dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
516
share rss forum feed


artesian79

join:2001-10-16
West Chester, OH

1 edit

[XPHome] User Accounts Issue

I have a computer being used by several people at a non Profit that I help maintain. They ended up with a Root Kit and having seen these before I decided to save time and just restore the O/S.

I've used system restore and it actually worked and I thought I was on my way to hopping off a remote session and decided to try to force them to using a limited account. We've talked about it before and they just never had time to test their applications.

So, I restored the system with their current Administrator (w/o a password believe it or not), added a new account as a limited account, and asked them to attempt to do what they need to do in the morning. Well, it didn't work and they needed to leave.

So my plan was to blow away the limited account so that they would log in tomorrow on Administrator as normal. But now I cannot delete the limited account b/c there isn't any admin authority account other than Administrator.

I added another account, gave it admin authority, deleted the limited account and logged in to Administrator in safe mode to get rid of the temporary admin authority account. I cannot do that either.

How do I remove the temporary administrator authority account to return the system to only 1 user - Administrator?

Thanks!



Wily_One
Premium
join:2002-11-24
San Jose, CA

Re: [XPPro] User Accounts Issue

I know this doesn't answer your question, but sorry the fact you had multiple users all running with Administrator privileges explains why that machine got a rootkit.



workablob

join:2004-06-09
Houston, TX
kudos:3

You are not able to delete the account or is it their profile folder in Docs and Settings you cannot delete?

Dave



artesian79

join:2001-10-16
West Chester, OH
reply to Wily_One

Oh, I know that. I just haven't been able to convince them otherwise. This may well have done that!



artesian79

join:2001-10-16
West Chester, OH
reply to workablob

It was the actual user account.

I resolved this by taking the the user account out of the "administrator" group via the Users and groups console. After a reboot the I was able to remove the userid. Now Administrator is the only admin authority for the PC and available only at safe mode.

BUT, I'm trying to do the same on an XP Home system and the snap in for Users and Groups in Computer Management isn't available in XP Home and I haven't found a way around this for Home.

Ideas anyone?


dave
Premium,MVM
join:2000-05-04
not in ohio
kudos:8
Reviews:
·Verizon FiOS

quote:
I added another account, gave it admin authority, deleted the limited account and logged in to Administrator in safe mode to get rid of the temporary admin authority account. I cannot do that either.
Semi-educated guesswork.

There must always be on log-inable member of the Administrators group available, and safe mode doesn't count.

Therefore: your choices:

a) Allow the Administrator account to be accessible not in safe mode. This means enabling the Administrator account; this can be done via secpol.msc, but probably not in XP Home. Likely a simple program could be written to do it.

b) Create another administrator account (member of Administrators)


artesian79

join:2001-10-16
West Chester, OH

Well semi-educated is better than no-educated at all!

I wish I could say that it was guesswork, but that would have been faster. It's just a work around that is available via XP PRO that I'm looking for in Home.



psafux
Premium,VIP
join:2005-11-10
kudos:2
reply to artesian79

Re: [XPHome] User Accounts Issue

If there is no local admin account (built in "Administrator" profile doesn't count), you must set one up before you can setup any other accounts. XP will require an admin account to be created first.

It is typical to have no password on the "Administrator" profile. During the XP installation a screen asks you to pick a password for the administrator account. It is possible to skip this step thus no password. It's one of the first things (a savvy) computer tech will check when the complaint is "My password doesn't work" and there are no other admin profiles to utilize in order to change/reset the password.

After a local administrator profile is created the "Administrator" profile is no longer selectable except in safe mode. It is not deletable through any conventional measures (and is not recommend to be deleted for the reason stated above among other reasons).