Weekly Security Tip: Setting an Administrator Password
The Administrator account is actually the default account on a new install of Windows XP. It has no restrictions on changing any facet of your system, giving this user full control. Sometimes a computer will come with a guest or a general account created for the initial user. This is typical if you buy your PC from one of the larger companies. Otherwise, the Administrator account is the one you use until another account is created. If another account is created you will notice at the next boot that the Administrator account is not available.
According to Microsoft, the first thing you should do with a new PC is to create Limited User Accounts for all the individuals who plan on using it so they don’t have free reign over your system. I agree with this to a certain extent, especially in a business environment. At home, limiting the privileges of certain users (my children, for instance) is a very good idea, but it’s a pain for me to log into a separate account all the time just to install a program or perform some other procedure that you can’t do using the Limited User Account.
My solution is to create an account with administrator privileges and use a GOOD PASSWORD to protect this account. This should be enough to stop anyone from getting into the system who you may not want to have Full System Administrative Rights. You don’t need to be an IT professional to know that that could be very, very bad.
Another thing that you should always do is password protect your hidden Administrator Account. By rebooting the PC into Safe Mode, it’s possible for someone to get to the administrator’s log in screen. This account is not password protected unless you set one, which hardly anybody does. Stop potential sneaking fingers and prying eyes from gaining administrative rights by applying a password to this account. That’s what we’re going to do today.
Before we begin, there are two things you should keep in mind:
1. There is a different method for the Home and the Pro versions of Windows XP.
2. If you are going to password protect your Administrator account, then you want to create a Password Reset Disk to get yourself out of a jam if one presents itself.
Password Protecting your Administrator Account:
XP Home: Safe Mode is actually where the XP Home users have the option to create a password for the Administrator account. Reboot your PC into Safe Mode and choose the Administrator account which should now be available. When Windows finishes loading, go to Control Panel>User Accounts. Select the Administrator account. From here you can set a password for your Administrator account. WRITE DOWN YOUR PASSWORD EXACTLY! Reboot normally and you should be set. Just don’t forget your password.
XP Pro: With Windows XP Pro you can change the Administrator account in two ways, the one shown above and also by using the MMC (Microsoft Management Console), a flexible administrative tool in SP Pro that allows you to create custom utility windows or consoles. You need to add Snap Ins, basically modular components to the console, to make MMC effective. Think of the MMC as an empty toolbox that you would load up with the appropriate tools (Snap-Ins) for the job.
To perform this procedure using the MMC, go to Start>Run, type mmc in the Run box, and select OK.
This will bring you to the MMC (Microsoft Management Console) From the MMC’s interface choose File>Add Snap In from the Add Snap In Window, choose ADD from the bottom, and choose Users and Groups from the list. You may have to scroll down a little on the list.
Once you have the Users and Groups plug-in working, select CLOSE at the bottom of the Add Stand Alone Snap-In window. Expand the Users and Groups in the left panel by selecting the little + symbol on the left and then highlighting the Users Folder. In the right panel of the MMC window, you should see the contents of the folder with the top entry being the Administrator account.
Right-click the Administrator account and choose Set Password. You will get a warning message about lost data on certain folders (explained below). Select OK when you feel confident you’re not going to lose any data by doing this, and you should be all set.
Your Administrator account should no longer be a security hole. My suggestion for your next step is to go and create a Password Reset Disk so if you ever forget your password you can still get into your system.
There is one more thing I would like you to consider. If you’re going to password protect a PC that you’ve had for a while, make sure you don’t have any encrypted files that you can’t afford to lose. The process of password protecting your Administrator account will deny you access to certain files that you may have encrypted. This shouldn’t be an issue for most people, but I want to make sure that you all understand what the warning message is saying about the loss of data.
~ Chad Stelnicki