Administrative Rights Issue

[Junpaku]

My OS is Windows 10. I have the only admin account, and the other is a local standard user. I have bitlocker on, I disabled CMD, and regedit. How is this standard user still able to change his account to admin? What other measures can I take to prevent this from happening? Any help is appreciated.

 

[John Connor]

Uninstall Windows 10...

And why are you using balloonshark's avatar?

 

[sm625]

Maybe he got access to the hidden administrator account. You have to find out how to display all user accounts. There are tutorials which tell you how to enable the hidden administrator account, but that only works if the name wasnt changed.

 

[Yayo3p]

He has your admin password and changes his to admin? lol

 

[sm625]

lol we are assuming the OP has of course changed his password AND all security questions to something that absolutely cannot be broken. That is the correct assumption, yes? 😛

 

[mindless1]

Check the USB port for a keylogger and the room for hidden cameras. Install the OS fresh again then monitor the user by putting a keylogger and camera on it. 🙂

 

[PrincessFrosty]

Is bitlocker encrypting the entire disk, or just portions of it?

You can always boot off a USB key which has recovery tools on such as Hiren's BootCD and use them to unlock the hidden administrator account and set the passwords to blank, that gives them full admin rights on the device.

If you have FDE (Full Disk Encryption) enabled then this will prevent other OS's from modifying the disk which is how these password reset tools work.

Otherwise the only other methods I'm aware of are local privilege escalation vulnerabilities in windows which crop up from time to time and are patched by Microsoft, that means keep your windows patched and updated as frequently as possible.