You're very wrong in your last assumption; full disk encryption is not "possible to circumvent with relative ease". It is especially not "possible to circumvent with relative ease" to reach the goal of this workaround IF you're behaving securely.
As you've probably figured out by now, this is a physical-access problem. If somebody has physical access to your machine, they don't really need the utilman.exe
trick. They can simply modify your SAM file. In this case, they went with a less technical method. Nevertheless, they're both possible through the same vulnerability - unauthorized physical access.
Assuming you're using full-disk encryption solutions like TrueCrypt, let's examine the two possible scenarios:
You left your computer turned off and unattended for ages: The attacker won't be able to do anything to modify the structure of your files (copy cmd.exe
as utilman.exe
) or modify your SAM file.
You left your computer locked: A determined adversary can eventually (although not easily) recover your encryption keys and access/modify your system, including but not limited to the trick you mentioned and modifying the SAM file.
As you can see, any unauthorized full access will lead to the, expected, compromise of your system. The utilman.exe
is not your problem. You're looking into the wrong corner.