Ok, i have a question for all you NT gurus out there…
Suppose i have 2 computers, (we’ll call them A and B) both running Windows NT version 4. Both of these computers are using NTFS as well. Computer A i have complete access to, all the passwords etc (so i can use it however i like). Computer B i have NO passwords for; i’m completely locked out. Now, here’s the fun part…
I remove the hard drive from computer B, and install it on my computer A as the primary slave. I then boot up computer A (which now contains both drives). There’s the setup, here are my questions…
Will it boot up off of computer A’s drive (which is still the primary master) and consider the new drive (from computer B) storage and not try to boot it in any way?
Assuming the answer to question #1 is yes, will i now be able to browse (and copy to computer A’s original drive) the contents of computer B’s drive without any interference from passwords, encryption, etc (since after all, it just thinks the new drive is storage, and i have full access to computer A)?
I know this would work fine on Win95/98 box, but i don’t really know NT that well, so that’s why i ask. It’s just something i was wondering earlier today, not sure what made me think of it in the first place. Thanks in advance for your help!
I started working at the desktop level early in my techie career & then noved quickly to WAN where I’m no longer concerned with the desktop O/S, but for what I can remember NT sets permissions at the file level, so your scheme won’t work.
That would have been my answer even if I didn’t know anything about NT, just based on the assumption that the designers would have forseen such an obvious security hole.
Attrayant is correct. In NTFS, each file and directory has a security descriptor that keeps track of which accounts have access to that file or directory. The user of computer B probably removed all accounts except for his/hers from the list of permissions. With your account, you would not be able to access it.
Ok now here’s the but. . .maybe. . . part. If the account on computer B is a local account, meaning it is set up and exists locally on the machine, as opposed to being verified through a domain controller, you may be able to create a local account on your computer A with the same name, and whatever password for that account you want. This may work. I have tricked NT like that before with permissions for shared drives when a domain controller wasn’t available.
If you have an Administrator account on machine A, setting up the drive from machine B as a slave will allow you to access the files. I’ve seen it done a few times in order to recover files on a drive to which no one knew the password. It is a security hole, but it also points out why securing physical access to a system with critical information is part of a well defined security policy. It works with both NTFS and FAT partitions.
It’s true, an administrator on machine A can access the files from B’s hard drive when it’s stuck in machine A, assuming they’re not encrypted. You may have to actually grant yourself the permission; I can’t remember.
I’m pretty certain that creating a local account with the same name as a local account on machine B would not help, since the security is based on GUIDs (huge unique numbers) which are associated with the accounts, not based on the username.
If the files are encrypted (note that the whole partition could be encrypted as well), all bets are off.
NTFS in NT version 4 does not support encryption natively, so I’m assuming that you’re talking about a third-party encryption system. Whether or not you could get to encrypted files that you otherwise had permission to would depend on that encryption system. If you did the encrypting with NTFS 5 (in Windows 2000), for example, then you could not access the files since the only person who can decrypt files is the person who encrypted them in the first place or the designated account for emergency decryptions. Even if an Administrator takes ownership of a file encrypted by someone else, they can’t decrypt it.
As for the rest of the questions, it would depend on whether the account you logged into Computer A with was explicity denied permission to use those files or whether you just didn’t have a local account on Computer B and you couldn’t log in. Default permissions for files give Everyone (Everyone is the name of a group) full control, so if the defaults weren’t changed then putting the drive into Computer A should give you access to the files on Disk B. You’d have to explicity deny access to the files or folders to keep out people with access to the physical drives.
Creating a file with the same name and password won’t do it. All versions of NT use Security IDs (SIDs, not GUIDs, GUIDs identify machines) to identify user accounts, not user names. If you delete a user account and then create another account with the same name, NT will see those as two separate accounts.
Don’t be so sure that SIDs are not GUIDs. GUIDs do more than identify machines. A GUID is simply a guaranteed-unique, 128 bit number. As far as I know, SIDs are just GUIDs generated for use as a security identifier.
