hey
ok so i have a windows 2000 machine
and i tried my best to make a hardpassword for administrator so my brother wouldnt install stupid programs

but i enabled GUEST with the guest profile so he wont install or run certain programs
but apprently he got my password through the GUEST account and installed some software and when i go to the computer im like i never installed it and then it happened again and i caught him this time.....

so now how can i make my password not retrievable
i know there some programs and registry keys you can check to get the password but how can i block hime from this

thanks

Does the GUEST account have limited priviledges or did you perhaps change it?

There's really no way he should have been able to do anything with the GUEST account, let alone get your ADMIN password.

If he did get your password, he either guessed it, (or watched you type it in), or used a 3rd party tool to crack it. That being said, he would have had to boot the machine from another HD or a BOOT CD with password cracking tools or some sort of PBE (Portable Boot Environment).

Cracking a Windows 2000 isn't very hard...takes time, but it can be done.

Make sure you don't allow booting from other devices, ie, floppy, CD, network boot, or USB.

Make sure your ADMIN password is VERY cryptic, and don't write it down anywhere, and

CHANGE your ADMIN password on a regular basis. At my last position, we used to change our ADMIN station passwords EVERY WEEK.

hey
ok so i have a windows 2000 machine
and i tried my best to make a hardpassword for administrator so my brother wouldnt install stupid programs

but i enabled GUEST with the guest profile so he wont install or run certain programs
but apprently he got my password through the GUEST account and installed some software and when i go to the computer im like i never installed it and then it happened again and i caught him this time.....

so now how can i make my password not retrievable
i know there some programs and registry keys you can check to get the password but how can i block hime from this

thanks


If your brother was able to get your admin password from the GUEST account.. then there is not much you can do to keep him from doing it again.. LOL..

DOn't know how he got it.. and I am wondering if is better for him to have his own "limited" account instead of the GUEST account.

When you say the "administrator" account.. do you mean the real administrator.. or your own account with administrator privileges??. Cause if you mean your own account (with admin privileges).. then is quite easy to reboot - log in as the admin (login:administrator password: admin.. by default - at least in XP) and then delete/change passwords.. or account types.. etc.

C.

i don't think the password is actually located anywhere that can be easily dug up by a program - i'm thinking he used a 3rd party app that stole your password as you typed it in. Anyway, you might want to consider purchasing a fingerprint reader/scanner and that way you'll never have to type it in to gain access into your account. and use a different password for your email, etc.

Your brother is a genious. Pay him to tell you his secret. Besides are you sure there is only one account other than Admin with admin priviledges?

For that boot floppy trick : Put a password on the BIOS settings and disable booting from the floppy drive. Don't forget your BIOS password.

By the way, if he's like a 10 year old "script kiddie" and doesn't really know a lot about PCs he's playing with fire. Explain that to him too...

Disable the Guest account and create a specific user account to which you can allocate specific privileges, such as read or write access to certain files and directories. I haven't done this, but I'm sure other more competent RFDers can provide you with pointers or links to HOWTOs...

i don't think the password is actually located anywhere that can be easily dug up by a program - i'm thinking he used a 3rd party app that stole your password as you typed it in. Anyway, you might want to consider purchasing a fingerprint reader/scanner and that way you'll never have to type it in to gain access into your account. and use a different password for your email, etc.


Actually the HASH is stored in one of the .DAT files..but you need 3rd party software to access it (across the wire) or local access to copy the SAM database to get the HASH and then have to run it thru another 3rd party tool to crack the password.... unless I believe you've used SYSKEY, then I think it makes it much more difficult if not impossible.

how can i make it so its not bootable from any other source?
and administrator as in the real administrator
and Guest is just guest account no other user profiles


and if anything else in windows 2000 how can you set it up that one cannot run any executable file or any file for that matter except for the office files, PDF's webpages

thanks

anyone?

Bios password can be very effective until he removes the battery for the bios. 2000 password can easily be retrieved with a bootable Linux DVD or CD to reset any version of windows account passwords. Chances are he may be using a keylogger to get the password. I would disable the guest account create him a specific account with limited rights. Disabling boot devices I would assume happens in the Bios. One option is to take the power cable with you each time you leave :lol:

how can i make it so its not bootable from any other source?
thanks

Do this in the BIOS. You have options for the boot devices. Just remove floppy, CDRom and all other devices except the hard drive. Or put them all after the hard drive...

if hes gonna use my computer (your Brother) best way to stop him is.. whne you go out, take the harddrive with you. haha lets see him crack anything.