Thursday, 18 July 2013

How to protect a hidden administrator account (VISTA/7/8)

Even if you neither view nor use the standard administrator account in Windows 8, it is created automatically and thus represents a substantial security risk. The same also applies to Windows Vista and 7. As soon as the account is activated, it provides complete access to your system without asking for a password. However, booting the computer via a CD or a USB stick is necessary in order to activate the account using a tool like ntpasswd. You avoid this risk by activating the hidden account once and then creating a password. Then you must once again hide the account. For this enter “cmd” into the Start menu search fi eld, then right-click on the displayed “cmd.exe” and select the context command “Run as administrator”. After confirming the User Account Control, the command line is opened. Here type “net user Administrator /active” and confirm with the [Enter] key. The successful execution is displayed in the dialogue.
Now open the Control Panel and click on “User Accounts and Family Safety”, then on “Add/remove user accounts”.
Now the account “Administrator” should be visible. Select it and click on “Create password”. Enter a secure new password twice (at least eight characters with digits and special characters as well as mixture of upper and lower case), and enter a password hint in the next field. You can ignore the warning about loss of EFS-encrypted fi les since you have not yet saved any fi les using this account. Confirm the process with “Create password”. Now close the Control Panel and again switch to the command line or reopen the dialogue. Using the command “net user Administrator / active: no”, re-switch the administrator account to inactive and invisible. Besides this, you can ensure more security if you also change the standard account name “Administrator”. Automatic attack attempts which try to log into this account will fail.
NOTE: Using this safety measure, you may also lock yourself out of access to the administrator account. Therefore, you should save the password securely and not use it for normal user accounts.

No comments:

Post a Comment