Making Windows Admin Account Secure

2smoothbooth

2smoothbooth

2smoothbooth

Associate
Joined
23 Nov 2007
Posts
176
I'll give you the backstory first so that you can fully appreciate my predicament. My brother and I use the same computer but he literally uses it every spare minute of his life (even though the pc is mine). I thought I would be clever and set up an admin account for me (password protected) and a limited access account for him. I also made use of the Parental Controls to only allow him access at certain times of the day.
I returned home the next day and surprise, surprise he managed to change my Admin Account password to 'youareatwat'...which he kindly told me after but made me feel a little foolish. Questioned him about it and he said he managed it through a registry hack although he didn't go into detail.
Is there any way I could make this process more secure like adding an additional layer of security such as truecrypt or bitlocker to prevent him from changing the registry? Any suggestions would be appreciated as I feel a bit defeated at the moment.

Thanks
 
If you have the machine set to boot to the logon screen there's no way he got your password from the registry by a simple method. Just change your password and change the permissions on regedit.exe so he cannot access it. Additionally go into the bios and disable booting from USB and CDROM, then password the bios setup. This will stop the easy Linux boot CD method.

If he breaks your password again he's deliberately using some form of hacking program. If so just lock his account and tell him to gtfo.
 
Last edited:
truecrypt or bitlocker will only protect the drive as a whole, not at the user level in the way you need.

Basically, as he has physical access he can always use a boot CD or similar method to reset the admin password, this may well be what he did as a "registry hack".

You could try password protecting the BIOS and disabling boot from CD-ROM, but resetting the CMOS will soon bypass that, may slow him down though.

Given that he has a) physical access and b) lots of free time, I would speak to him and tell him not to **** around :)

EDIT: If this is real a problem in terms of confidentiality, duel boot with with two separate Windows installations and Bitlocker your one, he won't be able to touch it.
 
Last edited:
haha I am getting to the point of saying gtfo. If I password protected the bios could he still press f8 to access the boot menu or will it prompt him? I want to deduce what method he used.
 
Last edited:
If it's passworded he'll be able to boot the PC up but can't get into the bios to change it as he'll be prompted for the BIOS password when he tries to access it.
 
I wondered because you can press 'del' to go to bios and 'f8' to go to boot menu so wasn't sure if he could get to it without being prompted for a password (i'm not home at the mo to try it). I found a flash drive near the pc so that could be the culprit, he usually keeps that in his room...suspicious lol
 
If he can open the case he can reset the BIOS password quite easily.

Just punch him in the back of the head while he's hacking away.
 
Sounds like the best way to stop him is to get physical lol. What about this suggestion that I found on a quick google search "Something else you can do is look into TCTemp and TCGina, which work with TrueCrypt to encrypt the temp and user profiles. I'm not sure if its been updated for TC6, but it works with TC5."
Anyone ever tried that?
 
Also check to see if he has installed a "hidden" admin account so that he doesnt have to do this in future to gain access. If he has remove said account as well.
 
I would:

1. Encrypt the drive with BitLocker. Then it won't matter if the BIOS password is reset.

2. Implement a Software Restriction Policy. If he has a nasty .exe which he is using as a privilege escalation attack vector, then this would nullify it.

3. Check that the system directories have sane permissions. Seeing 'Full Control' on C:\Windows for <insert the name of his Standard User Account> should set off alarm bells.

If he still manages to get access then you can no longer trust the install. In which case...

3. Format and repeat steps 1 and 2. As a result, he won't be able bypass Windows security by using a Live CD and he won't be able to install or run anything which isn't already on there.

This may all turn out to be an exercise in futility, as he has physical access. He can always format your format.

He's bigger than you, isn't he? :p
 
haha Macky. The ironic thing is I work in IT support :rolleyes: but making a 'Home' pc secure when you still want to give someone certain access is difficult. Sure, it's easier to give him no access at all but I don't want to be too much of a dick.

Also, I found out he used a bootable cd to change the password and putting a password on the bios does not have any effect on the quick boot menu. He could still boot from cd...
 
Last edited:
Yes the boot order is always to boot from hard drive and all other options disabled. Trouble is, he can still access the boot menu by pressing F12 so he can boot from whichever source he likes without having to change any setting within the bios.
 
what you could try, is disabling the cd rom in the bios then it wont show up in the boot menu :)

You just have to rely on him not figuring out that resetting the bios will remove the password (i never knew that it did that btw, what is the point passwording a bios if it is that easy to reset, I guess you could always lock the case) :S
 
Knee cap him with the keyboard and tell him to get his own pc!

Failing that install linux, destroy his permissions and hope he cant get on from there....
 
You must log in or register to reply here.
Back
Top Bottom