1

I am familiar with single user mode on OSX. By holding down Command-S, you can boot into a terminal as root. Resetting the PRAM with Command-Option-P-R will disable any firmware protection that would otherwise prevent you from booting into single user mode. Basically, only full disk encryption can prevent an attacker from booting as the root user on OSX.

Is there a single user mode for Windows? Can you boot as the admin if you have physical access to the device? If you cannot, why does this feature exist in OSX but not Windows?

mosca1337
  • 175
  • 1
  • 6

1 Answers1

6

Before we talk about the single user mode, let's talk about what you can do when you have physical access (in the context of your question, of course). On a Mac, the first thing to boot from another media (LiveCD, USB stick, etc.) and navigate to /var/db/dslocal/nodes/Default/users and modify root.plist and disable the password. On Linux, I'd do the same with the /etc/shadow. Finally, on Windows, the same can be done with \system32\config\sam file.

As you can see, single user mode or not, the result is pretty much the same - total compromise. Single user mode is just a convenience to make maintenance easier.

Finally, no, single user mode dose not exist in Windows anymore (starting with Windows Vista). In Windows XP, the Administrator account used to be activated and left without a password but left hidden. Booting into safe mode (F8), used to show the Administrator account.

JonnyWizz
  • 1,971
  • 1
  • 14
  • 34
Adi
  • 43,808
  • 16
  • 135
  • 167
  • Thank you that was very clear. I assume the shown administrator account does not require a password? – mosca1337 Nov 12 '13 at 02:20
  • @mosca1337 No, I didn't require a password. In Windows Vista and Windows 7, the Administrator account is disabled by default. – Adi Nov 12 '13 at 08:15