[Ham-Computers] RE: Win XP login window

Hsu, Aaron (NBC Universal) aaron.hsu at nbcuni.com
Thu Aug 30 20:11:24 EDT 2007 

There are slight differences in the way XP Pro/Home work, but all of them can be configured in the same way RE: the logon prompt.  If more than one username exists or if only one username exists and a password is assigned to that username, then WinXP's default action is to use a logon screen.  In either scenario, the way to configure Windows to auto-logon is to change the setting mentioned earlier.

Is auto-logon a good idea?  Maybe - it's definitely convenient.  Is it a good idea to have a blank password?  *NEVER*!  Windows 2K/XP/Vista are built with multiple users in mind and you shouldn't run into any password problems, so long as you don't forget your password.  If you want the convenience of auto-logon, then please, *PLEASE* make sure all your user accounts have a password and configure Windows to auto-logon with the username and password you wish to use.  

In 2K/XP/Vista, if you "log off" without shutting down, it will present you with a logon screen - this is where some people get confused as they've never had to "logon" if auto-logon is enabled.  If a password is set and auto-logon enabled, the password might have been forgotten (due to not regularly typing it in) resulting in a lock-out.  Not a problem as all you need to do is reboot and let the auto-logon process log you in.  NOTE: if you change your password, also remember to change the password for the auto-logon; otherwise, the old auto-logon password will fail and you will be presented with a logon prompt.


Alright, some legacy info (skip this section if you wish)...

Previous versions of Windows (9x/ME) had limited support for user accounts - they were basically simiple "profiles".  Win2K/XP/Vista are built around NT which has individual users and each user has their own profile.  Even if you create only one user account, there are actually several additional "built-in" accounts that Windows itself uses (as well as the Administrator's account).  As such, WinXP/2K/Vista *REQUIRE* a UserID and password in order to get to a desktop.

When you install XP (or run the "mini-setup" routine on a new machine with XP from the factory), you get to a point where it prompts you to enter the names of all the people who will use the system (some vendors bypass this step and assign a generic single ID such as "Home User").  By default, XP assigns all of these users a *BLANK* password.  When the setup routine is finished, if it detects that only one (non built-in) user ID was created, it will configure the system to auto-logon to a Windows desktop.  You don't notice it, but you *are* logged in with the name you provided - it just doesn't prompt for the password.  This was probably done to make the transition from 9x to XP as seemless as possible (as it mimics 9x's logon - don't prompt if there's no password).

BTW, all Win 2K/XP systems have a built-in "Administrator" account and it's password is blank by default (stupid Microsoft).  Please create a password for this account.  To give you an example of how easy it is to hijack your computer, if you don't create a password for this account and put your computer on the Internet (like most of you do), then all anyone needs is your computer's IP address and they can then remotely logon to your computer as the Administrator!  Now, many of you have a good firewall program running that should prevent this.  But, many don't and also don't realize that their system might already be compromised and is someone's "bot".  "Bots" are systems remotely controlled to do something and the majority of "bots" out there are either used as SPAM gateways or as a hacker's relay tool to hack another system.  OK, I've simplified it a bit too much, but you get the general idea...blank passwords are bad!

Hope that muddies things up a bit more.  =)

73,

  - Aaron, NN6O




-----Original Message-----
Sent: Thursday, August 30, 2007 3:05 PM
Subject: [Ham-Computers] Re: Win XP login window

Aaron,  I want to be sure I am following this thread and correctly understanding what is being said..

Do your comments below pertain to WinXP Professional or WinXP Home or WinXP Media Center, or does it make any difference?

The majority of users I know use XP-Home, have only one user account, and never have set a password.  I think I understood some of them to say that with various OS previous to XP-Home they had a miserable experience when they set a password, and then the system refused to recognize it. 

Do you believe that these folks using XP-Home with only one user account and no password are flirting with disaster, or inviting a hijack?

John W0IKT

More information about the Ham-Computers mailing list