Logon as administrator with blank password on Winxp

[Completebald]

Hello,
I was wondering whether it is at all possible to login to winxp box remotely as administrator with blank password. Since winxp has policy to only accept blank password logons from terminal.

I'm not hoping for a tutorial on how to do it I'd just like to know if someone knows of a way to do it. And if there is some fairly universal method or if it's just too complicated for newbie to comprehend.

I hate to spend a day researching something only to find out that I would need to invent it first to be able to do it

P.S. Consider the hypothetical machine secured with only netbios port open and no other extra service running. Windows was just freshly installed with everything set to default and passwords left blank. You have no physical access to the box

Thanks for any reply,
Marc

[thorin]

0) A quick session of google'fu can get you the answers you wish.
1) I was able to find some MS documents that suggest a blank admin password is possible.
2) I found a few references stating if FAT32 drives are used a few files can be removed to end up with a blank admin password (use a linux/dos boot disk to remove them etc).

P.S. Consider the hypothetical machine secured with only netbios port open and no other extra service running. Windows was just freshly installed with everything set to default and passwords left blank. You have no physical access to the box

If you don't have physical access to the box how can you ensure no password was set?

[Completebald]

thanks for reply thorin,
however:
0) I've been googling for hours with no result
1) if you're refering to this: hxxp://technet2.microsoft.com/WindowsServer/en/library/45acdbfd-7d8e-4b70-b332-97f9e2d975e11033.mspx?mfr=true
Than it involves changing security policy and windows would no longer be in default configuration.
2) I don't wish to remove the password, it is already blank. I want to logon remotely to the computer with blank administrator account.

I'm not talking about specific machine, but method to gain access under mentioned conditions.

My research suggested that this is not possible and I guess I was right.

Thanks anyway for the effort

[elazar]

thanks for reply thorin,
however:
0) I've been googling for hours with no result
1) if you're refering to this: hxxp://technet2.microsoft.com/WindowsServer/en/library/45acdbfd-7d8e-4b70-b332-97f9e2d975e11033.mspx?mfr=true
Than it involves changing security policy and windows would no longer be in default configuration.
2) I don't wish to remove the password, it is already blank. I want to logon remotely to the computer with blank administrator account.

I'm not talking about specific machine, but method to gain access under mentioned conditions.

My research suggested that this is not possible and I guess I was right.

Thanks anyway for the effort

You are correct, you would have to change the policy, there is no other way. By default, Windows XP and Windows 2003 will not allow blank administrator logons over the network unless the policy setting is explicitly disabled. Quote from the policy setting itself:

Accounts: Limit local account use of blank passwords to console logon only

This security setting determines whether local accounts that are not password protected can be used to logon from locations other than the physical computer console. If enabled, then local accounts that are not password protected will only be able to log on at the computer's keyboard.

Default: Enabled.

Caution:
Computers that are not in physically secure locations should always enforce strong password policies for all local user accounts. Otherwise, anyone with physical access to the computer can log on using a user account that does not have a password. This is especially important for portable computers.
If you apply this security policy to the Everyone group, no one will be able to log on through terminal services.

Notes:
This setting does not affect logons that use domain accounts.
It is possible for applications that use remote interactive logons to bypass this setting.

Note to the mods: This probably belongs in the "General IT" forum...

[Completebald]

thanks elazar,
yeah it's not 'supposed' to be possible But I was wondering if any of those expert members here have ever managed to overcome this in their security testing.

But I guess, you're right, it's nearly impossible to gain access remotely in this scenario.

Thanks for your opinions.

[Re@lity]

Moved to General IT Discussion.

Completebald: Please try to select an appropriate (sub)forum when posting......

[purehate]

thanks elazar,
yeah it's not 'supposed' to be possible But I was wondering if any of those expert members here have ever managed to overcome this in their security testing.

But I guess, you're right, it's nearly impossible to gain access remotely in this scenario.

Thanks for your opinions.

In my experience if remote registry is left on then changing the policy's is fairly easy after that.

[FedorEmelianenko]

No you cannot but! you can create a new account and add the administrator to the local account/group

I have no Idea why you would tho, you may as well share your drives too lol

[Completebald]

Ok thanks to all for their contributions.

purehate: true, it would be fairly easy, unfortunately remote registry is off by default

My question was meant more from security point of view than Windows mastery, if you know what I mean. I wanted to know whether it is possible to logon remotely without physical access,.

But the more I read about it, the more I realize that my question was rather naive
There are ways, but much more complex ones that I originaly imagined.

For this reason, I would ask moderators to close this thread. The question is poorly formulated and the discussion has therefore little potential.

[balding_parrot]

Ok thanks to all for their contributions.

purehate: true, it would be fairly easy, unfortunately remote registry is off by default

My question was meant more from security point of view than Windows mastery, if you know what I mean. I wanted to know whether it is possible to logon remotely without physical access,.

But the more I read about it, the more I realize that my question was rather naive
There are ways, but much more complex ones that I originaly imagined.

For this reason, I would ask moderators to close this thread. The question is poorly formulated and the discussion has therefore little potential.

There is potential here for knowledge to be gained, given the right kinds of answers from the right people.

So for that reason, amongst many others, it will stay open for now, at least.