Windows Legacy OS forum

General discussion

My nephew can bypass my password and log onto Windows.

by AnaB29 / September 16, 2008 6:33 AM PDT

Hello,

I have a computer that is running Windows XP Professional version 2000 SP2. I only have one user account, aside from the default admin account, and it has administrative access. I recently placed a password on the user account to control the amount of time my kids have access to the computer, but my nephew is able to log onto windows without knowing my password (I'm the only one who knows it and I have no hints for it).

I thought he may be gaining access by pressing ctrl, alt, delete twice which brings up the back door admin log in screen, but when I do that (typing in Administrator and no password) I get a message saying to check my password etc, and won't let me in.

I Googled "how to log onto windows without a password" and found many software programs for purchase, but they all require a disk of some sort to either retrieve the password or by pass it. My nephew doesn't use a disk and he can log on in a matter of seconds. Last night I left the computer after I 'Switched User' and came back within 3 minutes and he was in Windows. How is he able to do this? My technology IQ is basic and he's a recent High School grad geek. Is he able to somehow find my password or recall my keystrokes in the password text box?

I need to be able to block access to my computer with confidence so my questions are these: Do any of you know how he is able to log on without a password and without an apparent aid; and how can I switch users while I break from the computer and know that it can't be accessed while I'm away.

I appreciate any assistance this forum can offer.

Best,
Ana

Discussion is locked
You are posting a reply to: My nephew can bypass my password and log onto Windows.
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: My nephew can bypass my password and log onto Windows.
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
It can be done
by PudgyOne / September 16, 2008 6:44 AM PDT

by starting the computer in the Safe Mode(usually F8) at the logo screen.

Then go to safe mode with networking. You'll see the administrator account. If you click on it, do NOT enter a password, you can log into it.

Now go to the control panel and click on users. Create a password for the administrator account. Also look to see if there are any other user accounts there. Sometimes they hide an account there. either change the password there or remove the accounts that you don't want there.

I would also recommend that you change your password for you own account.


Rick

Collapse -
Vista has Better Controls for this Situation....just fyi...
by retexan599 / September 19, 2008 11:55 AM PDT
In reply to: It can be done

Just as an aside, as I realize the poster is in XP -- In Vista, you cannot get into the administrator account by 'not entering a password' in Safe Mode -- Vista will ask you for the administrator password even in Safe Mode. This is also true for other accounts from Safe Mode. And, if the guest happens to try to get into the User Account password control within his guest account, he cannot change any passwords without the original Admin password. When my (computer savvy) grandchildren come to visit, I have a User Account just for them, with its one password. I also make use of Vista's Parental Controls within their account, and also the Content Advisor within IE7. This, plus frequent peeks over their shoulders generally keep things on the up and up.

Collapse -
And how to undone it.
by R. Proffitt Forum moderator / September 16, 2008 7:01 AM PDT

After setting that admin password many forget what it was. For this the free to use program called NTPASSWD (see google) can fix your lost password.
Bob

Collapse -
As the others have said . . .
by Coryphaeus / September 16, 2008 7:31 AM PDT

There are ways to get around the Windows password. I suggest you create a BIOS password. It can be bypassed but only by opening up the machine and resetting the BIOS. Most "kids" will hesitate to do this. A BIOS password is more secure short of opening up the machine.

Then again you can threaten to break bones if he does it again.

Collapse -
How do I create a BIOS pswd?
by AnaB29 / September 16, 2008 8:11 AM PDT

Hi Coryphaeus,

How do I set a BIOS password? Can you lead me to an article about this or tell me simply here?

He was using the "control userpasswords2" prompt in Start/Run. I just changed the admin pswd, but he'll be able to just change it again that easily. Is there a way to control access to that prompt?

I told him last night not to access the computer when I have switched users and he won't, as long as I'm around...
He won't open up the machine, because my husband will "break bones" if he even attempted that, so I think creating a BIOS pswd is my solution.

Thanks to all for your prompt replies!

Ana

Collapse -
BIOS . . .
by Coryphaeus / September 16, 2008 8:37 AM PDT

You'll need to enter the machine BIOS. This is done by pressing a specific key during bootup. On PCs, it can be the Ctrl key, Delete key, F1, or such. You'll need to look at the PC manual or the PC web site to find out what this specific key is. After you find out what the key is, you boot the machine and when the screen shows the PC logo, you quickly press the key. Once into the BIOS you move around using the arrow keys because Windows has not loaded. There should be a Password option.

If you can't find the information, tell us the PC make and model and maybe we can research it.

Wayne (IBM freak - 7)

Click here to see the CNet faces, learn a little about analog and digital data, Internet connections, Spyware removal, and download free software (and a GREAT chocolate-cherry cobbler recipe).
There are 10 types of people who understand binary; those that do and those that don't.

Collapse -
RE: threaten to break bones
by caktus / September 16, 2008 12:23 PM PDT

Seems more and more, kids are using this method to bypass the bios password.

Perhaps the "threaten to break bones" methodology would be more effective. Personally, if he is beyond High school age and cannot follow simple household rules perhaps it is time for him to start learning to face the realities of the real world and begin learning of adult rules and consequences before it becomes too late by some measure. In other words, "get out!"

I seem to recall that there is a hidden, little known program in Windows 2000 and later that securely locks out access to the OS unless the correct pass code is entered. It seems this program was little spoken of because if the pass code is lost, the OS and all is lost for good. The only other option is to reinstall the OS and start from scratch. I used this method on my ME computer. I can't recall if I have used it on XP. I believe I once spoke of it on one of CNET's forums, perhaps prior to one of the earlier forum reformats that caused all registrations and perhaps postings to be lost. But it did work against all odds.

There is also a freebee called slock.exe from http://support.it-mate.co.uk/?mode=Products&p=slock that also worked effectively, but I believe it is properly effective on ME and earlier. Experience has taught me that it is not very effective on XP Home.

Charlie

Collapse -
Password Bypass
by helljack6 / September 17, 2008 3:03 AM PDT

I don't recommend using a bios password because that just drives curious kids do find out what more they have to do to get their way. And, if you for some reason forget the BIOS password, you have to now open up the computer to reset the BIOS or have one of your local techies run BIOS Killer to reset your bios which isn't a good thing either.

If you can't find the admin password, download Ophcrack and run it against your computer, unless it's a complex password exceeding 14 characters, Ophcrack is going to show you what the password is in a matter of seconds. Once armed with the password, log in and CHANGE the password to a complex password that he's not likely to find out, or any other software for that matter.

Strong passwords consist of the following:
10-16 characters long,
2 Uppercase
2 Lowercase
2 Numbers
2 Special Characters

think of everyday words that you're familiar with and incorporate the above tactics into rewriting one of those words to become your password.

Ophcrack whitepaper even states that if the password is beyond 14 characters and is complex by any means, it can not crack the password.

Do this on both your account and the Admin account. While logged in under your account, right click on My Computer, and Click on Manage. In the window that comes up, on the left, expand Local Users and Groups, Click on Users. Right click on the administrator account and click on set password. Change it and be done with it.

Collapse -
bios password
by rbreid2004 / September 20, 2008 10:29 PM PDT

bios passwords are only effective if you have a keylock on the computer case, because all a person as to do to disable one is open the case, remove and replace the battery on the cpu, then reset the time and date in bios.

Collapse -
yes he can
by pumpkinman1963 / September 19, 2008 2:22 PM PDT

with windows there are a few ways to bybass the login..i would go into the bios setup and lock the hard drive with a pass word,steve

Collapse -
Unauthorised PC access
by mmrpmitchell / September 19, 2008 5:26 PM PDT
In reply to: yes he can

Hi, The way I found most effective was to buy a Hard drive caddy. This allows the hard drive to be physically removed from the computer in one easy step. No ones going to access that !!

Extreme, but effective....

Regards
Paul

Collapse -
unauthorized pc usage
by rwh599 / September 20, 2008 9:33 AM PDT
In reply to: Unauthorised PC access

Or do as I had to do....get a wireless keyboard and mouse and remove it from the computer when not using said computer. Hard to access anything at that stage, wouldn't ya say?

Collapse -
Follow these steps to control access
by navneetgaur / September 19, 2008 8:46 PM PDT

Hi.

1. The default user that is created in Windows Xp has administrative privileges. That implies that even though you may log in your children with that account, they will have complete control over the system once you have logged in.

2. It seems your nephew has changed the password for the user 'administrator' as well. This is very likely as he needs to have a log in access to be able to reach the 'run' command in the first place and by your own submission you are not able to log in using the 'administrator' user name.

Solution for the above situation is as follows:

1. Log in to your computer with your user account.
2. Right click on 'My computer' on the desktop and click on 'Manage'.

otherwise,

Open 'Control panel'. Double click on 'Administrative tools'. Select 'Computer Management' and double click on it.

3. On the window that opens, within the 'System tools' heading, expand 'Local users and groups'

4. Now you are within the window that lists all the users currently available on your system.

5. Click the folder 'Users'

6. Change the 'Administrator' password. Right click on the user 'administrator' - select 'set password' - select 'proceed' and enter the new password twice. This will take care of the administrative log in.

7. Right click and delete any accounts that you may feel are extra. The usual accounts that are available in Windows Xp are as follows:-
a. Administrator.
b. ASPNET
c. Guest (normally disabled)
d. HelpAssitant (Normally disabled)
e. IUSER_XP
f. IWAM_XP
g. Support_xxxxxx (Normally disabled)
h. 'Your user account - which you use to log in to windows'

Some of these users may or may not be present depending on your system configuration.

8. While in the current window, select 'Action' from the menu bar and click on 'New user'.

9. Now create a new user with any password. This account is to be used by your children for computer access. It has restricted access and does not permit users to change administrative passwords or create new users, using commands or otherwise, among other restrictions. Also uncheck the box marked 'User must change password at next logon' and check the boxes 'User cannot change password' and 'Password never expires'.

10. If you want to cripple this account, double click on this account name and select the 'member of' tab in the menu bar that opens. Now click on 'add' - 'advanced' - 'find now' and select 'guests' from the list that appears. Click 'Ok' - 'Ok'. Now select 'Users' from the 'Member of' list and click on 'Remove'. Click 'Ok'.
This will make the account, that you have created, a guest account with extremely limited computer access rights. It is too limited for everyday use though, as the users are not even able to save their files on the computer.

11. I suppose that your file system is NTFS. However if it is not, I would suggest that you run the following command at the command prompt:

convert c: /FS:NTFS

Above command is for drive C. Repeat it for all the drive letters on your hard disk, replacing C with appropriate drive letter. This would convert your file system to NTFS if it isn't already. NTFS is a secure file system which provides benefits of restricted access to files by any one else other than the owner.

I also suggest that you print out these instructions and then apply them.

Take care.

Collapse -
How does this....
by R. Proffitt Forum moderator / September 19, 2008 11:55 PM PDT

How does this stop me from using NTPASSWD to regain access?

Collapse -
They're still missing the point
by helljack6 / September 20, 2008 2:46 AM PDT
In reply to: How does this....

It doesn't stop them at all.

I said it in another forum, i'll say it here as well. Either give the original poster a solution that meets their needs, or don't give one at all, otherwise you might as well consider yourself in the same category as those H1B visa low wage paid outsource tech support guys who read from stupid scripts given to them by the company they do tech support for.

Whatever the heck all those steps were regarding changing this that and the other thing and converting the drive to NTFS, and all those other comments about putting bios passwords or hard drive passwords in place, totally NOT the point. The immediate problem is the OP's nephew is already bypassing a system in use, SO a BIOS password is out of the question, and NTFS file security system is completely MOOT.

Address the issue as stated instead of blowing it so far out of scope, you're no longer even addressing the actual issue, but an issue you've created out of an issue.

Collapse -
Fair enough.
by R. Proffitt Forum moderator / September 20, 2008 3:48 AM PDT

Remember that we always have an open mind to ask "What about this?" here.

I did have one member earn a ban over a week as they "corrected" everyone in the forum as "stupid" and other discourteous remarks.
Bob

Collapse -
Dude read the solution carefully....
by navneetgaur / September 20, 2008 4:10 AM PDT
In reply to: How does this....

Allow me to have some say too.

1. You are not the original poster who can categorically state that 'it doesn't stop them at all' with an authority that you have claimed as such.

2. The solution I have provided is for the original problem and it meets her needs.

3. Converting the drive to NTFS was an additional advice and stated as such towards 'the end'. It does help in restricting access.

4. All those steps about changing this and that. Dude in your own words 'OP's nephew is already bypassing a system in use'. Do you have any idea how? He has the administrators password and he is able to log on using the administrator user id instead of regular users id.
All those 'steps' were to:
a. Change the administrator password.
b. Create a user who cannot change any passwords.
c. Limit the users ability to modify system settings in the future.
d. Remove any additional user ids that may be used by the nephew to log in.

5. And lastly regarding 'address the issue as stated instead of blowing it so far out of scope, you're no longer even addressing the actual issue, but an issue you've created out of an issue.'
Read the problem stated and then the solution provided and try to 'understand' both.

Specifically for R. Proffitt:

In Windows Server 2003 with Service pack 2 if you modify the file in question, the system disables all log in's and generates system error requiring you to reformat the system. I have not felt the necessity to try the procedure on windows Xp but I believe that with Service Pack 2 or 3 same should be applicable.

It would also help if you used the command 'syskey'.

Take care.

Collapse -
I need to try that aon Server 2003.
by R. Proffitt Forum moderator / September 20, 2008 4:57 AM PDT

But with authority I can share that NTPASSWD is alive and well, plus gets the job done on XP SP3 and Vista SP1.
Bob

Collapse -
I agree
by navneetgaur / September 20, 2008 5:08 AM PDT

Yep. I have just checked it on Xp.

I guess Linux is safer. The only solace is that one needs physical access to the computer to apply the procedure.

Take care.

Collapse -
Additionally...
by navneetgaur / September 20, 2008 5:14 AM PDT
In reply to: I agree

You need not supplement your statement with 'authority'. Your word is good enough as it is.

A section of my earlier post, even though it was in reply to your post, was directed at another user.

The section meant for you had a heading specifically for you.

Take care.

Collapse -
Original poster has been helped :)
by AnaB29 / September 21, 2008 4:32 AM PDT

Hello Everyone,

Thanks to everyone that responded. I really appreciate your PROMPT and helpful ides. When I first posted, I admit I was emotionally frustrated because I thought Nephew was a little more trustworthy than he's proven, but having so many people help solve my dilema so quickly, put me back at ease and in control again.

Navneetgaur, thank you for putting your points so clearly and all together in one post. My drives are already set as NTFS, but all your other points were followed, and I now have a secure setting on my computer. I just switch to the limited access account when I walk away, or if it's time to do homework or chores, I just switch to the welcome screen Happy My kids are miffed because there is no more access w/o Mom. I later found out that naughty Nephew had shared the secret ("control userpasswords2") with my son and he had gained access w/o permission as well... Nephew never "had" my pswd, because there wasn't one on the XP admin account and it wouldn't have mattered any way because my account, the account everyone was using, has admin privileges so he could change it any day of the week, and he did.

My computer does lock, but I'm not going to need a BIOS pswd.

Between all of your responses and some Google searching I'm learning that there's a lot to learn about this computer that sits on my desk!

Thanks again to ALL!!!

Best,
Ana

Collapse -
Use a pendrive
by banshdharm / September 20, 2008 4:24 AM PDT

You can use a pen drive as a hardware lock for your computer. As long as the pen drive is in your physical possession nobody will be able to access your computer.

Collapse -
If You didn't like it.....
by helljack6 / September 20, 2008 5:26 AM PDT
In reply to: Use a pendrive

Don't try it.

I'm addressing those who are posting moot actions that don't resolve the issue. Bios Passwords aren't going to resolve the issue if the computer is already on and booted, that's the point i'm getting at.

If you want to spend money out of pocket, enable CAC login using an external CAC reader, a card and ActiveClient 6, easy to set up, hard to get past, better yet, spend a little more and include a biometric fingerprint or face reader. Then you have hardened your system to a point where your nephew is going to have a really REALLY work at trying to get on your computer. That is a solution.

Smartyguy, you post is again, irrelavent and still does not solve the problem.

Moderator, I've seen some of your other posts in the past few days in other forums, unless speaking my mind and stating my opinion is against the forum rules, I think I'm pretty much able to call it like I see it.

People post in these forums for help resolving their problems, in the past week i've been here posting, i've seen some of the absolute vaguest resolution posts, either help the people or save time and don't bother to post, it's that easy.

Collapse -
"don't bother to post," posts.
by R. Proffitt Forum moderator / September 20, 2008 5:36 AM PDT

As the moderator I think its just fine for people to toss out their ideas on the subject. If you attempt to dissuade such posts I will have little choice on what to do next.

-> This is an open forum where everyone is welcome to post ideas and discuss the issues. There is no mandate that every post much be the only acceptable answer.
Bob

Collapse -
Just an observation.
by MarkFlax Forum moderator / September 21, 2008 4:58 AM PDT

It has already been said, but no matter, I will say it again. These are forums of ideas, where people can discuss different ways to solve problems. Not all work, some are better than others. But everyday people help other, everyday, people.

It is a shame that, in the 5 days you have been posting here, you have so far not fathomed this out.

Whilst your CAC reader idea is an alternative, it is just that, an alternative.

It would seem from the post here that AnaB29, the original poster, has found the discussion very useful, and they have resolved their issue with the help of the suggestions from this thread.

It seems that AnaB29 did not choose your idea.

Mark

Collapse -
The simplest way...
by mwooge / September 21, 2008 12:13 AM PDT

The simpelest way to find out how he can log onto Windows without a password is to ask him.

Collapse -
my apolgies if someone's already suggested this.
by mwooge / September 21, 2008 12:29 AM PDT

I assume your nephew doesn't live with you.

It's your computer. If he's using it without your permission, forbid him from using it, ever. Just like you wouldn't allow him to use your car or checking account without permission.

If he still doesn't respect you and your property, don't allow him to enter your home.

This is more than just getting onto an unattended computer, he's disrespecting you.

Popular Forums
icon
Computer Help 47,885 discussions
icon
Computer Newbies 10,322 discussions
icon
iPhones, iPods, & iPads 3,188 discussions
icon
Security 30,333 discussions
icon
TVs & Home Theaters 20,177 discussions
icon
HDTV Picture Setting 1,932 discussions
icon
Phones 15,713 discussions
icon
Windows 7 6,210 discussions
icon
Networking & Wireless 14,510 discussions

Big stars on small screens

Smosh tells CNET what it took to make it big online

Internet sensations Ian Hecox and Anthony Padilla discuss how YouTube has changed and why among all their goals, "real TV" isn't an ambition.