Password in XP

aardvaak

Can someone advise me how I can use a password to boot my computer running XP - at present I have no password?

DrSmutt

what you want to set a password?

goto control panel and click on user account

then pick a user and look for a link to setting a password.

Darksun

Be advised that the Windows XP password security isn't very good. If you have sensitive information on your computer, you should look into encryption methods.

John_Gray

It sounds to me you are referring to the BIOS passwords (often called Power-on password and/or Supervisor password, etc) which are usually left blank so they do not hold up the boot process. The previous posts refer to XP account passwords which you can set to prevent unwanted persons logging on once XP has started.

The BIOS passwords depend on what BIOS-writing firm was chosen by your PC manufacturer. Dell uses Phoenix, other firms use AMI, and so on. You need to go into (BIOS option) Setup shortly after you power the PC on (turn the monitor on about fifteen seconds before you turn the system unit on) and look at the messages which get issued. To get into Setup you will be told to press a specific key, like Del, F1 or F2 (this depends on the BIOS). When you get into Setup, you will have to find the screen that deals with passwords. Be careful not to change other options, and if you decide to change the password from <nothing> make very sure that you do not forget it! You will have to enter this/these password/s each time you power on in the future.

John

DrSmutt

F12 or alt+esc is another one ive seen.

dont woory if you set a bios password its easily cleared just by clearing your cmos (a jumper or button on the motherboard)

aardvaak

No I did'nt mean the BIOS Password I only meant the windows boot up password.

DrSmutt

if you dont password the administrator account any other accounts can be bypassed.

johnydeath

Darksun wrote:

Be advised that the Windows XP password security isn't very good. If you have sensitive information on your computer, you should look into encryption methods.

Why not? I didn't think the password could be decrypted - it can of course be reverse engineered but so can anything using a similar system.

Darksun

johnydeath wrote:

Why not? I didn't think the password could be decrypted - it can of course be reverse engineered but so can anything using a similar system.

Well, it's quite easy to inject a password into the SAM that overwrites another password. What's more, personal files arn't encrypted by default, so you can boot up the computer with a livecd and get complete access to all the files on the computer.

johnydeath

Ah right, with you now. So its not that the password is insecure(ish), but that you can overwrite it with one of your own.

But of course that requires you to boot from floppy or CD.

Edit:

Just in case anyone gets caught with forgetting their password - if it is a password to a user or an administrator, where you have the ability to logon as a different administrator then you can change the password from the control panel.

If you cannot logon as an administrator then you may want to download and create a bootable CD of ophcrack http://ophcrack.sourceforge.net/

By booting off this CD it will take the windows SAM file where the passwords are stored (and it can do this because you have booted off the CD and not into windows) and it will automatically reverse engineer all alphanumeric passwords for you ie tell you what the passwords are.

More complex passwords can be obtained using different Rainbow table sets.

Well worth a place in your toolkit - but please be ethical with it.

Challis_2

johnydeath wrote:

If you cannot logon as an administrator then you may want to download and create a bootable CD of ophcrack http://ophcrack.sourceforge.net/

I recomend NT offline password editor (http://home.eunet.no/pnordahl/ntpasswd/). It came in very handy when my brother locked my account out with too many failed guesses!

Adam