+ Post New Thread
Results 1 to 6 of 6
Windows Thread, Student Password Reset in XP and Windows 7 in Technical; Hi All, Whilst testing our Windows 7 group policies I have found a rather large security flaw. When a user ...
  1. #1
    jamiesev's Avatar
    Join Date
    Mar 2008
    Location
    Somerset
    Posts
    47
    Thank Post
    39
    Thanked 5 Times in 5 Posts
    Rep Power
    14

    Student Password Reset in XP and Windows 7

    Hi All,

    Whilst testing our Windows 7 group policies I have found a rather large security flaw. When a user changes their password by ctrl+alt+del and selecting change a password, they can change the username and enter a new password for that user (obviously they need to know the users original password). Students can also change domain admin accounts :-/
    I tested this on Windows XP and I get exactly the same result. I have checked over the net but nothing obvious is appearing. Can anyone help with this issue?

  2. #2

    Join Date
    Dec 2007
    Posts
    878
    Thank Post
    92
    Thanked 165 Times in 140 Posts
    Rep Power
    49
    The key point here, as quoted by yourself, is..obviously they need to know the User's original password...

    It's no different (and effectively an alternative method) from logging on as that other person('s account) pressing ctrl+alt+del and changing password.
    It's not offering any additional elevated privileges.
    Last edited by MYK-IT; 6th March 2012 at 10:17 AM.

  3. #3

    Join Date
    Mar 2011
    Location
    Bournemouth
    Posts
    280
    Thank Post
    16
    Thanked 74 Times in 64 Posts
    Rep Power
    22
    If they know a password to a domain admin account, I think changing the password is the least disastrous thing they could do... they could also delete everything out of AD, remove all your files, use adsi edit to break you whole domain! Best not to tell them

  4. #4
    jamiesev's Avatar
    Join Date
    Mar 2008
    Location
    Somerset
    Posts
    47
    Thank Post
    39
    Thanked 5 Times in 5 Posts
    Rep Power
    14
    I'm sorry, I think I never made my question clear enough. I am well aware of what could happen etc. What I was hoping to find out is if there is away to either stop students from changing passwords via permissions, security settings / group policy, or if there is a way to gray out the username field so they can only change their own password.

  5. #5

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,593
    Thank Post
    725
    Thanked 1,685 Times in 1,500 Posts
    Rep Power
    432
    If they know other users password you have a bigger problem on their hands otherwise the issue you've described is not really a problem.

    Ben

  6. #6

    Steve21's Avatar
    Join Date
    Feb 2011
    Location
    Swindon
    Posts
    2,731
    Thank Post
    344
    Thanked 520 Times in 488 Posts
    Rep Power
    180
    Quote Originally Posted by jamiesev View Post
    I'm sorry, I think I never made my question clear enough. I am well aware of what could happen etc. What I was hoping to find out is if there is away to either stop students from changing passwords via permissions, security settings / group policy, or if there is a way to gray out the username field so they can only change their own password.
    There's one in AD "User cannot change password", but greying out the username box seems pretty silly, as they could still just logon with someone elses account and change the password as such, But yes AD option seems to be what you're asking for. Under account tab. (Just remember not to make them expire, if they cant change )

    Steve

SHARE:
+ Post New Thread

Similar Threads

  1. Changing Password problems in Windows XP on Windows 2008 Domain
    By wesleyw in forum Windows Server 2008
    Replies: 1
    Last Post: 10th September 2010, 11:50 AM
  2. using the same wds server for xp and windows 7 deployment
    By ful56_uk in forum O/S Deployment
    Replies: 6
    Last Post: 16th June 2010, 10:06 AM
  3. [Windows Software] Windows 7 Pro. upgrade deployment to replace old Win XP and Vista
    By albertwt in forum Licensing Questions
    Replies: 8
    Last Post: 21st April 2010, 01:53 PM
  4. Replies: 3
    Last Post: 29th March 2010, 01:01 PM
  5. Replies: 2
    Last Post: 19th August 2005, 07:49 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •