XP Pro: administrator account dissapeared!

[Locke]

Hey guys! Wondering if anyone had some light to shed on this situation. I was just using the administrator account, then for some odd reason, decided to make my main account's name "Michael". I logged in as Admin, and made another administrator account named Michael. Anyway, The next time I booted up, I logged in(I use the "u to u" biometric fingerprint scanner to log in) I assumed to "michael", and saw my normal desktop yada yada everything was fine.The next time I restarted my computer, at the XP login screen, there was only "michael" and "guest".. no admin. I logged in as michael, and it showed me the desktop typical of a new user.. meaning all my setting are gone.

My question is: Is there any way to log into my now-invisible account names administrator? I didn't delete it, and the folder is still in the "docs and settings" folder. Thanks!

Locke

 

[bsobel]

This is the normal XP behaviour, they hide the admin account as soon as another admin account is created. I *think* you can log into the original account if you hit cntrl-alt-del at the fast login screen as long as no users are actually currently logged in.

Bill

 

[MedicBob]

cnt-alt-del twice quickly and it should bring up the "normal" 2000 style login box. You can log in as Admin from there.

Everything is the same as bsobel posted, but you do need to hit the cnt-alt-del twice.

 

[Locke]

Great! Thanks a bunch guys!

Locke

 

[SoulAssassin]

Originally posted by: L0cke
was only "michael" and "guest".. Locke

BTW, your guest account is enabled. I highly recommend disabling it.

 

[prosaic]

Regarding the guest account -- by all means, turn it off. But don't disable it. Big difference. The terms (turning of and disabling) are often used interchangeably. But they're not the same thing. There are consequences for disabling the account in Windows XP.

- prosaic

 

[CheetahMk2]

Your fixes are all a bit too inconvenient for my testes. Here is the ultimate fix:

1.) Download something called 'TweakUI' for Windows XP from Microsoft [not TweakXP from a third party].
2.) Run it and go to the 'Log On' section. Change the box next to 'Show users on Welcome screen:' Sub-column: 'Administrator' to checked.
3.) Next time you boot up, your Administrator account will show up in the Welcome screen with a little picture. You can also change its image and settings like normal in the GUIed-up 'Users'pannel in the Control Pannel.

Feel free to change any other settings you want with TweakUI. It is invaluable. Search for 'PowerToys for Win XP' in microsoft for further info.
If you REALLY want to rename the base Administrator account name in Windows, truly rename it, go into Start->Programs->Administrative Tools->Local Security Policy. Go to the sub-Tab [I forgot which exactly] that has the 'Accounts: Rename Administrator Account' and right click that to change what Windows itself calls the TRUE administrator account.

Regarding the Guest account: there are actually two so-called 'Guest' Accounts in windows. One is the one that users can log in as, and by all means, disable that. You can do that from the Users pannel in the control pannel. But, the other 'Guest', is actually a network user. That's the one you see in the My Computer->Manage->users one. That one is used if you share files on the network, any users that are network 'guests' use that. If you disable THAT account, you can't WinShare files. Also, delete/disable any 'hidden network users' you see in My computer->manage->users. You'll see some odd named ones, hell, even Compaq put in a couple 'help and support' usernames.... that I didn't approve of beforehand.

You can rename the network Guest account just like you did the Administrator account. I did so for clarity, but I am having some problems now, so I suggest leaving it as is.

CheetahMk2

 

[SoulAssassin]

Originally posted by: CheetahMk2
Regarding the Guest account: there are actually two so-called 'Guest' Accounts in windows. One is the one that users can log in as, and by all means, disable that. You can do that from the Users pannel in the control pannel. But, the other 'Guest', is actually a network user. That's the one you see in the My Computer->Manage->users one. That one is used if you share files on the network, any users that are network 'guests' use that. If you disable THAT account, you can't WinShare files. Also, delete/disable any 'hidden network users' you see in My computer->manage->users. You'll see some odd named ones, hell, even Compaq put in a couple 'help and support' usernames.... that I didn't approve of beforehand.

WTF are you talking about?

 

[SoulAssassin]

Originally posted by: prosaic
Regarding the guest account -- by all means, turn it off. But don't disable it. Big difference. The terms (turning of and disabling) are often used interchangeably. But they're not the same thing. There are consequences for disabling the account in Windows XP.

- prosaic

Sure leave it enabled. Since it's a built-in account and 99 out of 100 users don't rename it you have a primary attack point, and if you're enabling it, then you're probably giving it a blank password as well. Bad, bad security practice. Never, ever, ever enable the guest account. If you want an account for people who don't ordinarily login to the pc, create a seperate account. It's disabled by default for a reason. When you're done re-enabling it, please rename your admin acct as well (yes, you can tell which one it is by the SID but every bit helps). Those on the "enable the guest account" side, please post your IP's and see how quickly you change you mind.

 

[CheetahMk2]

Originally posted by: SoulAssassin


WTF are you talking about?

Try disabling/adding a password to the the Guest Account in My Computer->manage->users and then try to share crap on the network. I can almost guarantee it will prompt anyone trying to access a share [or even your computer, for that matter] for a password. and when you try accessing other users, It will try to automaticall log on with whatever name you put in 'Guest account name', even if that isn't what the network guest is on the other computer, unless the other computer has ForceGuest turned on.

I.E. It will totally f*** up.

And the Guest account doesn't necessarily have network access permissions. The 99/100 thing is the unpassworded Admin account on XP Home, not the Guest. You can choose to enable or disable network login for the guest account in the Local Security Policy. Problem solved. [I'm not going to say wether it does or not by default, as I have changed the inner workings of my machine, but I don't reacall having to change that]

CheetahMk2

 

[prosaic]

Originally posted by: SoulAssassin

Originally posted by: prosaic
Regarding the guest account -- by all means, turn it off. But don't disable it. Big difference. The terms (turning of and disabling) are often used interchangeably. But they're not the same thing. There are consequences for disabling the account in Windows XP.

- prosaic

Sure leave it enabled. Since it's a built-in account and 99 out of 100 users don't rename it you have a primary attack point, and if you're enabling it, then you're probably giving it a blank password as well. Bad, bad security practice. Never, ever, ever enable the guest account. If you want an account for people who don't ordinarily login to the pc, create a seperate account. It's disabled by default for a reason. When you're done re-enabling it, please rename your admin acct as well (yes, you can tell which one it is by the SID but every bit helps). Those on the "enable the guest account" side, please post your IP's and see how quickly you change you mind.

You're wrong. It is not disabled by default. It is turned off by default. Do some research. Here, let me help you get started -- http://support.microsoft.com/default.aspx?scid=kb;en-us;300489

And don't presume to teach your grandfather how to suck eggs. I wasn't trying to give anyone a lecture on network and local machine security. I was speaking to a specific point someone made about the disabling versus the turning off of the guest account in Windows XP. I've been through this a number of times around here, and I won't go throught the whole thing again. If you do a little searching here, and at the MSKB, and at many of the better-informed sites across the Web and then do a little reading you'll find enough verification of what I say. The problem is that the word "disable" is used very glibly and badly by a great many people. It is good for a home user to turn the account off. It is BAD for him to disable it -- at least if he wants print and file sharing to work.

It's easy enough to change the names of the built-in administrator and guest accounts by using the alternate user accounts applet (control userpasswords2 issued from the Start | Run dialog). It is also easy enough to give them passwords. The passwords should be strong ones. That's easy enough to do in both Home Edition and Professional. No Group Policy Editor needed for this task. And when the guest account has a password applied to it, it's no easier to get into than any other account. And when it is turned off, then it can only be used to access the machine remotely.

- prosaic

 

[prosaic]

Originally posted by: CheetahMk2

Originally posted by: SoulAssassin


WTF are you talking about?

Try disabling/adding a password to the the Guest Account in My Computer->manage->users and then try to share crap on the network. I can almost guarantee it will prompt anyone trying to access a share [or even your computer, for that matter] for a password. and when you try accessing other users, It will try to automaticall log on with whatever name you put in 'Guest account name', even if that isn't what the network guest is on the other computer, unless the other computer has ForceGuest turned on.

I.E. It will totally f*** up.

And the Guest account doesn't necessarily have network access permissions. The 99/100 thing is the unpassworded Admin account on XP Home, not the Guest. You can choose to enable or disable network login for the guest account in the Local Security Policy. Problem solved. [I'm not going to say wether it does or not by default, as I have changed the inner workings of my machine, but I don't reacall having to change that]

CheetahMk2

Er, that's exactly how it's supposed to behave. If you wish to share files on a WinXP peer-to-peer network you just turn on the guest account, rename it, give it a password, then turn if off. After you create some shares (I usually make them hidden by adding $ to the end of the share name), someone can access those shares by using the UNC (\\computername\sharename$ if using hidden, \\computername\sharename if not) or by browsing the network if the share name isn't a hidden one and NetBIOS is bound. When that someone tries to access the share he'll get a password dialog box. That's exactly what you want for security purposes, isn't it?

If the person trying to access the share is using Professional he'll see a little checkbox for remembering the password. If he checks it, he won't be prompted for the password when he comes back. This particular checkbox feature doesn't appear to be available in Windows XP Home Edition, so you always have to type in the password when using it.

This is all assuming that you're using simple file sharing, which is the model MS expects home users to use on P2P networks. If the OS copies are all Professional, you can turn off simple file sharing and use identical account names and passwords on the boxes so that they can access each others' shares. It sounds as though you're getting things confused between the two networking paradigms. Try going all one way or all the other way, and it will work better for you. (Hint: If some of the machines on the network are Home Edition you really need to go with simple file sharing for the whole network, unless you like fiddling around with ugly workarounds.)

- prosaic

 

[CheetahMk2]

Originally posted by: prosaic

If you wish to share files on a WinXP peer-to-peer network you just turn on the guest account, rename it, give it a password, then turn if off. After you create some shares (I usually make them hidden by adding $ to the end of the share name), someone can access those shares by using the UNC (\\computername\sharename$ if using hidden, \\computername\sharename if not) or by browsing the network if the share name isn't a hidden one and NetBIOS is bound. When that someone tries to access the share he'll get a password dialog box. That's exactly what you want for security purposes, isn't it?

Hm.. that would be what we all are aiming for [god knows why they took out useful password protecting on WinShare] but then there is the possibility you want to passwod certain folders while leaving others free to browse. That had me changing the actual access permissions to each folder, which is probaly the workaround you are talking about. As of now, I have not been able to get anyone to be pompted for a password when accessing a restricted share. That was the problem I mentioned prior. It just says 'Not permisions' and gives a big red squak box.

ChetahMk2

 

[prosaic]

Yes, it will probably all work better if you choose just one security model and work with it instead of trying to do workarounds. You can usually find a way to accomplish what you want, even if you have to do it in a manner to which you are unaccustomed. For instance, to differentiate between who gets access to a given share and who doesn't on a network using simple file sharing, it isn't really necessary to use Access Control Lists and risk confusing the issue. You could use hidden shares for the restricted stuff and transparent shares for the unrestricted stuff. Whether you restrict someone from access by making him type a password or making him type a UNC is only a small distinction. (The only real proviso here that the UNC can be read as it's typed, unlike a password which is masked as it is typed. So the hidden share isn't good where someone can be watched as he accesses the share.)

Another way of improving security against remote intrusion on Windows LANs is to unbind file and print sharing and NetBIOS from TCP/IP altogether on all of the machines. If you install a protocol like NetBEUI, it can provide for network browsing and file and print sharing without providing any access to anyone trying to come through the router. NetBEUI isn't routable. The shares are browsable and accessible to everyone on the local network (except for the ones you hide by adding $ to the name), but they aren't available to anyone on the outside even if someone gets through the firewall and NAT. I set up a lot of home networks for networking-neophyte friends and acquaintances this way because it runs like a train and is a no-brainer to use.

- prosaic

 

[CheetahMk2]

Counter to what you say, I have had experience finding hidden shares on other computers. All you need to do is query the RPC for a list of all shares, and boom, there you go. That's the reason 90% of all WinShare search engines also find hidden share stuff, because to them the $ distiction isn't there. Unless the programmer 'codes it out'.

I need to set up a model whereby it prompt for a password instead of just sending an access denied response... or maybe it is client-side.. but regardless, that disables one of th most utilitarian tools of windows. but more importantly, I think my local security policy is corrupt, and I should fix that first ^_^

CheetahMk2

 

[prosaic]

We were talking about whether or not the shares would be visible to a network browser. Of course remote queries about shares don't have to be honored if you have a group policy editor. And, if the user isn't binding shares to a routable protocol, a would-be remote exploiter gains nothing by even being told what shares exist on the machine in the first place.

If you queried my machines you wouldn't be getting a list of shares -- or the time of day, for that matter. But the average family using Home Edition behind simple NAT with a few simple precautions like these is safe enough from this type of remote exploit. Their greatest danger is the stuff they install themselves that phones home or that can use any of the various devious means of responding to a "master's" call that are available. Even stateful inspection firewalls won't protect these folks if they get annoyed by popups and alter the rules to allow the chicanery to proceed.

I think my local security policy is corrupt, and I should fix that first ^_^

It sounds as though you jumped right in to WinXP and tried to make it behave like earlier versions of NT, security-wise. I think your experience with it would have been different if you had tried to work with the security model it provides instead of trying to mold it into a more familiar format. That's what I did, too, when I first started using WinXP with the RC2 version a few months before the final release. I eventually learned that it's possible for the OS to be very secure and quite easy to make so.

- prosaic