Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3
4186 posts

Uber Geek

Trusted
Lifetime subscriber

  #1144253 30-Sep-2014 14:32
Send private message

If you have physical access to the machine compromising a local administrator account is a trivial exercise.

Enabling a strong bios password, disabling booting from removable media, will make this non trivial.
Enabling Bitlocker would pretty much kill any hope but most users are running home OS's that don't support it.












4186 posts

Uber Geek

Trusted
Lifetime subscriber

  #1144256 30-Sep-2014 14:35
Send private message

martyyn: 
The issue with using a BIOS lock is he needed access to the laptop for school work. That's why I think having his own, crappy one will have to be the way to go.


Generally you should be able to set a bios password in such a way that it prevents them altering settings and booting from removable media, but does not prevent them from booting the device.






 
 
 
 


1508 posts

Uber Geek


  #1144273 30-Sep-2014 14:37
Send private message

Can only do that then, give him the old one for schoolwork and then get a new one for parents. Make it an ULP machine so it is not fast enough for games, something like a low power ultrabook maybe or dare I say it, a Mac Air.
Make the parents account a normal user account too and create an admin user for them to use only when they need to install something. UAC will provide the prompt to authenticate.

My guess would be on him installing a keylogger or something similar if the parents are indeed using a suitably complex password, not entering it around him and locking the computer when they are not using it.




Try Vultr using this link and get us both some credit:

 

http://www.vultr.com/?ref=7033587-3B


4186 posts

Uber Geek

Trusted
Lifetime subscriber

  #1144333 30-Sep-2014 15:49
Send private message

paulmilbank: Can only do that then, give him the old one for schoolwork and then get a new one for parents. Make it an ULP machine so it is not fast enough for games, something like a low power ultrabook maybe or dare I say it, a Mac Air.
Make the parents account a normal user account too and create an admin user for them to use only when they need to install something. UAC will provide the prompt to authenticate.

My guess would be on him installing a keylogger or something similar if the parents are indeed using a suitably complex password, not entering it around him and locking the computer when they are not using it.


Unlikely to be a keylogger as they'd generally need admin rights to install in the first place, short of using unpatched vulnerabilities.

More likely something like http://pogostick.net/~pnh/ntpasswd/

That tool is one of a variety on the net that can do things like reset or blank passwords, enable and unlock accounts, and escalate accounts (e.g. make them administrators). Just boot off a CD/USB with that loaded and bob's your aunty.








2078 posts

Uber Geek


  #1144363 30-Sep-2014 16:14
Send private message

Lias: That tool is one of a variety on the net that can do things like reset or blank passwords, enable and unlock accounts, and escalate accounts (e.g. make them administrators). Just boot off a CD/USB with that loaded and bob's your aunty.


That is scarily simple, a moron could do it!

Now I understand why school IT support takes the approach of "just reimage it" when a little brat breaks their device.

2572 posts

Uber Geek


  #1144364 30-Sep-2014 16:17
Send private message

Lias:
Generally you should be able to set a bios password in such a way that it prevents them altering settings and booting from removable media, but does not prevent them from booting the device.


This. BIOS password, removable boot disabled, and complex password on any admin accounts. Of course, if he can physically access the CMOS battery or any BIOS reset jumpers that the device has, it's still quite possible to bypass. 

1844 posts

Uber Geek

Trusted
Subscriber

  #1144380 30-Sep-2014 16:49
Send private message

Inphinity:
Lias:
Generally you should be able to set a bios password in such a way that it prevents them altering settings and booting from removable media, but does not prevent them from booting the device.


This. BIOS password, removable boot disabled, and complex password on any admin accounts. Of course, if he can physically access the CMOS battery or any BIOS reset jumpers that the device has, it's still quite possible to bypass. 


Padlock the case ? Quite a few cases have the lug that allows a padlock to prevent case opening.




My thoughts are no longer my own and is probably representative of our media-controlled government


 
 
 
 


396 posts

Ultimate Geek


  #1144395 30-Sep-2014 16:59
Send private message

Inphinity:
Lias:
Generally you should be able to set a bios password in such a way that it prevents them altering settings and booting from removable media, but does not prevent them from booting the device.


This. BIOS password, removable boot disabled, and complex password on any admin accounts. Of course, if he can physically access the CMOS battery or any BIOS reset jumpers that the device has, it's still quite possible to bypass. 


Again, this - plus encryption.

Another possibility for the cost of another license or two for the parents would be if their personal systems were on a Win8(or 7)toGo USB drive e.g. http://www.rmprepusb.com/tutorials/win8togo . Leave the teenager to do what they want on the machine and just boot their own systems from USB when desired.

2169 posts

Uber Geek

Trusted

  #1144598 30-Sep-2014 23:45
Send private message

ESET will block all the malware and can be password protected.

'That VDSL Cat'
12461 posts

Uber Geek

Trusted
Spark
Subscriber

  #1144602 1-Oct-2014 03:17
Send private message

The tools for bypassing windows logins are so easy to use nowdays its no surprise really.

i recall a few years ago playing a prank on a friend at a LAN.. flashdrive to edit registry and enable the administrator account (ofcourse disabled by default on win7, default password.....)

Looking back, there were FAR simpler ways of doing it, and something that after doing it i said yeah.. that was a little too dodgy...


Simply put, 5 mins on google, and you can find plenty of ways to do it..


Password your bios, set it to by default not boot off flashdrives/cds etc, that should hopefully stop it being done too easily, and detour attempts.


Ild say best route is to give the teenager his own machine to fill with crap, keep your antivirus up todate so if he gets anything, your more likely to be able to catch it spreading.





#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

 


316 posts

Ultimate Geek


  #1144789 1-Oct-2014 12:28
Send private message

If any of my teens did this they'd not get to use the laptop...

Instead of trying to secure it and playing an ongoing game of cat and mouse - talk to the teen and tell them that it isn't good enough, lay down some ground rules and make it clear what the consequences will be if the rules aren't followed...

Buying the teen a laptop of their own is a reward for bad behaviour...

3455 posts

Uber Geek

Trusted

  #1145235 1-Oct-2014 23:34
Send private message

Bios bootup / HDD password
He will need to physically pull the thing apart to crack the password.

A bios password is reset by a jumper or removing the cmos battery on the motherboard.
A hdd password cannot be reset so easily - in fact i dont know any way to reset a hard drive password.




Ray Taylor
Taylor Broadband (rural hawkes bay)
www.ruralkiwi.com

There is no place like localhost
For my general guide to extending your wireless network Click Here




1095 posts

Uber Geek


  #1145252 2-Oct-2014 06:09
Send private message

What about a cheap desktop in the living room with the monitor facing in?

He can do his school work and they can see what he is doing.

But education about correct use with consequences must come first




2203 posts

Uber Geek


  #1145487 2-Oct-2014 11:45
Send private message

MadEngineer: ESET will block all the malware ....


no...it...wont
NOTHING will block all malware. Nothing. Ive seen malware get passed all common AV programs

It sounds like the kid needs to have some control/restraint imposed on him. Easier said than done at this stage of his life .

There are programs that prevent ANY changes to the system, any changes or newly installed programs are reverted on reboot
DeepFreeze is one, there are others. That works really well . You will need to make sure that DeepFreeze(or similar) allows saving of Doc's though , or simply make it known that docs must be saved to USB

1095 posts

Uber Geek


  #1145522 2-Oct-2014 12:40
Send private message

Another thing his parents could do is get an original surface rt, has the full office suite but good luck installing anything other than crappy apps

http://www.trademe.co.nz/computers/tablets-ebook-readers/tablets/auction-787757944.htm (surface 2)

http://www.trademe.co.nz/computers/tablets-ebook-readers/tablets/auction-786004945.htm 

but it is rewarding poor behaviour




1 | 2 | 3
View this topic in a long page with up to 500 replies per page Create new topic




News »

Freeview On Demand app launches on Sony Android TVs
Posted 6-Aug-2020 13:35


UFB hits more than one million connections
Posted 6-Aug-2020 09:42


D-Link A/NZ extends COVR Wi-Fi EasyMesh System series with new three-pack
Posted 4-Aug-2020 15:01


New Zealand software Rfider tracks coffee from Colombia all the way to New Zealand businesses
Posted 3-Aug-2020 10:35


Logitech G launches Pro X Wireless gaming headset
Posted 3-Aug-2020 10:21


Sony Alpha 7S III provides supreme imaging performance
Posted 3-Aug-2020 10:11


Sony introduces first CFexpress Type A memory card
Posted 3-Aug-2020 10:05


Marsello acquires Goody consolidating online and in-store marketing position
Posted 30-Jul-2020 16:26


Fonterra first major customer for Microsoft's New Zealand datacentre
Posted 30-Jul-2020 08:07


Everything we learnt at the IBM Cloud Forum 2020
Posted 29-Jul-2020 14:45


Dropbox launches native HelloSign workflow and data residency in Australia
Posted 29-Jul-2020 12:48


Spark launches 5G in Palmerston North
Posted 29-Jul-2020 09:50


Lenovo brings speed and smarter features to new 5G mobile gaming phone
Posted 28-Jul-2020 22:00


Withings raises $60 million to enable bridge between patients and healthcare
Posted 28-Jul-2020 21:51


QNAP integrates Catalyst Cloud Object Storage into Hybrid Backup solution
Posted 28-Jul-2020 21:40



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.