Security Risk: hidden Admin account in WinXP

Dennis Faas's picture

Recall --

In Yesterday's Visitor Feedback, Infopackets Reader Marie B. asked how to enable the administrator user account in Windows XP.

" I am the only user of my computer which has Windows XP installed. How do I sign into my computer as the 'administrator', rather than as my individual name? I understand that administration access is required to make certain changes to Windows. I don't need to adjust anything at this time, but would like to know how to do this in the future (just in case). "

In my response to Marie, I suggested that the administrator user account name was disabled under Windows XP (at least, on the Sign On screen), but it was still possible to create any other user name with admin access. As it turns out, I was partly correct. A small handful of Readers emailed me today and informed me that the administrator account in Windows XP is actually hidden and poses a significant security risk (especially for Windows XP Home Edition users).

Infopackets Reader Raphael S. writes:

" ... If you first boot into Windows XP and you are prompted with a 'Welcome' screen asking you for a user ID to log into the computer, then you can access the Administrator account directly by pressing CTRL + ALT + DEL on the keyboard, let go of DEL (still holding onto the other keys), and then tap DEL again. This will bring you to a Windows 2000/NT style login box; if you type in 'Administrator' as the user ID in Windows XP Home Edition, there is no password by default and you can access the system. On XP Pro, I believe the admin password is whatever you set it as at the time of installing Windows. "

Side note: Both techTarget.com and fateBack.com confirm that the XP Home Edition Admin account has no password. It's also worth mentioning that the 'welcome' screen can be accessed at any time if you click Start -> Log Off [user name], even if you don't have the welcome screen displayed at boot up.

And, Infopackets Reader John B. had this to say:

" [By default, the Administrator user ID does not show on the welcome screen -- only in Safe Mode]. However, in XP Pro, if you navigate to Start -> Control Panel -> Administrative Tools, then navigate to Computer Management -> Local Users and Groups, you will see the Administrator account. With Microsoft PowerToys Tweak UI for Windows XP, the Administrator account can be enabled to show at log on (by default, it is hidden). It is important to set a password for the Administrator because Windows XP Home installs it with a blank password, which is a major security hole that can easily be exploited. "

Update 2004/10/21: This article has been updated. Click here to read!

Rate this article: 
No votes yet