Information Security Asked by Stalemate on October 28, 2021
If I can change my password with cmd net user example *
without needing to confirm my old password, why, when I change my password in the usual way (via settings or control panel), do I need to confirm my old password? If the point of confirming a password is to prevent somebody who finds the PC open from signing in, this circumvents it!
In addition to what nobody said there's a more practical, but mostly internal, requirement here. Changing a local password in Windows without knowing the original password is called a reset. Resets cause DPAPI keys to be invalidated (because they're protected by a primary secret based on the user password). Once the reset happens those original keys are dead and cannot be decrypted because the new password doesn't match the old password.
Changing a user password requires knowledge of the original password so those DPAPI keys can be rotated safely.
Resets are, from an administrative point of view, a worst case solution for this reason. This is actually why you get the "irreversible loss" warning from lusrmgr.msc
, and to do so requires local admin privileges.
Answered by Steve on October 28, 2021
Changing the password from command line requires an elevated command prompt (i.e. administrative privileges). Normal users cannot do this. This makes sense since the admin should be able to change the password of any user.
If, however, you have left your computer logged in as an admin user then having your password reset by the intruder would be the least of your worries, since, the intruder could potentially install a complete backdoor on your system without your knowledge.
To reduce the risk of such accidents occurring, its a good idea to use a non-admin account for normal usage and only use accounts with local admin privileges for things like installing new programs or modifying settings.
Answered by nobody on October 28, 2021
Get help from others!
Recent Questions
Recent Answers
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP