We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you two Citrix podcasts. Learn about 2020 trends and get answers to your biggest Citrix questions!Listen Now

x

Forgotten administrator password in Windows 2000 Pro

jlodata
jlodata asked
on
Medium Priority
204 Views
Last Modified: 2013-12-04
I see that there are several ways around a forgotten Administrator password in Windows 2000.  Is there any way of locking down the O/S so that someone surfing the 'Net can't find the same information I did and thus remove or change the Administrator password?
Comment
Watch Question

CERTIFIED EXPERT
Most Valuable Expert 2011
Top Expert 2011

Commented:
There are several types of monitoring solutions for the gateway, Like SonicWall and Websense.

However, almost all of the methods out there require physical access (or in a few rare cases remote registry , or admin share access). Physical security would be more important in my view. Dont allow the workstations to boot from the CD, and that will thwart alot of attacks (password protect the BIOS Setup, to prevent them from changing it back). Dont forget the physical layer of security as well, in terms of keeping important servers and workstations out of reach, behind locked doors...
Mnf

Commented:
you can't lucking down the os for removing te admin password
as you noticed all the ways depinding on the physical access to the pc.
so preventing the access will reduse the chanse (or even block) to reset the admin pass.
even make your password hard to guess is the other important way to make it more and more difficult for hacker to guess the pass
try to make your pass a compination of (numbers,capital alphabetical and small,and some of the sympoles "*/?.-=+&%#@!")
and if you can make it long (more than 14 character in the password make some programs that use the brute force to guess the passwrod not even wrok)

Best regards

Author

Commented:
Thanks for the help so far guys!

Limiting physical access is not an option in this case as this is a PC in a home with several people in residence.  I thought I had resolved the issue of "computer misuse" by requiring a login and password, until the "abuser" was able to strip the administrator password and thus ultimately gain the access I wished to deny.

How do you go about setting the workstation so that it won't boot from the CD?  Additionally, how do you password protect the BIOS?

I'm sure these are rudimentary questions for most of you.  But I'm a software application expert who doesn't know all the finer points of O/S & BIOS settings.
CERTIFIED EXPERT
Distinguished Expert 2019
Commented:
The password protection of the bios is easy, there is a security menu in every bios or at least a submenu security.
You should set the computer to only boot from the harddrive, lock bios settings and then lock/seal the case of your computer.
Then, if no other user but you is admin, you have a real chance that it will stay like this :)

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
CERTIFIED EXPERT
Most Valuable Expert 2011
Top Expert 2011

Commented:
The key word in McKnife's statement there for a home user, is
"lock/seal the case of your computer"

Then, if they still get into the case, fire them.
CERTIFIED EXPERT
Most Valuable Expert 2011
Top Expert 2011

Commented:
and get your PC back, before you do......Tell them its for maintenance.....Have them bring it in, and then fire them...
But what's the point of that? Anyone can go home and search. The best way is to create a long and strong password that would take forever to brute force but someone can always remove the password with a certain floppy disk. I've read somewhere that you'll lose encrypted files if you reset the password so I don't know if that would help.
CERTIFIED EXPERT
Most Valuable Expert 2011
Top Expert 2011

Commented:
BTW, to clarify the purpose of this statement....

""lock/seal the case of your computer""

So they cant reset the BIOS, to restore the boot to removable media....

And yes, encrypted files would be lost of they were created by Administrator.
Oh, yeah, that's a good idea, you can password protect your bios and lock your CPU using certain hardware  so no one can open it.
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.