a few months ago... before the change in the network section) always got people asking how to hack windows and such. I don't think this type of thread is really good on this forum... but when did the change happen? or was it one of those things that just happened and nobody notices? probably before my time.

mobrien_12:
To use this floppy requires physical access to the machine, and the BIOS to be set to allow boot from floppy. There is no difference between this and the use of Tom's rootboot disk to clear a forgotten linux root password.

And if you have this kind of access to the machine you could always reinstall windows on it which is another way to bypass the root/admin password.

[ July 09, 2003: Message edited by: M. O'Brien ]

Fett101:
So, obviously, physical acess to any machine can be a great security risk. And can be easily prevented by disabling boot from CD or floppy and passwording the BIOS. Seems like somethnig a good admin would do anyway.

mobrien_12:

quote:Originally posted by Fett101:
So, obviously, physical acess to any machine can be a great security risk. And can be easily prevented by disabling boot from CD or floppy and passwording the BIOS. Seems like somethnig a good admin would do anyway.
--- End quote ---

Yes, physical access to any machine is a large security risk. There is an IT maxim that says there is NO way to truly secure a system that people have physical access to.

Locking out boots from anything but the primary hard disk and passwording the BIOS is a good idea (and is what I do for all my boxes, whether Windows or Linux is installed). However, it can't really secure the box, because anyone can override the bios password by opening the case and setting a BIOS clear jumper or yanking the battery for 5 minutes.

This is one of the reasons I lament the fact that the thin-client approach has died as a common desktop solution. That and the fact that its so much easier to patch one beefcake server than dozens or hundreds of little independent machines.

Navigation

[0] Message Index

[*] Previous page

Go to full version