Jump to content
Sign in to follow this  
aliali

Standard user has admin privileges

Recommended Posts

Ok a group I do volunteer work for has thrown this my way. A user is playing around with some stuff he shouldn't be.

Main issue is he is getting admin access to the computers, probably using a boot disk or usb to make the changes, this should be an easy fix by locking out the boot order in the bios and passwording the bios.

However there are changes he has made that I would like to know more about.

PCs are in a workgroup (not domain).

The standard user account has been changed to an admin level account via, I assume, registry or local group policies. Now the odd thing is if you go to control panel > user accounts the standard user shows as a standard user, but if you click on that user to make a change it shows as an administrator and the standard user and change account type buttons are greyed out. Trying to remove the account also fails with nothing happening ( no error on screen just a silent fail).

Now all the affected PCs will be clean reinstalled soon so I don't "need" to know what was done but I damn well would like to know and possible ways to prevent it.

 

So any windows gurus know where I should be looking for what was changed? Also any suggestions on prevention?

 

Cheers.

Share this post


Link to post
Share on other sites

Also any suggestions on prevention?

A very polite boot out the door would be my suggestion.

Share this post


Link to post
Share on other sites

$10 says he booted into safe mode, used the default ADMINISTRATOR login, and gave himself permissions using local policy.

 

That would result in the account being called 'standard' or 'limited' but the policy is applying admin access.

Share this post


Link to post
Share on other sites

$10 says he booted into safe mode, used the default ADMINISTRATOR login, and gave himself permissions using local policy.

 

That would result in the account being called 'standard' or 'limited' but the policy is applying admin access.

In Win 7 ultimate Built-in Elevated Administrator Account is disabled by default so no login to it available even in safe mode.

The only user admin account is passworded by a complex password.

Share this post


Link to post
Share on other sites

that little guy is like my favorite tool ever :)

I'm a bad bad boy :P

 

Just go and "dreamon: one of the machines and see if it works.

Edited by Master_Scythe

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×