hi..

i'm a newbie low level admin in my office.there's alot of xp machine in my department without admin passsword. I know what to do with w2k but not xp remotely. any idea.. these machine owner need to be disipline about it. thanks

report it to the person responsible for builidng/maintaining the machines, collect your pay on payday.

lol i am with the other person on this. just help out by telling the network admin and you will most likely be rewarded on payday. or. request that u get payed extra on payday for making the network more secure but pseronally. i dont think that it will make a difference now a days. if people have rainbow tables then its over anyways lol

BN says: Signatures like the one below are not allowed. They are too big and distracting. Get yourself noticed by the quality of your posts, not a huge siggy.

If you don't see a siggy below, it was already removed as I PM'd this person and requested it.

in fact on windows xp if u see in local policies, you can't use account with no password remotely.
for exemple:
net use \\ip "" /u:Administrator will certainley work but
dir \\ip\C$ will give an error because of the default policie.

so in a certain way its maybe more secure to put no password than a tiny 12345...

Thanks for a nice help.. i't would be nice to inform the friendly person (in charge). but not to an egoist manager or show off manager. SOme time, when i'm trying to help by asking that person to block a certain port for example 445 to the internet.. i'll get un comfort answer...

tq

maybe you haven't been there long enough to have weight behind your words....patience is the key.

Windows Xp by default takes every remote login as a guest account so it isnt a big hazard . U wont be able to access c$ d$ etc.

You can also try a program like Pwdump, this will take the hashes of the localpasswords, after that it will generate a .txt-file with the hashes (res.txt) take that file and download a program like L0ptcrack, just open that file in L0ptcrack and crack the passwords with it. this job can take a few min but it can also take hours to crack the passwords. Its just a possibility.

aisketui, if you're the admin in your department i suggest you email to the respective users who has admin blank password. tell them to take security measures.

you can also assist them on how to change admin password in your email. if they're too stubborn, try install dameware remotely into their boxes and see if they like it... lol. put a note on their desktops saying "Change Your Administrator Password".

usually, the network admin takes care of this issue. in a domain, the lifespan of users' password is being set there.

i tried dameware.. so far its only works with w2k, but not xp.. so do "push winnc". anyone succefull try dameware with xp?. but usualy theese pc didnt patch well.. i think , much easier to try nc with buffer overflow vurna.. to gain connection..

Why they fear someone else when when their low level admin is planning to use exploits on their employees computers . Using it may put ur job in prob .



And yeah empty winxp password is not a huge risk like win2k as it will take everyone as guest by default and want allow remotely admin login ( some good xp feature) . U can enable remote login then u can use dameware for remote install but u will need physical access in that case