ITfall

The default Administrator account in Windows XP is often overlooked, and many users do not even know that it exists. This account may open a security hole if someone can get into your computer physically.

I’ll make it clear from the beginning; When I say physical access, I am not talking about hacking/cracking your computer with password recovery software/disks or using bootable disks to access your data or, worst case, opening your computer’s case and picking up your hard disk. I am also, not referring to any security hole that the technical structure of Windows accounts may pose.

The presumed person who might try to have unauthorized access to your computer might be anyone you know, just having the basic access to your computer; access to the power button and keyboard.

Normally, Windows XP computers have 2 or more accounts that are in the Administrators group. These are: The default Administrator account and another administrator account which is the one that you usually use (you may also have more admin accounts).

What I have seen is that rarely do users have the default Administrator account password protected. This happens because during Windows XP deployment, Windows does not require you to enter a password for that account; you can just keep it blank. With this, the computer is subject to unauthorized access from someone that can get physical access to it.

So how can someone access the computer with the default Administrator Account when it is not password protected (i.e. blank password)?

It depends on how your logon and logoff options are set on your computer, 2 cases:

• Welcome screen is enabled. This is the case where you just click on the user account name to logon. Here, the default Administrator account does not show up. To access it you need to start the computer in Safe Mode. After that, the account will show up on the Welcome screen as Administrator. Since the password is blank, a user needs only to click on that name to have full administrative access to the computer.
  (Please note that if your computer has the default Administrator account as the only admin account, then it will show up in the normal Welcome screen (i.e. not in safe mode) and would probably be the account you are using).
• Welcome screen is disabled. This is the case where you have to type the name of the account as well as the password. Here, the default Administrator account can be accessed by typing Administrator as the account name and leaving the password field blank and then enter. As you have noticed here, the user does not need to enter safe mode to have access.

Now that you know that keeping the default Administrator account password blank is risky, do the following to prevent users from having easy administrative access to your computer:

• Create a password for the account. Login using that account (the above mentions how) and then go to Start, Control Panel, User Accounts. Click on Administrator account and then click Create a password. Fill the fields and click Create Password.
  (You can also create a password for that Account using another account in the Administrators group by using the Computer Management Console).
• Disable the account. If you do not need the default Administrator account, which is usually the case, disable it. To do so,
  1. Logon as your normal admin account and enter the Computer Management Console by right clicking on My Computer then choosing Manage.
  2. Expand System Tools, and then expand Local Users and Groups.
  3. Select Users.
  4. On the right pane, right click on Administrator and choose Properties.
  5. Check the Account is disabled checkbox.
  6. Click OK.

You can do one of the above choices or both. I recommend both (really better and more secure).

(Please note that if the default Administrator account is the only admin account on your computer you DO NOT need to disable anything and would probably be the account your are using).

You may want to see the following:

• To see how to change the log on and off options see the Microsoft KB article, How to change the logon window and the shutdown preferences in Windows XP .
• To see how to start windows in Safe Mode see the Microsoft page, start the computer in safe mode .