Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Windows 7 password can be removed. How do I fix this?

23 Jan 2012   #1
mcgyber0o0

Windows 7
 
 
Windows 7 password can be removed. How do I fix this?

I am always trying to find ways to make my system more secure. Yesterday I found this and was somewhat worried, but considered it suspicious because they wanted money. However, I did some research and found a free program that did exactly the same thing. I set up a virtual machine with windows 7 and ran the utility at boot. Within about 5 - 10 button presses and about 1 minute, I had completely removed my administrative accounts password. I was astounded at how easy it was to gain access to my PC. Now I want to fix this issue; however besides setting a BIOS password and placing my PC in a safe, I'm not sure how.


My System SpecsSystem Spec
.
23 Jan 2012   #2
zigzag3143

Win 8 Release candidate 8400
 
 

Quote   Quote: Originally Posted by mcgyber0o0 View Post
I am always trying to find ways to make my system more secure. Yesterday I found thisand was somewhat worried, but considered it suspicious because they wanted money. However, I did some research and found a free program that did exactly the same thing. I set up a virtual machine with windows 7 and ran the utility at boot. Within about 5 - 10 button presses and about 1 minute, I had completely removed my administrative accounts password. I was astounded at how easy it was to gain access to my PC. Now I want to fix this issue; however besides setting a BIOS password and placing my PC in a safe, I'm not sure how.
Almost anything can be cracked given time and tools. That utility required you to install it on your machine (probably) and you can prevent that. You can also create a strong password which would take longer, and a time-out after a certain number of failures making it take even more tiime.

best bet: dont allow any physical access to your computer that isnt completely trusted and dont install anything that you arent sure of.

For example the app you used to remove the password could be in itself malware in disguise.
My System SpecsSystem Spec
23 Jan 2012   #3
mcgyber0o0

Windows 7
 
 

Quote   Quote: Originally Posted by zigzag3143 View Post
Almost anything can be cracked given time and tools. That utility required you to install it on your machine (probably) and you can prevent that. You can also create a strong password which would take longer, and a time-out after a certain number of failures making it take even more tiime.

best bet: dont allow any physical access to your computer that isnt completely trusted and dont install anything that you arent sure of.
I didn't install it. That's whats so scary about it. I created a disk image with the provided iso. I believe it used the linux kernel, and it will boot on any machine that has a disc drive. There are floppy and flash boot options as well. I have advanced security features implemented already, the ones I know of anyway, like strong passwords, renaming and disabling the admin account, use at least 15 char passphrases, and many other policies. However they didn't stop it at all. Anybody with this will be able to pop it into a windows 7 machine and delete or change the password.
My System SpecsSystem Spec
.

23 Jan 2012   #4
zigzag3143

Win 8 Release candidate 8400
 
 

Quote   Quote: Originally Posted by mcgyber0o0 View Post
Quote   Quote: Originally Posted by zigzag3143 View Post
Almost anything can be cracked given time and tools. That utility required you to install it on your machine (probably) and you can prevent that. You can also create a strong password which would take longer, and a time-out after a certain number of failures making it take even more tiime.

best bet: dont allow any physical access to your computer that isnt completely trusted and dont install anything that you arent sure of.
I didn't install it. That's whats so scary about it. I created a disk image with the provided iso. I believe it used the linux kernel, and it will boot on any machine that has a disc drive. There are floppy and flash boot options as well. I have advanced security features implemented already, the ones I know of anyway, like strong passwords, renaming and disabling the admin account, use at least 15 char passphrases, and many other policies. However they didn't stop it at all. Anybody with this will be able to pop it into a windows 7 machine and delete or change the password.
Thats why I said deny physical access. You can also implement no auto runs. I have seen organizations where locks were put on USB and DVD. Depends on how far you want to go.
My System SpecsSystem Spec
23 Jan 2012   #5
mcgyber0o0

Windows 7
 
 

I was hoping to hear something along the lines of encrypting my registry or something more tech like I suppose I could lock down my machine, but I was hoping for a setting, feature, or patch that fixes this issue.
My System SpecsSystem Spec
23 Jan 2012   #6
zigzag3143

Win 8 Release candidate 8400
 
 

Quote   Quote: Originally Posted by mcgyber0o0 View Post
I was hoping to hear something along the lines of encrypting my registry or something more tech like I suppose I could lock down my machine, but I was hoping for a setting, feature, or patch that fixes this issue.
If someone can develop an operating system someone can figure out how to crack it. It all boils down to the amount of time and effort it takes.

If they cant attach physically to your machine, it is a step more secure. The app you used is just beginners level. There are many more powerful tools.
My System SpecsSystem Spec
24 Jan 2012   #7
V43L1N

Windows 7 Ultimate 64-Bit SP1
 
 
Null password values.

Would setting minimum password lengths along with complexity requirements prevent boot disks from being able to set a null password on an administrator account?

Hoping someone with far more technical knowledge than myself can answer this question!

Thanks!
~V
My System SpecsSystem Spec
24 Jan 2012   #8
Victek

Windows 7 x64
 
 

Quote   Quote: Originally Posted by mcgyber0o0 View Post
I am always trying to find ways to make my system more secure. Yesterday I found this and was somewhat worried, but considered it suspicious because they wanted money. However, I did some research and found a free program that did exactly the same thing. I set up a virtual machine with windows 7 and ran the utility at boot. Within about 5 - 10 button presses and about 1 minute, I had completely removed my administrative accounts password. I was astounded at how easy it was to gain access to my PC. Now I want to fix this issue; however besides setting a BIOS password and placing my PC in a safe, I'm not sure how.
How much of this is academic Vs a serious concern? I ask because security is always conditional, not absolute. To be practical the measures we take to protect our computers need to be proportional to the perceived threat. I had a job once where the customer had forgotten their windows logon password (Vista). It was the only account so they had no way to get into the machine. I found a tool like you're describing and was able to recover the password. In other words in this case it was a good thing that a backdoor existed. If it had not the customer would have been looking at a lot of time/cost/grief. A windows logon password prevents the great majority of users from accessing the desktops of others without authorization - that's pretty effective security, but it won't stop a knowledgeable person with time and access from breaking in.

I've heard that some companies block physical access to USB ports and optical drivers. That certainly improves security, but I expect it also creates many obstacles for people trying to get their work done. You have to decide at what point security becomes more trouble than it's worth.
My System SpecsSystem Spec
24 Jan 2012   #9
zigzag3143

Win 8 Release candidate 8400
 
 

Quote   Quote: Originally Posted by V43L1N View Post
Would setting minimum password lengths along with complexity requirements prevent boot disks from being able to set a null password on an administrator account?

Hoping someone with far more technical knowledge than myself can answer this question!

Thanks!
~V
There is just about nothing that can stop someone with physical access
My System SpecsSystem Spec
24 Jan 2012   #10
fseal

Windows 7 x64 Ultimate
 
 

If you are critically concerned about your data, you CAN lock that down so that even if the admin/user passwords were wiped, someone could still not get at your data.

Word of caution though, no matter what method you use (Bitlocker, etc) your chance of losing your own data due to errors down the road are /extremely/ high. This forum is full of people that have forgotten to make or lost their key recovery disk for an encrypted folder or partition and there is NO way to get the data back. So if you go that route, make sure you have good unencrypted backups, and follow all instructions VERY carefully.
My System SpecsSystem Spec
Reply

 Windows 7 password can be removed. How do I fix this?




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Bad Windows updates - do we removed them
Hi, i wanted to check here first to see if this was in fact true... askbobrankin.com/uninstall_these_windows_patches_now.html i have 2982791 8/15 and 2970228 08/15
General Discussion
Login name removed after ransom virus removed
Please help! After a ransom virus was removed from our desktop computer (originally a display model at Sam's), my administrator account is no longer visible...Only "Kiosk" and "Other User" . I have checked to see that net user administrator /active yes is successful but still do not see my user...
General Discussion
Trouble resetting password in Windows Mail to new server password
Hi, I recently suffered a trojan virus attach and ultimately have changed my password on my email server. I have tried to reset it to the new password in Windows mail multiple times. It keeps reverting to the old password as the saved password, and I continually have to retype in the new...
Browsers & Mail
Windows 7 stopped sharing with no password / blank password
This computer was set up about a year ago with sharing enabled. It worked perfectly the entire time. Then a few weeks ago, it started prompting for a password. I've been racking my brain out since. Unfortunately, I let too much time pass before realizing I could roll back using System...
Network & Sharing
Removed Bitlocker password - need recovery key
Hi, I removed the Bitlocker password simply by hitting "Remove Passoword" on the right-click menu on the disk in Computer. Now I need the recovery key, but since I formated the USB-drive I had stored the recovery key on I'm stuck. Do I have to format my Bitlocked drive?
System Security
Windows Updates for removed software
I no longer use Office 2003 (updated to Office 2007) but Windows Updates keeps telling me I have updates for Office 2003. :what: How do I tell Windows Updates to stop this nonsense?
Windows Updates & Activation


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 10:02.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App