On Thursday 14 May 2009 15:39:29 Susan Bradley wrote: > We're talking XP Home here, right? A admin account without a password > cannot be access remotely over the internet, so if you have physical > access at all times of that Asus netbook it's arguably more secure in > some circumstances. Not just XP Home. I can confirm that this "vulnerability" is a standard feature of several OEM and MS released versions of both XP Home and XP Professional. In both cases I've had to manually re-set the password to something. This seems to be a "feature" - since if you have to use the recovery console it'll ask you for the password for "Administrator"... by default it's blank and you can just hit enter. DRH > nameless wrote: > > Susan Bradley wrote: > >> 3. For XPs it's kinda handy to have a blank admin password when you > >> sometimes come in on a network and need to get to that particular > >> machine and you didn't set it up, otherwise you have to use the Admin > >> password boot disk trick and reset the password to blank. > > > > You should only do the above recommendation, if you like to have your > > boxes owned. > > > > You should not have any administrative accounts named "Administrator" > > and _all_ administrative accounts should have a _STRONG_ password > > associated with them. > > > > No exceptions. > > > > Password safes are available at no charge. If you somehow forget your > > password, you can always reset it via AD or resetting the SAM.
