Previous posts
Advanced Security OptionsCreate a Backup
Use Your Screen Saver as a Security Device
Review All Network Shares
Review NTFS Permissions on All Data Directories
Use NTFS for All Drives
Install and Configure a Firewall
Install and Configure Antivirus Software
Tighten Logon Security for All Users
Set Strong Passwords for All User Accounts
Friends
mercredi 30 janvier 2008
Using Passwords Effectively
Do you need to create and use a password for Windows logon? After all, it's certainly easier to simply click your name or just press Enter when you start your computer. And if your computer is in a secure place, such as your home, you might be tempted to forgo the protection a password provides.
Before you decide, consider who has physical access to your computer. At home, your computer might be available only to you and your spouse. What about kids? House guests? Do you have any household employees such as a babysitter or cleaning service? What about repair services or other contractors? Each of these people might pose a different threat: Family members whom you trust completely might be inexperienced computer users who can inadvertently delete or otherwise destroy your data if they can too easily log in as you. Others could conceivably have more malicious intentions.
In a business, it's more likely that someone who shouldn't do so could obtain access to your computer. In addition to business associates and employees (who might at some point become "disgruntled employees"), janitorial crews (and sometimes their accompanying children), security guards, delivery persons, clients, vendors, and door-to-door framed artwork solicitors could reach your computer when you're not there to defend it. In an office environment, you should almost certainly use strong passwords for Windows logon.
You might base your decision on the presumed value of the information on your computer. In a business, of course, you're likely to have financial data, product information, proposals, customer data, and other important files. The loss of these resources, or their discovery by a competitor, might prove devastating. At home, perhaps you have your family finances on one computer that clearly needs to be protected, but you think your other computers don't have anything of "value." Think again: Do they have your photo collection, music collection, kitchen plans, or correspondence with Aunt Mary? Although these types of files might not be of any use to anyone else, remember that some vandals enjoy the perverse satisfaction of destroying your data. Even if you religiously back up your data, you might be faced with restoring your system from scratch, which could take several hours or more.
It is especially important to password-protect any account that is a member of the Administrators group (which is, by default, most accounts you set up in Windows XP) because of the unrestricted power these accounts wield. If someone manages to plant a virus or a Trojan horse on your computer while logged on as an administrator (by logging on to your computer locally, by connecting over a network or the Internet, or by tricking you into running an executable e-mail attachment, for example), that malicious program can do just about anything. Two lessons here: Don't run as an administrator, and password-protect all administrator accounts.
Weak passwords trump strong security. As pointed out in "The Ten Immutable Laws of Security," all your other security measures are for naught if malicious attackers can get past your password defense. (See "The Ten Immutable Laws of Security," reprinted in Appendix A.) Don't let your password selection (or lack thereof) be your weakest link.
INSIDEOUT
--------------------------------------------------------------------------------
Safely use an account with no password
Security enhancements in Windows XP mean that blank passwords aren't quite the risk that they are in earlier versions of Windows, including Windows 2000. In Windows XP, accounts with a blank password can be used only to log on interactively at the computer by using either the Welcome screen or the Log On To Windows dialog box. You can't log on to a non-password-protected account over the network or with Remote Desktop, for example. Nor can you use the Run As feature to run in the context of an account with a blank password. (And because Task Scheduler uses Run As to launch programs, you can't use a password-free account to run scheduled tasks.) These additional restrictions apply only to local accounts with no password; domain accounts are not afforded such protection. (However, sound domain policy would prevent the creation of a domain account with a blank password.)
Although these enhancements mean that if you don't use a password in Windows XP your greatest risk is from people who have physical access to your computer, you can be sure that malicious hackers are working night and day to find a way around these restrictions. Your safest bet: Don't rely on this protection. Use strong passwords—at least for your administrator accounts—even with Windows XP.
Troubleshooting
--------------------------------------------------------------------------------
Windows XP asks for a password, but you haven't set one.
When you upgrade a system to Windows XP, the Setup program assigns temporary passwords for use during setup. Ordinarily, these passwords are removed when setup is completed. If they're not removed for some reason, you're effectively locked out of that account until you determine or change the password.
If you can log on using another administrative account, you can change the password for the affected user account—but be aware of the potential problems and data loss that changing someone else's password can cause.
A better way to solve this problem is to determine the temporary password assigned by Setup, which you can do as follows:
Boot into the Recovery Console by following these steps:
Insert the Windows CD and restart your computer. Follow your computer's prompts to boot from the CD. (You might need to adjust settings in the computer's BIOS to enable the option to boot from a CD.)
Follow the setup prompts to load the basic Windows startup files. At the Welcome To Setup screen, press R to start the Recovery Console.
Enter the number of the Windows installation you want to access from the Recovery Console.
When prompted, type the Administrator password. If you're using the Recovery Console on a system running Windows XP Home Edition, this password is blank by default, so just press Enter.
At the command prompt, type systemroot to change to the %SystemRoot% folder—the folder where Windows XP files are located.
Type more setupact.log to display a file that contains the password information you need.
Scan the file contents for the line that begins "Random password for." Press Spacebar to display the next screen of the file. When you find the line, make a note of the user name and password. (Remember that the password is case sensitive.)
Reboot into Windows XP and log on using the user name and password information you found.
If Windows is installed on a FAT32 volume, you can boot from a Windows 98 or Windows Me boot floppy instead of using Recovery Console. At the command prompt, type edit %windir%\setupact.log to open the file. Use the Edit program's search command to locate the line beginning with "Random password for."
Do you need to create and use a password for Windows logon? After all, it's certainly easier to simply click your name or just press Enter when you start your computer. And if your computer is in a secure place, such as your home, you might be tempted to forgo the protection a password provides.
Before you decide, consider who has physical access to your computer. At home, your computer might be available only to you and your spouse. What about kids? House guests? Do you have any household employees such as a babysitter or cleaning service? What about repair services or other contractors? Each of these people might pose a different threat: Family members whom you trust completely might be inexperienced computer users who can inadvertently delete or otherwise destroy your data if they can too easily log in as you. Others could conceivably have more malicious intentions.
In a business, it's more likely that someone who shouldn't do so could obtain access to your computer. In addition to business associates and employees (who might at some point become "disgruntled employees"), janitorial crews (and sometimes their accompanying children), security guards, delivery persons, clients, vendors, and door-to-door framed artwork solicitors could reach your computer when you're not there to defend it. In an office environment, you should almost certainly use strong passwords for Windows logon.
You might base your decision on the presumed value of the information on your computer. In a business, of course, you're likely to have financial data, product information, proposals, customer data, and other important files. The loss of these resources, or their discovery by a competitor, might prove devastating. At home, perhaps you have your family finances on one computer that clearly needs to be protected, but you think your other computers don't have anything of "value." Think again: Do they have your photo collection, music collection, kitchen plans, or correspondence with Aunt Mary? Although these types of files might not be of any use to anyone else, remember that some vandals enjoy the perverse satisfaction of destroying your data. Even if you religiously back up your data, you might be faced with restoring your system from scratch, which could take several hours or more.
It is especially important to password-protect any account that is a member of the Administrators group (which is, by default, most accounts you set up in Windows XP) because of the unrestricted power these accounts wield. If someone manages to plant a virus or a Trojan horse on your computer while logged on as an administrator (by logging on to your computer locally, by connecting over a network or the Internet, or by tricking you into running an executable e-mail attachment, for example), that malicious program can do just about anything. Two lessons here: Don't run as an administrator, and password-protect all administrator accounts.
Weak passwords trump strong security. As pointed out in "The Ten Immutable Laws of Security," all your other security measures are for naught if malicious attackers can get past your password defense. (See "The Ten Immutable Laws of Security," reprinted in Appendix A.) Don't let your password selection (or lack thereof) be your weakest link.
INSIDEOUT
--------------------------------------------------------------------------------
Safely use an account with no password
Security enhancements in Windows XP mean that blank passwords aren't quite the risk that they are in earlier versions of Windows, including Windows 2000. In Windows XP, accounts with a blank password can be used only to log on interactively at the computer by using either the Welcome screen or the Log On To Windows dialog box. You can't log on to a non-password-protected account over the network or with Remote Desktop, for example. Nor can you use the Run As feature to run in the context of an account with a blank password. (And because Task Scheduler uses Run As to launch programs, you can't use a password-free account to run scheduled tasks.) These additional restrictions apply only to local accounts with no password; domain accounts are not afforded such protection. (However, sound domain policy would prevent the creation of a domain account with a blank password.)
Although these enhancements mean that if you don't use a password in Windows XP your greatest risk is from people who have physical access to your computer, you can be sure that malicious hackers are working night and day to find a way around these restrictions. Your safest bet: Don't rely on this protection. Use strong passwords—at least for your administrator accounts—even with Windows XP.
Troubleshooting
--------------------------------------------------------------------------------
Windows XP asks for a password, but you haven't set one.
When you upgrade a system to Windows XP, the Setup program assigns temporary passwords for use during setup. Ordinarily, these passwords are removed when setup is completed. If they're not removed for some reason, you're effectively locked out of that account until you determine or change the password.
If you can log on using another administrative account, you can change the password for the affected user account—but be aware of the potential problems and data loss that changing someone else's password can cause.
A better way to solve this problem is to determine the temporary password assigned by Setup, which you can do as follows:
Boot into the Recovery Console by following these steps:
Insert the Windows CD and restart your computer. Follow your computer's prompts to boot from the CD. (You might need to adjust settings in the computer's BIOS to enable the option to boot from a CD.)
Follow the setup prompts to load the basic Windows startup files. At the Welcome To Setup screen, press R to start the Recovery Console.
Enter the number of the Windows installation you want to access from the Recovery Console.
When prompted, type the Administrator password. If you're using the Recovery Console on a system running Windows XP Home Edition, this password is blank by default, so just press Enter.
At the command prompt, type systemroot to change to the %SystemRoot% folder—the folder where Windows XP files are located.
Type more setupact.log to display a file that contains the password information you need.
Scan the file contents for the line that begins "Random password for." Press Spacebar to display the next screen of the file. When you find the line, make a note of the user name and password. (Remember that the password is case sensitive.)
Reboot into Windows XP and log on using the user name and password information you found.
If Windows is installed on a FAT32 volume, you can boot from a Windows 98 or Windows Me boot floppy instead of using Recovery Console. At the command prompt, type edit %windir%\setupact.log to open the file. Use the Edit program's search command to locate the line beginning with "Random password for."
Libellés : Effectively, Passwords, Using, Windows
0 Comments:
Funny Blogs
Blogger Roll
Free Software
