Featured Post

1210. Presidential Debate - Trump and Harris Ridiculous

 So was there a winner of the Presidential debate or just another setup with ABC? I'll agree that Kamala was more composed and the strat...

Tuesday, December 12, 2023

1184. Boots in Default Administrator mode? Scam? No Password? UPDATE-Power Fault.

 My visually impaired client's screen went to very small text and window size. Why He doesn't know what he did since he can't see the many things popping up on his screen. I didn't have time to troubleshoot and just want to get him back to booting in User Account mode on a system that was reliable. So, I did a System Restore from 2 days back successfully.

I wonder what happened. From research, this usually happens when the User Account (only one on his HP Windows 11 system) gets corrupted. Preliminary research indicates that one reason could be that the machine was powered off incorrectly while active. This most likely could be his reason since his only option when he can't see the many messages or troubleshoot on his own is to just reboot. However, instead of using a recommended way to reboot, like just invoke a restart one of the several ways, he simply abandons ship and pulls the plug. I did find out that he had a scam alert -- McAfee looking red window and sirens alert telling him he had a virus when he doesn't have McAfee any longer. He can't remember what he did while it was blaring away, but eventually just pulled the plug then (about 2 days prior to the reboot in Administrator mode). Had he responded in a positive way to the alert, he may have picked up a virus or the scammer could have set a timed trap to execute later.

Anyway, this is all past events now since the restore worked, but also wiped out anything done in the 2 days to troubleshoot cause. Thing to know about your system not booting to your User Account and automatically using the HIDDEN DEFAULT Administrator Account: The Default Administrator (DA) is there for those companies installing systems and software onto a new machine to sell. It's default is to be Disabled when the user gets the machine which would prevent (I think) the machine to come up that way which is also one without a PW! This is NOT a good to leave Active when the machine sells. It will allow anybody on your machine to have administrator access by simply turning on your machine should your User Account to corrupt or for other reasons. Thus, it should have been Disabled, or least notified the buyer to assign a PW to it which I understand can be done.

To Disable it or Enable it use the following instructions:

1. Start  Type CMD and then Right-Click CMD to open in Administrator mode.

2. In CMD window, to Disable, type without quotes "net user Administrator /active=no" or to Enable type without quotes "net user Administrator /active=yes"

3. Close Elevated CMD window.

The goal is to prevent someone from accessing administrator mode on your machine! Thus, my advice, you should NOT have the default-administrator active! Disable it. Now create a second user account with administrator privileges AND PASSWORD PROTECT IT. Now if you user account gets corrupted, you will have a second one to depend on to fix things as required. 

Now, suppose you don't follow the advice above and just keep the default-administrator  active. Create the second account quickly with a PW , disable the default-administrator (as instructed above), sign out and bring up your second administrator account.

Now comes the question, did someone already violate your system? Did a scammer corrupt you User Account, reboot your system into default-administrator mode, and have at your sensitive data? Not enough time to document everything that may need to be done to recover or even explain everything that could be corrupted. Take my advice above -- Secure your system. Obviously HP or Best Buy who built my client's system put him in jeopardy!

----------------------------

12/15/2023 Update

A Discovery!

The issues were caused by a power outage. Precisely, a short in outside receptacle that wasn't a certified FGCI exterior receptacle. The guy actually put out his Christmas lights by himself, but didn't realize his external receptacle wasn't certifiably the type required to prevent the elements from invading it! with 3 days of slow rain, BAM. This apparently happened before where he had a short outage that tripped his circuit breaker. Well, I'm declaring User Error as the root cause and it is being replaced. Regardless, the other messages in this blog are valid re the lack of security with an active default-administrator account on your system. Your system should have an INACTIVE one and you can get it there as stated in this blog.

 

No comments:

Post a Comment