jlodata
asked on
Forgotten administrator password in Windows 2000 Pro
I see that there are several ways around a forgotten Administrator password in Windows 2000. Is there any way of locking down the O/S so that someone surfing the 'Net can't find the same information I did and thus remove or change the Administrator password?
you can't lucking down the os for removing te admin password
as you noticed all the ways depinding on the physical access to the pc.
so preventing the access will reduse the chanse (or even block) to reset the admin pass.
even make your password hard to guess is the other important way to make it more and more difficult for hacker to guess the pass
try to make your pass a compination of (numbers,capital alphabetical and small,and some of the sympoles "*/?.-=+&%#@!")
and if you can make it long (more than 14 character in the password make some programs that use the brute force to guess the passwrod not even wrok)
Best regards
as you noticed all the ways depinding on the physical access to the pc.
so preventing the access will reduse the chanse (or even block) to reset the admin pass.
even make your password hard to guess is the other important way to make it more and more difficult for hacker to guess the pass
try to make your pass a compination of (numbers,capital alphabetical and small,and some of the sympoles "*/?.-=+&%#@!")
and if you can make it long (more than 14 character in the password make some programs that use the brute force to guess the passwrod not even wrok)
Best regards
ASKER
Thanks for the help so far guys!
Limiting physical access is not an option in this case as this is a PC in a home with several people in residence. I thought I had resolved the issue of "computer misuse" by requiring a login and password, until the "abuser" was able to strip the administrator password and thus ultimately gain the access I wished to deny.
How do you go about setting the workstation so that it won't boot from the CD? Additionally, how do you password protect the BIOS?
I'm sure these are rudimentary questions for most of you. But I'm a software application expert who doesn't know all the finer points of O/S & BIOS settings.
Limiting physical access is not an option in this case as this is a PC in a home with several people in residence. I thought I had resolved the issue of "computer misuse" by requiring a login and password, until the "abuser" was able to strip the administrator password and thus ultimately gain the access I wished to deny.
How do you go about setting the workstation so that it won't boot from the CD? Additionally, how do you password protect the BIOS?
I'm sure these are rudimentary questions for most of you. But I'm a software application expert who doesn't know all the finer points of O/S & BIOS settings.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
The key word in McKnife's statement there for a home user, is
"lock/seal the case of your computer"
Then, if they still get into the case, fire them.
"lock/seal the case of your computer"
Then, if they still get into the case, fire them.
and get your PC back, before you do......Tell them its for maintenance.....Have them bring it in, and then fire them...
But what's the point of that? Anyone can go home and search. The best way is to create a long and strong password that would take forever to brute force but someone can always remove the password with a certain floppy disk. I've read somewhere that you'll lose encrypted files if you reset the password so I don't know if that would help.
BTW, to clarify the purpose of this statement....
""lock/seal the case of your computer""
So they cant reset the BIOS, to restore the boot to removable media....
And yes, encrypted files would be lost of they were created by Administrator.
""lock/seal the case of your computer""
So they cant reset the BIOS, to restore the boot to removable media....
And yes, encrypted files would be lost of they were created by Administrator.
Oh, yeah, that's a good idea, you can password protect your bios and lock your CPU using certain hardware so no one can open it.
However, almost all of the methods out there require physical access (or in a few rare cases remote registry , or admin share access). Physical security would be more important in my view. Dont allow the workstations to boot from the CD, and that will thwart alot of attacks (password protect the BIOS Setup, to prevent them from changing it back). Dont forget the physical layer of security as well, in terms of keeping important servers and workstations out of reach, behind locked doors...