\[Thanks to Nathan Boylan and Daniel Challis for so thoroughly researching this issue. --Paul\]
Users that accept all the default choices when they install Windows 2000 Professional on their workstations are in for a bit a surprise: The most current builds of the fledgling OS, which Microsoft expects to release by the end of the year, include a Network Identification Setup Wizard that runs before the system boots for the first time. Using this wizard, one can choose between two logon methods, a feature that is unique to Professional Edition. The first choice will set up the system to behave as earlier versions of Windows NT do: Each user that accesses the system must logon with an appropriate username and password. However, the second choice, which is also the default, creates a user account that matches the user's full name as entered during Setup (e.g. "Paul Thurrott" in my case). If this choice is accepted, no logon is every required to access the system. More damaging, however, is that this default account is granted full administrative privileges, an obvious violation of the most basic security principles.
Though Microsoft has said repeatedly and categorically that Windows 2000 is designed solely for businesses, this feature is clearly designed for home users who would find the need to logon every time they turn on their machine a nuisance. In a corporate setting, there is no place for such a logon scheme, no place at all. But more damaging, Boylan and Challis tell me, is the possibility that malicious hackers will be able to easily break into such a system using the built-in Telnet service that's included in every install of Windows 2000 Professional. Don't you wish they hadn't removed that "custom" install now? Here's how it works:
The Telnet service, which is disabled by default, can be enabled by entering a simple command line on a local network or, more damagingly, through a simple blurb of VBScript/HTML in a Web document. This code can be used to remotely start the Telnet service from anywhere on the Internet--the Microsoft Web site, for example, or a Web page that was specifically set up to bypass the non-existent security on a standard Windows 2000 Professional system. I'm not going to publish this code, of course, but I do have a copy of it and I've been testing it on my development network at home.
"Even if this isn't a deliberate backdoor, it shows 'great' forward thinking by the Windows 2000 team," say Boylan and Challis. "If Microsoft doesn't use this door you can bet that \[hackers\] will be all over it."
Because Windows 2000 has yet to be released, there is still a chance that Microsoft will be able to fix this glaring security hole before the product RTMs this fall. And though this problem is designed to take advantage of a feature that could only be of use on a standalone system such as one you'd expect to see at home, one must wonder why Microsoft made this the default choice during setup to begin with. If you did set up Windows 2000 Professional this way and you'd like to better secure your system, backup your data and then create a new user account in Computer Management (this account should not be granted administrative privileges). Then logoff, logon with the Administrative account, and delete the automatically created account. Finally, logoff again, then logon with the new account you created