If your computer runs Windows Vista, XP, or 2000, it has multiple login accounts. Each account is a member of an account Group. There are several account Groups. Each Group grants members a certain level of control over that computer. The most powerful login accounts are in the Administrators Group. Administrators Group accounts have permissions to do anything on your computer. This document explains why you need to put a password on each Administrators Group account on your computer.
Administrators Group Accounts Have No Password!
By default, Windows Administrators Group accounts have no passwords. This is the default so you can set your own passwords on them. If there is no password (or a very simple password) on these accounts, your computer is vulnerable. A malicious program or user attempting to break in may gain access to your computer. Some viruses are now taking advantage of the default no password setting or are able to bypass very simple passwords by using a list of common passwords.
Who Needs to Know?
This notice is for all students and faculty using Windows XP or 2000. (Windows 98 cannot have multiple accounts. This information does not apply to Windows 95/98 users.) Students and faculty have full (administrator) rights on their own computers. The login account or username that most students and faculty use is a normally a member of the Administrator group. There is also a separate login account in the Administrator group called Administrator. That account must have a complex password, too, plus any accounts you may have created in the Administrator group. Go to the next section on What You Must Do. NOTE: Staff members with Administrator rights who log into Windows with a Campus domain account do not need to follow these steps; accounts in the Administrator group on such computers are managed by Information Technology and are already protected.
What You Must Do
Set complex passwords on all login accounts in the Administrator group if you have not already done so. If you are not sure there is a password on all these accounts, you should assume there are no passwords and that your computer is not secure. Follow the steps below. Password-Setting Instructions
Step 1 - Find all Administrators group accounts
- Right-click My Computer icon.
- Go to Manage.
- Choose Local Users and Groups.
- Click on the Groups folder.
- Click on the Administrators icon. All the accounts you see listed in Administrator group are the ones that must have a secure password! Jot down the account names. Write these down.
Step 2 - Set (or change) each account's password
- Next, click on the Users folder.
- Right-click an account name you recorded in the previous step.
- Choose Set Password.
- Set a complex password, as described below.
- Repeat these steps for each account name.
Set the password to something hard to guess. A complex password will use all or most of the following and be at least seven characters long:
- Upper and lower case letters
- Special characters (e.g., #, %, $, !, etc.)
NOTE: If you use a Recovery DVD, or if you have your computer reloaded at the Computer Service Center, to restore your computer to its original configuration, you must do the above steps again to reset passwords on the Administrators group accounts. As of October 2003, the Computer Service Center is setting a password on these accounts when they reload computers. However, you should change the password they use to a different one for greater security.