WinXP Priviledge Escalation Problem

[Yohhan]

Is it fairly easy for a limited user to escalate their privileges to administrator on WinXP home? I'm having a problem with a user who seems to be able to gain administrative rights fairly easily, even though he should be setup with just a limited account.

 

[Alex]

from within a guest account on wxp you cant really do much at all. my roomate last year had xp home and a guest account for me but i just figured out his password and kept changing my priviledges etc just to mess around with him he never figured it out and i insisted that i managed to do that by "hacking the mainframe"

so yeah i dont think its really possible to do anything apart from surf the web from within a guest account and definitely not change settings so this guy knows your password or something... my 2cents

 

[MrChad]

Guest account != Limited account.

I don't know how he could escalate his privileges without knowing your administrator password. You do have password protection on all of your admin accounts, right?

 

[Yohhan]

I have a password on the administrator account.

Both mine, and the "hidden" administrator account that boots up in safe mode.

So guest mode is more restrictive than a limited account?

 

[Alex]

Originally posted by: Yohhan
I have a password on the administrator account.

Both mine, and the "hidden" administrator account that boots up in safe mode.

So guest mode is more restrictive than a limited account?

yeah a guest account is like when you use a public terminal somewhere you can pretty much just run whats in the start menu and surf the internet...

 

[spyordie007]

If he doesnt know the password to any of the accounts that have administrative privilages than you have a serious issue. It could be that the system is missing critical updates (there have been a number of volunerabilities that allow for privilage elevation) or it could be that your system has been comprimised and he is aware of it (i.e. trojan/back door).

Whatever the case you know the system has been comprimised, it's going to be next to impossible to ever consider this system "clean". At the very least I would suggest a very thourough audit of the software and configuration and to change the passwords for all your accounts that have any level of privilages on the system.

I would also make your knowledge of the situation clear to him as well as making sure he knows that this kind of behavior is absolutly not acceptable (assuming it is something he did). If this is a personally owned system I wouldnt allow him to use it any more; if this is an institution I would suggest formal diseplenary action.

I take security breaches very seriously, if this were one of my systems his job would now be on the line.