winutil icon indicating copy to clipboard operation
winutil copied to clipboard

Published 20 hours ago verified publisher icon ChrisTitusTech

Tool disable Admin account

Open KoXz666 opened this issue 2 years ago • 2 comments

Hi. I had big issue with this tool. I had enabled admin account for instalations, and my user accout wasnt admin level, only user. After using this tool and restarting pc Admin user was disabled and I had only one user level account and I was screwd. With this account I cant enable Admin user again. Be careful and sorry for my english

KoXz666 avatar Nov 25 '22 20:11 KoXz666

Which tweaks did you run? Looks to be similar issue to #404

Edit: Nevermind think I found it. @ChrisTitusTech looks to be part of the Telemetry, not sure the reason it's in there. Shall we remove it or check if there are other administrators on the computer? https://github.com/ChrisTitusTech/winutil/blob/f83ffaf0a9acd343dc7470d03d640fceade7450b/winutil.ps1#L769

DeveloperDurp avatar Nov 26 '22 00:11 DeveloperDurp

I think, check if there are other administrators on the computer will be smart. But, Im not sure the reason too. Admin acc is disabled in default, so, if somebody enable it, he needs it to be enabled

KoXz666 avatar Nov 26 '22 03:11 KoXz666

I think it is a remnant of something I added a long while back, as having the built-in admin account enabled is a security vulnerability. It is probably ok to remove though, as enabling it is a conscious action someone has to perform.

Carterpersall avatar Nov 28 '22 21:11 Carterpersall

I would say the security vulnerability is debatable. Normally I would use the built in administrator account similar to a linux root account and my user profile would be setup as a standard user.

I haven't done it in a while as I seldom use Windows as a primary OS these days.

DeveloperDurp avatar Nov 28 '22 21:11 DeveloperDurp

Wait.. If is Admin account enabled and have strong password, its vulnerability? I dont think so. Without password maybe.

KoXz666 avatar Nov 28 '22 21:11 KoXz666

Having the account enabled creates a possible point of entry for an attacker, but with a strong password it shouldn't be an issue.

Carterpersall avatar Nov 28 '22 21:11 Carterpersall

@DeveloperDurp Yeah lets remove it. Disabling admin is easy to re-enable through a simple SAM hack anyway. It's not like this really makes Windows secure.

ChrisTitusTech avatar Nov 29 '22 04:11 ChrisTitusTech

@DeveloperDurp What just happend? Im not sure, if I understand. Idk what is SAM hack. I had to reinstall the entire OS after this issue. I thought being user lvl (not administrator) is more secure, but I need way to install some game etc. So I enable admin account and give him strong password and after that I make me only "user". Nevermind.. https://github.com/ChrisTitusTech/winutil/pull/462 -> this means issue is solved and I can use tool again without worries?

KoXz666 avatar Nov 30 '22 01:11 KoXz666

Security Account Manager (SAM) from my understanding all local accounts in Windows is susceptible to this kind of hack. Best example I can think of is there are bootable ISO environments that allow you to reset the password of local accounts. This changed however when Microsoft introduced their online accounts. I usually operate under the assumption if someone has physical access to a computer they can break in.

As for this happening again I would hold off for now.

@ChrisTitusTech I am looking at the code and it looks like it didn't change anything after merging in #462

https://github.com/ChrisTitusTech/winutil/pull/465/commits/4522e8861650ddbc8bcf2712a3e56e34091855d2

DeveloperDurp avatar Nov 30 '22 01:11 DeveloperDurp

@DeveloperDurp strange, I guess during the update branch it wiped out that modification. I just repushed the commit b7fa066197e07d0dcbc03adab1bb541e3674ef18

ChrisTitusTech avatar Nov 30 '22 20:11 ChrisTitusTech