July 12, 2021

How was it possible, to add users without knowing my password (Windows 10)?

At my workplace I was using a windows pc (which I set up myself) and I only had one user. I shared my password with nobody, but after coming back from vacation I noticed that instead of the usual one person on the login screen, there was another user (maybe a guest account)?

I’m wondering how it was possible for the person, to enable another user without asking me for my password. Does anyone have an idea?

Comments

Turbo-NZ

Wrong thread but you’ve most likely encountered an Active directory joined machine in which case any user with an account and permissions to login to the machine (most likely just domain users) and they can just login to the machine.

Jdgregson

Did you enable Bitlocker or another form of Full-Disk Encryption (FDE)? If not, anyone can boot to external media, or take your hard drive out and mount it to another workstation, which will allow them to access Window’s file system without your password. Not only can they access all of your files, but they can change your password, modify the operating system in a way that allows them to access command prompt as system from the login screen — anything really.

In other words, if you are not using FDE, you have no security if someone has access to your device for even five minutes.

stabitandsee

There are several ways of logging into a Windows PC and adding a user if the PC *doesn’t* have whole drive bitlocker enabled or if it does if you have a copy of the recovery key. To avoid this happening; Disable boot from CD/USB, set a bios setup password, see a boot password, enable whole drive bitlocker and don’t lose the recovery key.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.