Timeline for Are the passwords for Windows user accounts encrypted using 128-bit AES?
Current License: CC BY-SA 3.0
7 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Apr 29, 2015 at 1:38 | comment | added | Wes Sayeed | You'd just double-click the user's profile like you would any other folder. Windows would not stop you. If you have admin rights (on the host computer), you can bypass security on files -- even if you didn't have admin rights on the other computer. The host has no way of verifying that, and admin privileges always win, so access is granted. | |
| Apr 29, 2015 at 1:32 | comment | added | Sharline Sivanathan | But the hard drive itself would contain the locked admin user account, so im not sure how that would work. | |
| Apr 29, 2015 at 1:26 | comment | added | Wes Sayeed | I mean that if you extract the hard drive and attach it to another computer, it will show up as drive D: or whatever, and you would be able to access files off it just like it were your own hard drive. There is an old saying in the computer industry... "If you have physical access to the machine, then you don't have security". Of course you could always use some kind of encryption software if you're concerned about data theft. THAT would prevent you from taking the data even if you did extract the hard drive. | |
| Apr 29, 2015 at 1:24 | comment | added | Ramhound | This type of attack that is described is no different then having access to root or su on OS X or Linux | |
| Apr 29, 2015 at 1:21 | history | edited | Wes Sayeed | CC BY-SA 3.0 |
deleted 40 characters in body
|
| Apr 29, 2015 at 1:21 | comment | added | Sharline Sivanathan | I'm guessing when you mean extract the user's hard drive to get the files, it would not be in the same form as one will be able to see it from say e.g. Windows Explorer would it? Don't see the purpose of locking a user account if it can be extracted easily from a hdd. | |
| Apr 29, 2015 at 1:17 | history | answered | Wes Sayeed | CC BY-SA 3.0 |