Recommended Posts

Security implementations are in many places - awful.

The random thing is good practise, heck you can do it easier - set all PC passwords the same then change them remotely using a script which saves the passwords (unique for each machine) to an encrypted USB and once done - remove the USB!

Also I like that you're trying to check out about the security but remember, the kid might be breaking the law but unless you've got it written into the agreement that the kid has with you and local laws allow, it's illegal for you to keylog him.

Oh and just a reminder for ANYONE involved in ANYTHING like this - decrypting or attempting to decrypt SSL data or capture data sent over SSL [including keystrokes] is illegal in the UK and EU, not sure about america - and you will get in serious trouble if you attempt to use that as evidence as anything because the data could be confidential such as the user's credit card details.

Friday afternoon was spent changing the local admin passwords on the labs that the students have access to. We also set the HDD as the only boot device and locked down the bios with a stong password. This can be reset very easily with the jumpers on the motherboard, so now we are looking at locks for the cases.

Luckily with the security that was already in place(I've been at this job since Thanksgiving), the user's 'hack' was isolated to the local machine. Sure, he knows a local admin password, but we caught him in another lab trying a series of passwords and none worked since each lab has a different local admin password. So that policy was effective as well.

Thanks for all the input.

where do they save their documents?

smartshield http://www.centurion...martshield.aspx

have fun with breaking things...reboot they revert back, the downside..don't save anything to the c drive or do installs/updates with the it enabled. You can set specific times for auto updates to execute so that it unlocks.

So why would his account have access to windows system32? Are you saying he booted the recovery tools that are installed on the disk or did he just have access to the folder in the first place?

A known way to access the windows system32 folder is via startup recover and then using the notepad file browser, etc..

Can you just disable those from booting with something like

bcdedit /set {default} recoveryenabled No

bcdedit /set {default} bootstatuspolicy ignoreallfailures

I thought there was a way to remove them completely or not install them in the first place. Its been awhile since I had to play with this sort of stuff.

Normal account should not be able to access the windows/system32 dir, and if you prevent boot from media remove the option to get to the recovery tools that might be installed on the disk you should be able to still allow for sticky keys ;) While preventing this sort of attack.

edit: So curious is this a OEM sort of installation, custom image your dept deploys? is there a recover folder with a winre.wim file? Having the recovery tools on the HDD that anyone with local access could boot is going to allow for all sorts of nasty things to be able to be done. I would completely remove those features. Admins should have to either reimage the machine or boot their tools after knowing the bios password so they can alter the boot menu, etc. Yeah it can be pain -- but if you want to prevent this sort of thing, then some pain has to be felt ;)

  On 25/01/2013 at 14:47, eXtermia said:

However if you enforece bitlocker with the key being backed (with hardware TPM) up to AD and only recoverable from AD admins there is no way they can use any off the street tool to add thierselves as Admin.

This is only true if it?s TPM 2.0. TPM 1.2 key security is defeated, as it has had known vulnerabilities for years that allow attackers to extract stored encryption keys. Also, motherboards that have the TPM as a removable card suffer from Man in the Middle attacks that allow you to observe the key in transit when released to the system assuming measured boot thinks no changes have occurred. TPM 1.2 keys are only secure when used in conjunction with +PIN, +USB, or +Network Unlock.

The primary reason to use TPM 1.2 without two-factor authentication is for a measured boot.

As of yet I haven't encountered any devices containing a TPM 2.0.

See the response in this article and see if it helps

1. Consider a BIOS boot password

2. Consider an FDE PIN based system

3. Consider 2FA for interactive logon

4. With Windows consider domain auth (no cached credentials) for interactive logons

5. With Windows consider do not store LANMAN Hash

6. With Windows consider protect the SAM DB using SYSKEY

7. Consider Require Smartcard for interactive logon.

8. Or a combination of the above.

http://www.infosecisland.com/blogview/15031-How-to-Log-In-to-Windows-Without-the-Password.html

BM - he used the driver signing option at boot and broke Windows so that it would launch its own repair, from there he used notepad to open a file browser. His student account did not have access to the system32 directory.

Yes, the techs image the labs and do mass rollouts of the computers. And yes, you're right- more security = more pain. But it's for the chillren, right? I'll start looking at ways to disable the recovery feature. Thanks for pointing me in that direction.

I have been reading this topic with a lot of interest...you have to give the kid some credit for his ingenuity. But I have a couple of observations:

1. Since he reset the password for the local admin and not for domain (which is a big headache I admit)...how much trouble can he cause. Since it is local he cannot access domain shares, accounts, etc...

2. I love budman's last post to edit the boot process and prevent access the recovery console. Between that and disabling boot options within the bios you should be able to prevent this in the future.

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • OpenAI to build giant AI hub in Norway, tightening US grip on Europe's tech future by Paul Hill OpenAI has announced Stargate Norway, its first AI data center initiative in Europe under the OpenAI for Countries program. It has a planned 230MW capacity and is expected to host 100,000 Nvidia GPUs by the end of next year, with a significant future expansion hoped for. The site will be built by Nscale and Aker will help on the energy side of things, they will form a 50/50 joint venture, owning the site. The Stargate Norway announcement follows Stargate UAE and other partnerships, indicating that OpenAI is looking at a global strategy for its infrastructure needs. Stargate Norway will run entirely on renewable hydropower in Narvik, Norway. OpenAI cited low-cost energy, cool climate, and mature industrial base, explaining that these make it an ideal place for the project to take shape. The facility will run on 100% renewable energy and will use closed-loop, direct-to-chip liquid cooling to ensure maximum cooling efficiency. The excess heat from the GPU systems will be made available to help support low-carbon enterprises in the region. While renewable energy is often seen as an ethical choice, in the case of Stargate Norway, it is being chosen for entirely practical reasons. The data center will require loads of energy to power AI so using Norway’s hydropower makes a lot of sense. OpenAI said that the project aims to deliver on Norway’s sovereign AI goals and provide sovereign compute capacity in Europe. The announcement also stated that Aker and Nscale will provide priority access to Norway’s AI ecosystem and any surplus capacity will be available to the public and private sectors across the UK, Nordics, and Northern Europe. With the establishment of Stargate Norway, the country expects to see new jobs created, more economic activity, and AI research collaboration with local institutions. OpenAI called the deal “one of the most ambitious AI infrastructure investments in Europe to date.”
    • Because it's just a one liner fix. One person ( StartAllBack dev ) was able to fix it... in a cave!
    • I have a first draft of the setup script available here if anybody is curious.  It'll work well enough for me, but obviously adapt it to your own needs as necessary. Link: https://gitlab.com/-/snippets/4876568
    • You make it sound like Microsoft’s success was inevitable—like they just coasted to the top because the system is broken. But that ignores how deep in the gutter Microsoft was. A bit more than a decade ago, Microsoft was a bloated, boring giant—universally hated by developer communities and seen as yesterday’s villain. It was well on its way to becoming the next IBM: slow, corporate, irrelevant. The company had a horrible public image, a toxic internal culture, and leadership plagued by stagnation. It was losing the browser war, failing at mobile, and completely missing the open-source wave—pouring good money after bad into battles it had already lost, playing an impossible catch-up game. Even tech enthusiasts openly wished for its demise. Microsoft’s comeback was nothing short of a miracle. Most companies that size, once caught in that kind of death spiral, never climb back out. But Microsoft reinvented itself—against all odds.
    • Samsung's profit nosedives again as chip division bleeds cash by Paul Hill Samsung has shared its second quarter financials for 2025. Unfortunately for the company, its operating profit plummeted to KRW 4.7 trillion, a sharp decline from KRW 10.4 trillion in 2Q24 and KRW 6.7 trillion in 1Q25. The Korean smartphone giant also recorded a significant drop of net profit to KRW 5.1 trillion in the second quarter, down from KRW 9.8 trillion in 2024 and KRW 8.2 trillion in the first quarter. Finally, overall revenue for the second quarter was KRW 74.5 trillion, a decrease from KRW 79.1 trillion in the first quarter. These figures are based on the consolidated financial statements that have been shared before the external review is completed, so some parts could change once it’s done. The worsening of performance doesn’t seem to be a Samsung issue, but rather a wider industry issue as Intel and LG Electronics have also seen poorer results in the second quarter. The Device Solutions (DS) division, which includes Memory and System LSI/Foundry, saw a big fall in operating profits to KRW 0.4 trillion in 2Q25 from KRW 6.5 trillion in 2Q24 and KRW 1.1 trillion in 1Q25. Despite an 11% increase in sales quarter-over-quarter for the Device Solutions division, profits were severely affected by one-off costs such as inventory value adjustments. The company said that its Foundry earnings were weak due to inventory value adjustments arising from US export restrictions on advanced AI chips to China and prolonged low utilization at mature nodes. Samsung’s Mobile eXperience (MX/NW) division maintained double-digit profitability and grew both its revenue and operating profit year-over-year. The Samsung Display Corporation (SDC) saw revenue increase from new smartphone models and growth in IT/Auto segments, and Harman also improved profitability with increased audio sales and cost optimizations. On the flipside, smartphone shipments fell compared to the first quarter when new models were released. However, good sales of the S25 series, A series, and tablets contributed to year-over-year growth. The Visual Display (VD) division saw earnings decline due to intensified competition despite improved premium sales mix. Going forward, Samsung wants to focus on improving Exynos competitiveness for its 2026 flagship lineup and expand sales of advanced sensors. It also said that its Foundry business will ramp up mass production of a new mobile System-on-Chip (SoC) with the GAA 2nm processor and improve factory utilization. The Mobile eXperience division is also looking to achieve solid profitability by reinforcing AI In tablets and wearables. It’s also planning to launch new form-factor products like XR and TriFold. With US trade tariffs not expected to go anywhere in the near future, Samsung has acknowledged that its Harman and Visual Display/Digital Appliances divisions will be under added pressure but plans to mitigate the impact through its global manufacturing footprint. Source: Samsung | Image via Depositphotos.com
  • Recent Achievements

    • Week One Done
      whiloh earned a badge
      Week One Done
    • Week One Done
      memnoch earned a badge
      Week One Done
    • First Post
      UAVXP earned a badge
      First Post
    • Dedicated
      Xinotema earned a badge
      Dedicated
    • Rookie
      MrNukes went up a rank
      Rookie
  • Popular Contributors

    1. 1
      +primortal
      658
    2. 2
      ATLien_0
      205
    3. 3
      Xenon
      133
    4. 4
      neufuse
      124
    5. 5
      Michael Scrip
      123
  • Tell a friend

    Love Neowin? Tell a friend!