Windows XP system does not have a login password?

  
                



Not long ago, a news appeared on the Internet, saying that foreign Windows experts found that using Win 2000 installation CD to start the computer can not Windows XP administrator password into Windows XP recovery Console mode. Is this true? I did some testing.
Teach you to enter Windows XP without a password: The Wndows XP version I use is Windows XP Proessional, and the Windows 2000 version is Windows Proessional Simplified Chinese version with SP3 integration. I first installed Windows XP Proessional on the C drive (FAT322 file system), and set the Administraor account password when installing. In order to confirm that the Administrator password has been set successfully, I switched to the classic Windows login mode, and then log in using the Adndnistrato account. It can be seen that the password is already required when logging in, and the password setting of the Administrator account is no problem.
The author restarted the computer and booted using the Windows 2000 Poessional installation CD. In the Wndows2000 installation selection interface, choose to repair Windows 2000 (press R); then select Use Faulty Console Repair (press C), the system will scan now. Some versions of Window2000/XP. Since the author has only one operating system, only one login option is listed (l:C:\\Windows). Press l from the keyboard, then press Enter. At this time, as it is reported abroad, Window XP does not require the administrator password to be entered, but directly logs into the Recovery Console mode (if you are using the Windows XP installation CD) Startup, it is required to enter the administrator password. The administrator here refers to the system's built-in Administraor account). Friends familiar with Windows know that the Recovery Console can perform any xp system download level operations, such as copying, moving, deleting files, starting, stopping services, and even destructive operations such as formatting and repartitioning.
It should be noted that for various reasons, some Windows 2000 installation CDs on the market cannot display the faulty console login option, so this vulnerability cannot be exploited. At the same time, due to the limitations of the faulty console mode itself, this vulnerability cannot be exploited from the network. In other words, this vulnerability is limited to a single machine, so the harm is not very large.
Note: Since I still have a Windows 98, I can't convert the C drive to the NTFS file system. So the test based on the NTFS file system was tested in the VMware virtual machine.
Then, I installed the SPI patch for Windows XP, and then use the WindowS 2000 installation CD to boot again. Repeat the above operation and find the same result. There is still no password input requirement, because the FAT32 file xp system was used previously. The author guessed whether this was caused by the FAT3Z file system. Then use the Convert command in Wndows XP to convert the FAT3Z file system to NTFS file xp system, then use the Windows 2000 installation CD to boot again, repeat the above operation, and find the same result, there is still no password input request. It seems that this vulnerability is really there.
The author also uses the official version of Wndows 2000 Server integrated with SP3 to start the CD. It is found that the vulnerability still exists. It seems that the Chinese version has this problem. The English version also has this problem.

Copyright © Windows knowledge All Rights Reserved