| Author |
Message |
K'
You can win any war if you start a year early
Gender:
Joined: Jul 13 2006
Posts: 271
Location: Southtown
Offline
|
 Posted: Tue Sep 26, 2006 11:57 am Post maybe stupid Post subject: SUPPORT_388945a0 |
 |
 |
|
|
Old issue, which I just found out about (like most, doing NET USER).
Kind of pisses me off that MS done this without really telling us.
Or was it burried somewhere in the EULA? |
|
| Back to top |
|
 |
Maverick
Age:40
Gender:
Joined: Feb 26 2005
Posts: 1521
Location: The Netherlands
Offline
|
| Posted: Tue Sep 26, 2006 3:34 pm Post maybe stupid Post subject: |
|
|
|
|
It probably is buried in the EULA.
Isn't that the account used for microsoft if they give you support through remote assistance ?
_________________
|
|
| Back to top |
|
|
K'
You can win any war if you start a year early
Gender:
Joined: Jul 13 2006
Posts: 271
Location: Southtown
Offline
|
| Posted: Wed Sep 27, 2006 6:52 am Post maybe stupid Post subject: |
|
|
|
|
Yeah.
It has admin rights and thorough access.
And it's not listed on the user login screen, so it's effectively invisible unless you read the EULA (or whatever online reports that first gave accounts of it). |
|
| Back to top |
|
|
Maverick
Age:40
Gender:
Joined: Feb 26 2005
Posts: 1521
Location: The Netherlands
Offline
|
| Posted: Wed Sep 27, 2006 8:41 am Post maybe stupid Post subject: |
|
|
|
|
I wonder if it can be used for getting access to any computer running xp. (It should be possible if you have the password.)
Now I'm thinking of it - you can't just remote desktop with it since you have to specify which users can do that. But it should be possible to access the C$ shares on the computer through that account since it's Administrator.  |
|
| Back to top |
|
|
K'
You can win any war if you start a year early
Gender:
Joined: Jul 13 2006
Posts: 271
Location: Southtown
Offline
|
| Posted: Wed Sep 27, 2006 11:54 am Post maybe stupid Post subject: |
|
|
|
|
I thought about same.
But I heard something about needing to be MS to access it - that not everyone can access it.
It's basically some kind of shell for authorized scripts to run??
IDK, IDR.
Eitherway, as far as I can look at it, even disabled (the account itself, and with remote admin disabled as well), it's a security risk.
One day some smartiepants will figure a way to trigger it into activation and accessing it, and that'll be bye-bye your PC being your PC. |
|
| Back to top |
|
|
Mine GO BOOM
Hunch Hunch
What What
Age:41
Gender:
Joined: Aug 01 2002
Posts: 3615
Location: Las Vegas
Offline
|
| Posted: Wed Sep 27, 2006 3:20 pm Post maybe stupid Post subject: |
|
|
|
|
| K' wrote: | | One day some smartiepants will figure a way to trigger it into activation and accessing it, and that'll be bye-bye your PC being your PC. |
To be able to activate it requires the same permissions to do everything it already can do. The point behind the account, if you happen to use Google, is to allow normal users to be able to use the built-in help system to change settings on the system. It is no different than how Linux uses setuid to allow users to do things that their normal account won't let them.
By being disabled, you cannot log into the account. By have no password, by default you cannot remotely use that account for shares or other tasks. Try connecting using any remote tool (I used pstools), Access is denied. Having that user account is no security risk, it doesn't leave you open to remote attacks, and it doesn't let Microsoft spy on you. It is so when something doesn't work on your computer, and you are a normal user, you can go through Start->Help and change settings based upon questions. If the administrator of the system doesn't want you to be able to do this, group policy allows you to easily disable this feature.
This is as bad as a new user to Linux seeing fourty different usernames inside /etc/passwd. That account is for built in purposes in which you cannot directly access it without doing through steps to activate it. There is no need for it to be in some hidden part of the EULA. Why are you not flipping out that there is a disabled account named Guest? It is just as much as a security risk, and its in Windows 2000 and NT4 as well. |
|
| Back to top |
|
|
K'
You can win any war if you start a year early
Gender:
Joined: Jul 13 2006
Posts: 271
Location: Southtown
Offline
|
| Posted: Thu Sep 28, 2006 7:36 am Post maybe stupid Post subject: |
|
|
|
|
| When you make a fresh install of phpBB, there's a User zero or minus one, IIRC, delete it and make your admin under a new user. |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Statistics
Register
Profile
Login to check your private messages
Login
Security Software 
