BeyondTrust - Secure Remote Access and Privileged Access Management
Announcement:
Be among the first to secure AI coworkers before they act. Request early access to AI Agent Security.

Physically securing a PC from would be thieves is not as simple as having a secure password. Last night my friend and I proved that point. His son “forgot” the password to his Windows XP Desktop. While there are many, many tools on the web to delete a password by booting to an alternate OS and hacking the system, it came as a surprise that Microsoft allows you to change ANY password with the original setup CD. Consider the following steps:

All you need is access to Windows XP installation media and the system to boot from the CD Drive. After this, I remembered some of my newer systems come with a boot partition and allow me to essentially run this procedure without a CD at all. All I need to do is interrupt the boot process and select the alternative Recovery Partition to initiate the same changes. If you are trying to secure your system(s) and cannot limit physical access, consider the following steps to make sure procedures like this will never work:

Note: Consider item 4. If a newer flat panel is used that has USB ports, consider not using the cable to activate them. It is an easy way to plug in a thumb drive and copy information off the system without ever touching the physical chassis itself. Physical and password security go hand-in-hand. There are many easy tricks to crack a password when a user has physical access to the host so consider also securing the device if the information contained within is valuable to your business.