A similar procedure can be done in XP using a Computer GP script that runs
cmd. As Roberts says the only use of this is to emphasize how important
physical security is.

"Abhishek Choudhary" <AbhishekChoudhary@discussions.microsoft.com> wrote in
message news:742F5AAE-D467-45EE-8966-8991390B2D3E@microsoft.com...
> You are correct, but what if the Administrator delete the account, which
> you
> have created, because it display all the account name at the time of
> login,
> so victim can see that a new account has beed created, and he will know
> that
> there is some hacking activity is done on his machine.
>
> "Robert Firth" wrote:
>
>> Yes pretty pointless. It allows you to access the computer again later.
>> You
>> already have to have access. I propose a better secury leak. Go to
>> control
>> panel, users profiles. Setup a second administrator account. Bam, you can
>> access the account later. Full access through that account. I have to
>> admit, the magnifier.exe thing is pretty sneaky though. This is only a
>> security threat if your live in a community environment and forget to
>> lock
>> your computer.
>>
>> Physical security is just as important as anything Microsoft can do. If
>> you
>> leave your computer logged in for anyone to use, that is a security
>> threat
>> that you created. The whole point of an administrator account is to have
>> access to everything. That same user that messes with the
>> windows\system32
>> folder could also install a rootkit or spyware on your computer. A
>> physical
>> person can easily bypass all the UAC prompts, do whatever they please.
>> Heck,
>> they could plug in a USB key and copy all your private data straight to
>> it,
>> or delete it.
>>
>> --
>> /* * * * * * * * * * * * * * * * * *
>> * Robert Firth *
>> * Windows Vista x86 RTM *
>> * http://www.WinVistaInfo.org *
>> * * * * * * * * * * * * * * * * * */
>>
>> <alun@texis.invalid> wrote in message
>> news:B34E9C22-B805-4F95-AEA7-94B15BB3A986@microsoft.com...
>> > "Abhishek Choudhary" <Abhishek Choudhary@discussions.microsoft.com>
>> > wrote
>> > in message news:84B823DA-703D-4A9A-AC36-EA623537E69F@microsoft.com...
>> >> There is a serious bug found in Windows Vista Ultimate, which allow
>> >> the
>> >> user
>> >> to login in to Window Vista System without providing any credential.
>> >> It
>> >> just
>> >> requires the attacker to access the victim system, for the first time.
>> >> To
>> >> gain access to victim system, follow these steps.
>> >>
>> >> 1) Open System32 folder of your windows.
>> >> 2) Copy Cmd.exe, Magnify.exe and paste it in two different locations,
>> >> for
>> >> safety purpose.
>> >> 3) Rename the cmd.exe to Magnify.exe on the backup location.
>> >
>> >
>> > And ... what access rights do you need to have to the system for step
>> > 4,
>> > which writes to the system32 directory?
>> >
>> >> 4) Copy & paste the renamed cmd.exe to system32 folder, this asks for
>> >> replacing the Magnify.exe, just continue with replacing.
>> >
>> > Oh, yes, that's right, it requires you have administrator access to
>> > write
>> > to that directory.
>> >
>> > So, if you're an administrator, you can hack the machine so that you
>> > don't
>> > have to log on.
>> >
>> > Brilliant.
>> >
>> > I can do that with a couple of registry entries.
>> >
>> > Alun.
>> > ~~~~
>> > --
>> > Texas Imperial Software | Web: http://www.wftpd.com/
>> > 23921 57th Ave SE | Blog: http://msmvps.com/alunj/
>> > Woodinville WA 98072-8661 | WFTPD, WFTPD Pro are Windows FTP servers.
>> > Fax/Voice +1(425)807-1787 | Try our NEW client software, WFTPD
>> > Explorer.
>> >
>> >
>>
>>