With physical access to a machine, any local account password can be reset. Even disabling the local administrator account isn't sufficient.
http://home.eunet.no/pnordahl/ntpasswd/ Carl -----Original Message----- From: Andy Ognenoff [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 28, 2008 10:55 AM To: NT System Admin Issues Subject: Alerts on Install or Elevation of Priviledges I have a user that is somehow installing stuff but his account is only a standard restricted user. This is a standalone laptop, not on the domain at all. Anyone know of a way I could send myself an alert via email if he installs something or logs on as a different account than he should? Only thing I can think of is that he somehow got a hold of the local admin password but I can't see how - yes we disable the LM hash. - Andy O. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
