Is there a way to secure Windows 8 against this login bypass? Basically an administrator can rename the utilman.exe (for example, to utilman.exe.bak) then copy cmd.exe to be utilman.exe, then at the login prompt someone can just do WinKey+U and get a fully working cmd prompt with Administrator privileges. How can this be stopped? Perhaps some way to change permissions so that utilman.exe cannot be renamed or modified etc?
Asked
Active
Viewed 7,820 times
2
Tamara Wijsman
- 57,881
fpghost
- 379
3 Answers
3
BIOS and hard drive boot passwords, and encryption (or more likely a combination of them).
Check out this other SU question: BIOS Hard Drive Password Security?
It has lots of good answers explaining the differences and advantages.
Also check into full disk encryption.
Encryption is probably the only way you're going to prevent someone from fiddling with the bits if they can get their hands on the drive.
0
There is no way that you can keep utilman from being renamed. Even if there are permissions on it that prevent Windows from renaming it, you could rename it by booting from a Linux live CD.
You could set a password in the BIOS and then set it to ask you for that password every time you start your computer. BUT that password can most likely be reset by removing the CMOS battery.
ChrisN
- 1,067
- 1
- 9
- 22
0
Just attach an invalid debugger to it so it does not execute
something like : cmd ( with admin privileges )
REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utilman.exe" /v Debugger /t REG_SZ /d "C:\windows\system32\explorer.exe"
of course you don't actually need to replace the utilman.exe if you are an admin, you can just use
REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utilman.exe" /v Debugger /t REG_SZ /d "C:\windows\system32\cmd.exe"
