Server Help :: View topic - SUPPORT

Server Help

Trash Talk - SUPPORT_388945a0

K' - Tue Sep 26, 2006 11:57 am
Post subject: SUPPORT_388945a0

Old issue, which I just found out about (like most, doing NET USER).
Kind of pisses me off that MS done this without really telling us.
Or was it burried somewhere in the EULA?

Maverick - Tue Sep 26, 2006 3:34 pm
Post subject:

It probably is buried in the EULA.

Isn't that the account used for microsoft if they give you support through remote assistance ?

K' - Wed Sep 27, 2006 6:52 am
Post subject:

Yeah.
It has admin rights and thorough access.
And it's not listed on the user login screen, so it's effectively invisible unless you read the EULA (or whatever online reports that first gave accounts of it).

Maverick - Wed Sep 27, 2006 8:41 am
Post subject:

I wonder if it can be used for getting access to any computer running xp. (It should be possible if you have the password.)

Now I'm thinking of it - you can't just remote desktop with it since you have to specify which users can do that. But it should be possible to access the C$ shares on the computer through that account since it's Administrator.

K' - Wed Sep 27, 2006 11:54 am
Post subject:

I thought about same.
But I heard something about needing to be MS to access it - that not everyone can access it.
It's basically some kind of shell for authorized scripts to run??
IDK, IDR.
Eitherway, as far as I can look at it, even disabled (the account itself, and with remote admin disabled as well), it's a security risk.
One day some smartiepants will figure a way to trigger it into activation and accessing it, and that'll be bye-bye your PC being your PC.

Mine GO BOOM - Wed Sep 27, 2006 3:20 pm
Post subject:

K' wrote:

One day some smartiepants will figure a way to trigger it into activation and accessing it, and that'll be bye-bye your PC being your PC.

To be able to activate it requires the same permissions to do everything it already can do. The point behind the account, if you happen to use Google, is to allow normal users to be able to use the built-in help system to change settings on the system. It is no different than how Linux uses setuid to allow users to do things that their normal account won't let them.

By being disabled, you cannot log into the account. By have no password, by default you cannot remotely use that account for shares or other tasks. Try connecting using any remote tool (I used pstools), Access is denied. Having that user account is no security risk, it doesn't leave you open to remote attacks, and it doesn't let Microsoft spy on you. It is so when something doesn't work on your computer, and you are a normal user, you can go through Start->Help and change settings based upon questions. If the administrator of the system doesn't want you to be able to do this, group policy allows you to easily disable this feature.

This is as bad as a new user to Linux seeing fourty different usernames inside /etc/passwd. That account is for built in purposes in which you cannot directly access it without doing through steps to activate it. There is no need for it to be in some hidden part of the EULA. Why are you not flipping out that there is a disabled account named Guest? It is just as much as a security risk, and its in Windows 2000 and NT4 as well.

K' - Thu Sep 28, 2006 7:36 am
Post subject:

When you make a fresh install of phpBB, there's a User zero or minus one, IIRC, delete it and make your admin under a new user.