Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: Strange hole in security

28 Nov 2009   #1

Windows 7
Strange hole in security


I have recently installed Windows 7 on my PC, which is used by myself and the kids. I set myself up as administrator, and the kids account as standard user. Now I am used to Windows XP (never had anything to do with Vista), where the administrators files are private, but the administrator can see all files of all users. Win 7 doesn't seem to do this tho, but even more worryingly I found the weirdest security hole (or should I say my 12 year old daughter did).

If logged on as kids (standard user) they can go to the user accounts settings in control panel, and change my password for administrator (without entering any password). Then they just log in as me, and change their account to administrator... Strangely though, if I wish to change my own password, I have to enter my current password.

This cant be right can it??

Sorry for waffling, but this had got me completely miffed

My System SpecsSystem Spec
28 Nov 2009   #2

Windows 10 Pro (x64)

Sounds more like a configuration error. Was UAC on? Did your user account have a password to begin with? Seems awfully strange, I'll look into it on some test machines.
My System SpecsSystem Spec
28 Nov 2009   #3

Windows 7, Linux

Seems as somebody make themself an admin! If your an admin you can change any password without using one, that's why your admin. So whoever is admin can do whatever, it's done so if a person changes their password but can't remember an admin can still change it. And that applies to other admins, I know but think of any admin account as the ultimate user. You should change user settings and set restrictions, although if your kids can burn a CD they can get admin rights no matter what.

3 Ways to Reset Forgotten Windows Administrator Password

It's just that easy. What do you do? You put in a password for bios settings and disable the ability to boot from any external source other than HDD.
My System SpecsSystem Spec

28 Nov 2009   #4

Windows 7 Ultimate x64, Mint 9

I also recommend Parental Controls. Use them.

My System SpecsSystem Spec
30 Nov 2009   #5

Windows 7

Thanks for the replys!

I finally got to the bottom of the problem - I had disabled the UAC completely - I hate it when it pops up asking if I want to do something, when I obviously do. Anyway, I enabled it again, and now if someone tries to change my password, it asks for my password :)

My System SpecsSystem Spec
30 Nov 2009   #6
Microsoft MVP

Windows 7 Ultimate 32bit SP1

Sometimes you have to live with the UAC setting if you want to keep your computer 'clean' and free of other users changing your settings

It's really all good.
My System SpecsSystem Spec
30 Nov 2009   #7

Windows 10 Pro x64 x3, Ubuntu

If I am performing a lot of system configurations and installations I will turn off the UAC, (temporarily and after disconnecting from the Network/Internet).

Otherwise I run with it on the default, (one down from top), and find that it is not too intrusive.

I also switch to maximum setting if I am leaving the machines in the use of someone else
My System SpecsSystem Spec
30 Nov 2009   #8


My guess in that the changes were done by knowing your password and/or if you shared the files in question and in doing so gave users access, they have access. I am sure that even when the UAC prompt is set to it's lowest level that a user cannot change an admin password unless they know your current password or have had physical access to your account (like when you walked away when logged in for a minute). To prevent this (it's more common than parents want to realize) use MS Key + L always when you have to walk away for a minute to lock your account and do not allow user switching. This is good when you want to limit users use of he PC also.
My System SpecsSystem Spec
15 Dec 2009   #9

Windows 7

Quote   Quote: Originally Posted by Swanson Photos View Post
My guess in that the changes were done by knowing your password and/or if you shared the files in question and in doing so gave users access, they have access.
Nope, there were 2 user accounts - my own, and "kids" but when the kids logged on, they could access the user accounts set up, and change my password. It never prompted them even to enter my old password first! Anyway, it's all sorted now, so I'm a happy bunny :)
My System SpecsSystem Spec

 Strange hole in security

Thread Tools

Similar help and support threads
Thread Forum
Strange things happening with the Black Hole
I purchased a legal Windows 7 CD from Amazon and wanted to install it on a PC I was rebuilding. It installed and activated just fine by phone. The disk says it's intended for refurbished PC's. I started having trouble with the first program I tried to install, Malwarebytes, it stopped working...
General Discussion
Vbootkit security hole
Windows 7 Can Be Hacked, No Fix - Tom's Hardware Does anyone know if this security issue has been fixed? This is pretty major from a security standpoint. A lot of users will just accept the default user account created upon installation, which has admin rights, thus making them vulnerable. ...
System Security
Zero Day Security Hole In Windows 7?
System Security
Security hole in UAC
Security hole in UAC! :( The oldest trick in the book, literally, defeats UAC in Windows 7 | Betanews

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 04:59.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App