Or more appropriately for the Windows security model, DISABLE the account. That way you're not messing with default permissions, and the account (and its associated SID) are there if you need them in the future.
Or not. Chris -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Aditya Deshmukh Sent: Thursday, December 01, 2005 10:09 PM To: 'Raoul Nakhmanson-Kulish' Cc: full-disclosure@lists.grok.org.uk Subject: RE: [Full-disclosure] Support_388945a0 account in Win XP/2003 > > > That is a "help and support account" that you should disable. > > Also set very long random password and forget it. > I prefer simply delete it. Good choice? > > But I heard a rumours that this account can be activated remotely > without user's aware decision and used for Remote Assistance (e.g. > capturing a screen and even controlling input). I would not know about this unless I test it out, but from the top of my mind : you have to start the service for something like this Deleting it might cause problems "help and support" just deny the account all kinds of privs and it would no longer matter. ________________________________________________________________________ Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/