Student Password Reset in XP and Windows 7
Whilst testing our Windows 7 group policies I have found a rather large security flaw. When a user changes their password by ctrl+alt+del and selecting change a password, they can change the username and enter a new password for that user (obviously they need to know the users original password). Students can also change domain admin accounts :-/
I tested this on Windows XP and I get exactly the same result. I have checked over the net but nothing obvious is appearing. Can anyone help with this issue?