IT Security revisited

I was just reminded of the 10 Immutable Laws of Security (http://technet.microsoft.com/en-us/library/cc722487.aspx)

Law #1: If a bad guy can persuade you to run his program on your computer, it’s not your computer anymore
Law #2: If a bad guy can alter the operating system on your computer, it’s not your computer anymore
Law #3: If a bad guy has unrestricted physical access to your computer, it’s not your computer anymore
Law #4: If you allow a bad guy to upload programs to your website, it’s not your website any more
Law #5: Weak passwords trump strong security
Law #6: A computer is only as secure as the administrator is trustworthy
Law #7: Encrypted data is only as secure as the decryption key
Law #8: An out of date virus scanner is only marginally better than no virus scanner at all
Law #9: Absolute anonymity isn’t practical, in real life or on the Web
Law #10: Technology is not a panacea

Most of these are self explanatory. If you need more explanation, click on the link to view a more complete writeup.

In the past few weeks, I have had to “break” into a server where the administrator password was lost.

If the server is a standard Windows 2008 (or older) server that is not a domain controller, you can use a utility called Offline NT Password and Registry Editor (http://pogostick.net/~pnh/ntpasswd/) to blank out the administrator password to gain access.

If the server is a 2008 domain controller, there is a workaround which requires the following:

  • Server 2008 installation DVD
  • Physical Access to the server
  1. Boot the server to the DVD
  2. At the language selection, select Repair Your Computer
  3. Start the Command Prompt, and go to C:\windowss\system32
  4. Rename utilman.exe to utilman.bak
  5. copy cmd.exe to utilman.exe
  6. Restart the server normally
  7. At the login screen, press WindowsKey + U to bring up the Command Prompt
  8. Use the NET USER [Administrator Username] [Password] to reset the password. Note that password complexity and other policies will still apply. Also, in SBS2008, the administrator user is disabled by default, and another username will be used. NET USER will provide a list of all users.
  9. After successfully logging in, you will need to repeat steps 1-4 and undo the file changes you made earlier.

Why am I publishing this information openly? This information is readily available on the Internet. If you follow the laws as listed above, particularly Law #3, then others will not be able to access the system maliciously. Be careful, Be safe!

Leave a Reply

Your email address will not be published. Required fields are marked *

Solve the Equation to continue * Time limit is exhausted. Please reload CAPTCHA.