Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Strange hole in security


28 Nov 2009   #1

Windows 7
 
 
Strange hole in security

Hi

I have recently installed Windows 7 on my PC, which is used by myself and the kids. I set myself up as administrator, and the kids account as standard user. Now I am used to Windows XP (never had anything to do with Vista), where the administrators files are private, but the administrator can see all files of all users. Win 7 doesn't seem to do this tho, but even more worryingly I found the weirdest security hole (or should I say my 12 year old daughter did).

If logged on as kids (standard user) they can go to the user accounts settings in control panel, and change my password for administrator (without entering any password). Then they just log in as me, and change their account to administrator... Strangely though, if I wish to change my own password, I have to enter my current password.

This cant be right can it??

Sorry for waffling, but this had got me completely miffed

My System SpecsSystem Spec
.

28 Nov 2009   #2

Windows 8.1 Pro (x64)
 
 

Sounds more like a configuration error. Was UAC on? Did your user account have a password to begin with? Seems awfully strange, I'll look into it on some test machines.
My System SpecsSystem Spec
28 Nov 2009   #3

Windows 7, Linux
 
 

Seems as somebody make themself an admin! If your an admin you can change any password without using one, that's why your admin. So whoever is admin can do whatever, it's done so if a person changes their password but can't remember an admin can still change it. And that applies to other admins, I know but think of any admin account as the ultimate user. You should change user settings and set restrictions, although if your kids can burn a CD they can get admin rights no matter what.

3 Ways to Reset Forgotten Windows Administrator Password

It's just that easy. What do you do? You put in a password for bios settings and disable the ability to boot from any external source other than HDD.
My System SpecsSystem Spec
.


28 Nov 2009   #4

Windows 7 Ultimate x64, Mint 9
 
 

I also recommend Parental Controls. Use them.

~Lordbob
My System SpecsSystem Spec
30 Nov 2009   #5

Windows 7
 
 

Thanks for the replys!

I finally got to the bottom of the problem - I had disabled the UAC completely - I hate it when it pops up asking if I want to do something, when I obviously do. Anyway, I enabled it again, and now if someone tries to change my password, it asks for my password

Sorted!
My System SpecsSystem Spec
30 Nov 2009   #6
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Sometimes you have to live with the UAC setting if you want to keep your computer 'clean' and free of other users changing your settings

It's really all good.
My System SpecsSystem Spec
30 Nov 2009   #7

Windows 7 Ultimate x64 x2 + x86 + Windows 8.1 x64 x2
 
 

If I am performing a lot of system configurations and installations I will turn off the UAC, (temporarily and after disconnecting from the Network/Internet).

Otherwise I run with it on the default, (one down from top), and find that it is not too intrusive.

I also switch to maximum setting if I am leaving the machines in the use of someone else
My System SpecsSystem Spec
30 Nov 2009   #8

 

My guess in that the changes were done by knowing your password and/or if you shared the files in question and in doing so gave users access, they have access. I am sure that even when the UAC prompt is set to it's lowest level that a user cannot change an admin password unless they know your current password or have had physical access to your account (like when you walked away when logged in for a minute). To prevent this (it's more common than parents want to realize) use MS Key + L always when you have to walk away for a minute to lock your account and do not allow user switching. This is good when you want to limit users use of he PC also.
My System SpecsSystem Spec
15 Dec 2009   #9

Windows 7
 
 

Quote   Quote: Originally Posted by Swanson Photos View Post
My guess in that the changes were done by knowing your password and/or if you shared the files in question and in doing so gave users access, they have access.
Nope, there were 2 user accounts - my own, and "kids" but when the kids logged on, they could access the user accounts set up, and change my password. It never prompted them even to enter my old password first! Anyway, it's all sorted now, so I'm a happy bunny
My System SpecsSystem Spec
Reply

 Strange hole in security




Thread Tools



Similar help and support threads for2: Strange hole in security
Thread Forum
Solved Wi-Fi Protected Setup security hole discovered. Network & Sharing
Win7 shares possible huge security hole Network & Sharing
BB Code Security hole in PHPBB 3! Browsers & Mail
PDF security hole opens can of worms. Security News
Vbootkit security hole System Security
Zero Day Security Hole In Windows 7? System Security
Security hole in UAC News

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 06:00 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33