28 total posts
It can be done
by starting the computer in the Safe Mode(usually F8) at the logo screen.
Then go to safe mode with networking. You'll see the administrator account. If you click on it, do NOT enter a password, you can log into it.
Now go to the control panel and click on users. Create a password for the administrator account. Also look to see if there are any other user accounts there. Sometimes they hide an account there. either change the password there or remove the accounts that you don't want there.
I would also recommend that you change your password for you own account.
Vista has Better Controls for this Situation....just fyi...
Just as an aside, as I realize the poster is in XP -- In Vista, you cannot get into the administrator account by 'not entering a password' in Safe Mode -- Vista will ask you for the administrator password even in Safe Mode. This is also true for other accounts from Safe Mode. And, if the guest happens to try to get into the User Account password control within his guest account, he cannot change any passwords without the original Admin password. When my (computer savvy) grandchildren come to visit, I have a User Account just for them, with its one password. I also make use of Vista's Parental Controls within their account, and also the Content Advisor within IE7. This, plus frequent peeks over their shoulders generally keep things on the up and up.
And how to undone it.
After setting that admin password many forget what it was. For this the free to use program called NTPASSWD (see google) can fix your lost password.
As the others have said . . .
There are ways to get around the Windows password. I suggest you create a BIOS password. It can be bypassed but only by opening up the machine and resetting the BIOS. Most "kids" will hesitate to do this. A BIOS password is more secure short of opening up the machine.
Then again you can threaten to break bones if he does it again.
How do I create a BIOS pswd?
How do I set a BIOS password? Can you lead me to an article about this or tell me simply here?
He was using the "control userpasswords2" prompt in Start/Run. I just changed the admin pswd, but he'll be able to just change it again that easily. Is there a way to control access to that prompt?
I told him last night not to access the computer when I have switched users and he won't, as long as I'm around...
He won't open up the machine, because my husband will "break bones" if he even attempted that, so I think creating a BIOS pswd is my solution.
Thanks to all for your prompt replies!
BIOS . . .
You'll need to enter the machine BIOS. This is done by pressing a specific key during bootup. On PCs, it can be the Ctrl key, Delete key, F1, or such. You'll need to look at the PC manual or the PC web site to find out what this specific key is. After you find out what the key is, you boot the machine and when the screen shows the PC logo, you quickly press the key. Once into the BIOS you move around using the arrow keys because Windows has not loaded. There should be a Password option.
If you can't find the information, tell us the PC make and model and maybe we can research it.
Wayne (IBM freak - 7)
Click here to see the CNet faces, learn a little about analog and digital data, Internet connections, Spyware removal, and download free software (and a GREAT chocolate-cherry cobbler recipe).
There are 10 types of people who understand binary; those that do and those that don't.
RE: threaten to break bones
Seems more and more, kids are using this method to bypass the bios password.
Perhaps the "threaten to break bones" methodology would be more effective. Personally, if he is beyond High school age and cannot follow simple household rules perhaps it is time for him to start learning to face the realities of the real world and begin learning of adult rules and consequences before it becomes too late by some measure. In other words, "get out!"
I seem to recall that there is a hidden, little known program in Windows 2000 and later that securely locks out access to the OS unless the correct pass code is entered. It seems this program was little spoken of because if the pass code is lost, the OS and all is lost for good. The only other option is to reinstall the OS and start from scratch. I used this method on my ME computer. I can't recall if I have used it on XP. I believe I once spoke of it on one of CNET's forums, perhaps prior to one of the earlier forum reformats that caused all registrations and perhaps postings to be lost. But it did work against all odds.
There is also a freebee called slock.exe from http://support.it-mate.co.uk/?mode=Products&p=slock that also worked effectively, but I believe it is properly effective on ME and earlier. Experience has taught me that it is not very effective on XP Home.
I don't recommend using a bios password because that just drives curious kids do find out what more they have to do to get their way. And, if you for some reason forget the BIOS password, you have to now open up the computer to reset the BIOS or have one of your local techies run BIOS Killer to reset your bios which isn't a good thing either.
If you can't find the admin password, download Ophcrack and run it against your computer, unless it's a complex password exceeding 14 characters, Ophcrack is going to show you what the password is in a matter of seconds. Once armed with the password, log in and CHANGE the password to a complex password that he's not likely to find out, or any other software for that matter.
Strong passwords consist of the following:
10-16 characters long,
2 Special Characters
think of everyday words that you're familiar with and incorporate the above tactics into rewriting one of those words to become your password.
Ophcrack whitepaper even states that if the password is beyond 14 characters and is complex by any means, it can not crack the password.
Do this on both your account and the Admin account. While logged in under your account, right click on My Computer, and Click on Manage. In the window that comes up, on the left, expand Local Users and Groups, Click on Users. Right click on the administrator account and click on set password. Change it and be done with it.
bios passwords are only effective if you have a keylock on the computer case, because all a person as to do to disable one is open the case, remove and replace the battery on the cpu, then reset the time and date in bios.
yes he can
with windows there are a few ways to bybass the login..i would go into the bios setup and lock the hard drive with a pass word,steve
Unauthorised PC access
Hi, The way I found most effective was to buy a Hard drive caddy. This allows the hard drive to be physically removed from the computer in one easy step. No ones going to access that !!
Extreme, but effective....
unauthorized pc usage
Or do as I had to do....get a wireless keyboard and mouse and remove it from the computer when not using said computer. Hard to access anything at that stage, wouldn't ya say?
Follow these steps to control access
1. The default user that is created in Windows Xp has administrative privileges. That implies that even though you may log in your children with that account, they will have complete control over the system once you have logged in.
2. It seems your nephew has changed the password for the user 'administrator' as well. This is very likely as he needs to have a log in access to be able to reach the 'run' command in the first place and by your own submission you are not able to log in using the 'administrator' user name.
Solution for the above situation is as follows:
1. Log in to your computer with your user account.
2. Right click on 'My computer' on the desktop and click on 'Manage'.
Open 'Control panel'. Double click on 'Administrative tools'. Select 'Computer Management' and double click on it.
3. On the window that opens, within the 'System tools' heading, expand 'Local users and groups'
4. Now you are within the window that lists all the users currently available on your system.
5. Click the folder 'Users'
6. Change the 'Administrator' password. Right click on the user 'administrator' - select 'set password' - select 'proceed' and enter the new password twice. This will take care of the administrative log in.
7. Right click and delete any accounts that you may feel are extra. The usual accounts that are available in Windows Xp are as follows:-
c. Guest (normally disabled)
d. HelpAssitant (Normally disabled)
g. Support_xxxxxx (Normally disabled)
h. 'Your user account - which you use to log in to windows'
Some of these users may or may not be present depending on your system configuration.
8. While in the current window, select 'Action' from the menu bar and click on 'New user'.
9. Now create a new user with any password. This account is to be used by your children for computer access. It has restricted access and does not permit users to change administrative passwords or create new users, using commands or otherwise, among other restrictions. Also uncheck the box marked 'User must change password at next logon' and check the boxes 'User cannot change password' and 'Password never expires'.
10. If you want to cripple this account, double click on this account name and select the 'member of' tab in the menu bar that opens. Now click on 'add' - 'advanced' - 'find now' and select 'guests' from the list that appears. Click 'Ok' - 'Ok'. Now select 'Users' from the 'Member of' list and click on 'Remove'. Click 'Ok'.
This will make the account, that you have created, a guest account with extremely limited computer access rights. It is too limited for everyday use though, as the users are not even able to save their files on the computer.
11. I suppose that your file system is NTFS. However if it is not, I would suggest that you run the following command at the command prompt:
convert c: /FS:NTFS
Above command is for drive C. Repeat it for all the drive letters on your hard disk, replacing C with appropriate drive letter. This would convert your file system to NTFS if it isn't already. NTFS is a secure file system which provides benefits of restricted access to files by any one else other than the owner.
I also suggest that you print out these instructions and then apply them.
How does this....
How does this stop me from using NTPASSWD to regain access?
They're still missing the point
It doesn't stop them at all.
I said it in another forum, i'll say it here as well. Either give the original poster a solution that meets their needs, or don't give one at all, otherwise you might as well consider yourself in the same category as those H1B visa low wage paid outsource tech support guys who read from stupid scripts given to them by the company they do tech support for.
Whatever the heck all those steps were regarding changing this that and the other thing and converting the drive to NTFS, and all those other comments about putting bios passwords or hard drive passwords in place, totally NOT the point. The immediate problem is the OP's nephew is already bypassing a system in use, SO a BIOS password is out of the question, and NTFS file security system is completely MOOT.
Address the issue as stated instead of blowing it so far out of scope, you're no longer even addressing the actual issue, but an issue you've created out of an issue.
Remember that we always have an open mind to ask "What about this?" here.
I did have one member earn a ban over a week as they "corrected" everyone in the forum as "stupid" and other discourteous remarks.
Dude read the solution carefully....
Allow me to have some say too.
1. You are not the original poster who can categorically state that 'it doesn't stop them at all' with an authority that you have claimed as such.
2. The solution I have provided is for the original problem and it meets her needs.
3. Converting the drive to NTFS was an additional advice and stated as such towards 'the end'. It does help in restricting access.
4. All those steps about changing this and that. Dude in your own words 'OP's nephew is already bypassing a system in use'. Do you have any idea how? He has the administrators password and he is able to log on using the administrator user id instead of regular users id.
All those 'steps' were to:
a. Change the administrator password.
b. Create a user who cannot change any passwords.
c. Limit the users ability to modify system settings in the future.
d. Remove any additional user ids that may be used by the nephew to log in.
5. And lastly regarding 'address the issue as stated instead of blowing it so far out of scope, you're no longer even addressing the actual issue, but an issue you've created out of an issue.'
Read the problem stated and then the solution provided and try to 'understand' both.
Specifically for R. Proffitt:
In Windows Server 2003 with Service pack 2 if you modify the file in question, the system disables all log in's and generates system error requiring you to reformat the system. I have not felt the necessity to try the procedure on windows Xp but I believe that with Service Pack 2 or 3 same should be applicable.
It would also help if you used the command 'syskey'.
I need to try that aon Server 2003.
But with authority I can share that NTPASSWD is alive and well, plus gets the job done on XP SP3 and Vista SP1.
Yep. I have just checked it on Xp.
I guess Linux is safer. The only solace is that one needs physical access to the computer to apply the procedure.
You need not supplement your statement with 'authority'. Your word is good enough as it is.
A section of my earlier post, even though it was in reply to your post, was directed at another user.
The section meant for you had a heading specifically for you.
Original poster has been helped :)
Thanks to everyone that responded. I really appreciate your PROMPT and helpful ides. When I first posted, I admit I was emotionally frustrated because I thought Nephew was a little more trustworthy than he's proven, but having so many people help solve my dilema so quickly, put me back at ease and in control again.
Navneetgaur, thank you for putting your points so clearly and all together in one post. My drives are already set as NTFS, but all your other points were followed, and I now have a secure setting on my computer. I just switch to the limited access account when I walk away, or if it's time to do homework or chores, I just switch to the welcome screen My kids are miffed because there is no more access w/o Mom. I later found out that naughty Nephew had shared the secret ("control userpasswords2") with my son and he had gained access w/o permission as well... Nephew never "had" my pswd, because there wasn't one on the XP admin account and it wouldn't have mattered any way because my account, the account everyone was using, has admin privileges so he could change it any day of the week, and he did.
My computer does lock, but I'm not going to need a BIOS pswd.
Between all of your responses and some Google searching I'm learning that there's a lot to learn about this computer that sits on my desk!
Thanks again to ALL!!!
Use a pendrive
You can use a pen drive as a hardware lock for your computer. As long as the pen drive is in your physical possession nobody will be able to access your computer.
If You didn't like it.....
Don't try it.
I'm addressing those who are posting moot actions that don't resolve the issue. Bios Passwords aren't going to resolve the issue if the computer is already on and booted, that's the point i'm getting at.
If you want to spend money out of pocket, enable CAC login using an external CAC reader, a card and ActiveClient 6, easy to set up, hard to get past, better yet, spend a little more and include a biometric fingerprint or face reader. Then you have hardened your system to a point where your nephew is going to have a really REALLY work at trying to get on your computer. That is a solution.
Smartyguy, you post is again, irrelavent and still does not solve the problem.
Moderator, I've seen some of your other posts in the past few days in other forums, unless speaking my mind and stating my opinion is against the forum rules, I think I'm pretty much able to call it like I see it.
People post in these forums for help resolving their problems, in the past week i've been here posting, i've seen some of the absolute vaguest resolution posts, either help the people or save time and don't bother to post, it's that easy.
"don't bother to post," posts.
As the moderator I think its just fine for people to toss out their ideas on the subject. If you attempt to dissuade such posts I will have little choice on what to do next.
-> This is an open forum where everyone is welcome to post ideas and discuss the issues. There is no mandate that every post much be the only acceptable answer.
Just an observation.
It has already been said, but no matter, I will say it again. These are forums of ideas, where people can discuss different ways to solve problems. Not all work, some are better than others. But everyday people help other, everyday, people.
It is a shame that, in the 5 days you have been posting here, you have so far not fathomed this out.
Whilst your CAC reader idea is an alternative, it is just that, an alternative.
It would seem from the post here that AnaB29, the original poster, has found the discussion very useful, and they have resolved their issue with the help of the suggestions from this thread.
It seems that AnaB29 did not choose your idea.
The simplest way...
The simpelest way to find out how he can log onto Windows without a password is to ask him.
my apolgies if someone's already suggested this.
I assume your nephew doesn't live with you.
It's your computer. If he's using it without your permission, forbid him from using it, ever. Just like you wouldn't allow him to use your car or checking account without permission.
If he still doesn't respect you and your property, don't allow him to enter your home.
This is more than just getting onto an unattended computer, he's disrespecting you.