what you need to do is to run compmgmt.msc
b. and click on local users and groups.
c. once you've gotten here you need to open up the 'users' folder.
at this point i am walking along with you and notice that there are several
major security holes dealing specifically with the password:
1. double clicking on the any user name allows you a list that looks
something like this:
"user name"
full name: ---------------- -------
|__________________|
description: --------------- --------
|__________________|
--
|_| user must change password at next logon
--
|_| user cannot change password
--
|/| password never expires
--
|_| account is disabled
--
|_| account is locked out
"ok" "cancel" "apply"
ok if you can get past my cheesy drawing, i must ask, did you notice that
the "password never expires" box is checked? if you did, then you may have
realized that this means that you can also uncheck it!
2. if ure paying attention, you'll see that the 'user must change password
at next logon' box is unchecked. if you put a check in this box of course,
when you shut down the system will prompt for a new password!
3. going back to step c.,
right click on any account and notice the dialoge that appears:
set password...
all tasks
delete
rename
properties
help
i think you can handle it from here
ps. i wonder if you can access this data if this stuff is locked to the user
by the admin by going in through the command prompt. i doubt it but if neone
finds a way let me know.
No comments:
Post a Comment