Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 10 Administrative Rights Issue


  • Please log in to reply
4 replies to this topic

#1 Junpaku

Junpaku

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:37 PM

Posted 26 October 2015 - 08:11 PM

My OS is Windows 10. I have the only admin account, and the other is a local standard user. I have bitlocker on, I disabled CMD, and regedit. How is this standard user still able to change his account to admin? What other measures can I take to prevent this from happening? Any help is appreciated.



BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:37 PM

Posted 27 October 2015 - 10:09 AM

Hi Junpaku :)

A standard user cannot elevate itself to Admin unless it uses an exploit in the Windows OS (zero-day). Even if the user was to enter the netuser command for Admin in the standard command prompt, he would get a "Error 5: Access Denied" message. So you can do all the little tweaks you want, but if unless he uses an exploit, a standard user cannot elevate itself to Admin without a Admin password.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 sabrinau

sabrinau

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 27 October 2015 - 09:28 PM

Make sure you enable BitLocker on your system partition. This can prevent others from offline elevating the standard account to administrator from a live CD.



#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:37 PM

Posted 28 October 2015 - 05:23 AM

He would need to have at least the Windows 10 Pro edition in order to use BitLocker. There's always alternatives for full drive encryption but it depends if you have your drive as MBR, GPT, UEFI or BIOS, etc.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:03:37 PM

Posted 28 October 2015 - 07:28 AM

In W8 you could access the built in Administrator account and use that to change the other accounts.

I believe that it's behavior is similar in W10 - and that there are ways to enable the account without having Admin privileges.

 

As these are "hacking" methods, we cannot discuss them here.

 

My question is, if you can't trust this other user, why are you letting them use your computer?


Edited by usasma, 28 October 2015 - 07:30 AM.

My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users