Kid bypassing Laptop Windows Password

One thing that makes no sense, why not just take the laptop?

We don't have enough information to help you, you don't have enough information to help you. They can't bypass security if they don't have the laptop.

I thought changing the password would be sufficient temp measure, as has been previously.
 
I wouldn't say it's a "mind fart" as it's highly relevant as you've shown, like i said no amount of security is going to prevent someone with physical access to a device from, well, accessing it.

The only thing that changes that is someone's age, the liklyhood that someone will have access to what's needed increases as they get older. E.g if you locked the laptop in a hardened steel box i could just buy an angle grinder whereas a 6 year old probably couldn't.

I could just move the laptop off site. But that doesn't answer the question asked. My question wasn't how do I secure the laptop. So no age is not relevant.
 
Last edited:
Wow, thanks. Way to miss the point and throw an insult at someone trying to help. :(

Like i said you're missing the point, that was an example of no matter how extreme you go with security nothing is going to stop someone with physical access to the device from accessing it and the data on it.

Hard to take steel box and angle grinders seriously. Considering it wouldn't work either. Since I have tools and even bolt cutters that could go through most locks.

Also you're answering a question I didn't ask.
 
Last edited:
Yea, no. You asked this...

And people have been telling you that the how is irrelevant because anyone with physical access to the device could use a million and one ways to bypass the laptops password, that it's not a security issue because all security does is delay unauthorised access attempts until you take more permanent measures.

If that's not the question you asked maybe you'd like be a little more specific.

Also, thanks for the apology for saying i was "thinking like a cave man".

In none of that did I asked how stop him getting access. Though someone helpfully pointed out you can bypass in Linux also.
 
Yea, no. You asked this...

And people have been telling you that the how is irrelevant because anyone with physical access to the device could use a million and one ways to bypass the laptops password, that it's not a security issue because all security does is delay unauthorised access attempts until you take more permanent measures.

If that's not the question you asked maybe you'd like be a little more specific.

Also, thanks for the apology for saying i was "thinking like a cave man".

"But I'm curious how he's getting on it." seems fairly specific.

I guess I should have said he doesn't need to brute force it.
 
Last edited:
I didn't mention anything about that, I was trying to keep it strictly PC. I said my bit a page back :) - Anyway just shut it down, doesn't matter how you do it with tech or whatever... what you don't want though is the little blighter growing up thinking he can outsmart you every step of the way (even though he probably can)... It doesn't matter how you do it, you have to put a stop to that early doors my man!

Im trying to work out how that fable is appropriate in this context? Are overlockers the scorpions, is your son the scorpion and you are the ever suffering frog? doesn't matter I guess, just interesting seeing how peoples mind work.

Hard to change someone habits if its their nature. Since "shut the behaviour down" I assume was referring to that.
 
Then that raises the question of why you're curious, I'm not saying it's wrong to be curious but as has been said the how of it can be a million and one ways, none of which you'll be able to discern with any degree of confidence.

Earlier in the thread some very helpful posters made suggestions that should hopefully do exactly that.

Why is someone curious about tech in tech forum?
 
Ahh I see that makes sense, if hacking stuff is in his nature though you might want to point him to some of the stories about what happens when you get caught... he thinks he is smart now... I bet Assange thought he was smart until he got caught :D

Not exactly on the same level as "lads I keep hacking my dads account, its hilarious' but aye it all starts somewhere! Was never an issue back in captain caveman times, life was much simpler back then. :)

That assumes that either the carrot or the stick will work. What if neither works.

"The trick, Mr. Potter, is not minding it hurts."
 
Ulncs
Alrite Harry... This might sound harsh but a lot of what I'm hearing is excuses. "what if it doesnt work" what if... He already has you beat. Question is you going to lay down and accept it? :D Or you going to man up and deploy Parenting Armageddon.

That reference is from Lawrence Of Arabia.

What your hearing is a conversation in your own head. I only looked to discuss a technical issue.

Man up, beat down sounds very caveman.
 
You tell me, what purpose would knowing how he did it serve? Because i think it's safe to assume that most people think you want to know how he did it so you can prevent him from doing so in the future but if that's not the case then maybe you like to fill everyone in on the why.

Technical curiosity.

What's also vaguely curious is why so many here aren't interested in the tech side. They've basically ignored it.
 
Erm, no. As people have said there's a million and one way to do it, if you're interested in all those possibilities then maybe infosec would be a good start.

A forum is not the place to run an infosec course, even a course wouldn't cover it all. What you're essentially asking is the equivalent of asking how you'd write code for software.
I thought the techie side had been covered multiple times... ive seen at least 10 or more ways it can be done in this thread and multiple ways to prevent it... Techie side is job done so far as I can see....

One of you says a million and one, the other 10 or more, lol. Comedy.

Thus far there only been a handful of practical and likely possibilities, from genuine people who actually read what was posted.
 
not too hot on reading comprehension, kid got you beat there as well?... "ive seen 10 at least in this post/thread" vs "there might be a million and one ways to achieve it" - Talking about different things entirely. I'm talking about how many mentioned in this thread and @Murphy is talking about the wider picture. Both of us are talking about failures wider than tech... There you go that should clear that up for you fella. :)

Its never been about anything other than tech, except maybe in your head.
 
Wow, this is a read and a half, I think I'll stick to the pure techncial bit as I work in IT within schools so this is pretty much by bread and butter as the kids love trying to get into our systems / machines in ways they shouldnt. Ultimately as many others have said the fact you have given him an admin account essentialy means its game over. The whole point of admin is that it lets you change things and you are going to be immediately on the back foot trinyg to work out, how, it happened, rather than truly stopping it. I'd suggest you woudl be better of doing the below.

1. Enable bitlocker on the machine so the boot drive is encrypted, this means that even if something like a linux boot CD / pen drive is used, it wouldn't be able to interact with the bitlockered volume to make any changes. Ensure they bit locker password is long and dont save the key somewhere the kid can access
2. Put an admin password on the BIOS of the machine, ensure its different and dont let the kid have it.
3. Within the BIOS disable the ability to boot from USB, CD, Network, everything, except the internal drive itself. Ensure things like secure boot, and the TPM are enabled.
4. Change the kids admin account to a standard user.
5. Reset the password on your admin account on the machine, again make this different to the BIOS and Bitlocker passwords.

If you do all 5 of them that should stop it. Disabling the boot options in BIOS stops things like linux CD's etc being able to boot. Password protecting the BIOS then stops those settings from being changed. Bitlockering the drive stops it from being read or files being changed should the prior two methods fail for any reason (but short of guessing that password I dont see how they could) or if the drive is removed and put in something else. Dropping the kids account to a standard user account means they cant disable bitlocker, and then cant reverse engineer any of the other bits. It should also make it considerably harder to install any kind of tools that cold find the passwors mentioned, or circumevent any of the other protections.

With all of these in place there's really no way they should be able to bypass anything. Though keep in mind the instant you give them admin rights, its game over. At that point passswords et are irrelevant as they can simply use their admin to install all mannaer of tools designed to cirumvent this. It only works if you do everything together. If you take admin away, but dont secure the bios and bitlocker the drive, they can simply boot a live CD to do things in that that you cant do without admin etc. It only works if you do everything together.

Thanks for that.

Like I said previously until now simply changing the password temporarily worked. We've obviously now moved beyond that. All the machines are encrypted except the gaming machines and test machines. Which have no data on them and are effectively disposable. Of course it has to be done for all the gaming machines. The account used not be admin but gained that permission a while ago. Hasn't that come back to bite.
 
Last edited:
Useless advice. :cry:

If his dad did all 5 of them but that WONT stop it.

1. Kid can disabled bitlocker easy and decrypted boot drive bypass boot pin or password via software tool.
2. Kid can find a screwdriver to open laptop and removed CMOS battery that will remove BIOS admin password.
3. Kid can change ability to boot from USB, CD, Network and everything after he removed CMOS battery that will reset BIOS settings to default.
4. Kid can easily change standard user back to admin account through PowerShell.
5. Kid can reset Windows 11 admin account easily again and again with utilman.exe trick which I did reset my sister PC years ago when she forget admin account password.

Agreed. Ultimately it just escalates from one level to the next. Though there is a honeymoon period before each escalation. But thats life.
 
Probably something to do with the fact that we're two different people with different opinions, and the fact that one of is talking about all possible ways and the other is talking about just those methods mentioned in this thread.

TBH it seems you created this thread simply to troll as despite people best efforts to help all you've done is throw that back in people faces and rebuke them because you've not made it clear what your attempting to achieve, if you really wanted help then i suggest that insulting people probably isn't the best way to go about that.

From my point of view, more accurately some people tried to derail the thread to what they wanted to talk then got grouchy when they couldn't. As I said ".. answering a question I didn't ask..." I said it a lot, like a lot.

But hey its an open forum and you get the chaff with the wheat. Part of being on a forum.
 
Last edited:
I've only ever messed with cmos and pram batteries trying to revive old machines. Not access new ones.

A quick Google suggests there are manufacturers back door codes you can use to reset the bios if the battery method doesn't work.
 
Back
Top Bottom