20 April 2008

ASP.NET Machine Account

Try to imagine my dismay when I discovered a password-protected standard user account on my Vista Home Premium computer - an account I definitely did not create and had no previous knowledge of. And did I mention that this user account is password-protected?! If I was fond of swearing by typing you'd be reading a long string of profanities right about now.

My first concern was that my computer had been infected. I did a quick search, though, and discovered that this account is 'normal', created by Windows itself, and required for .NET programs (developer/server tools, if I understand correctly). Needless to say, I don't have any such programs installed on my computer -- unless Windows once again had installed something without my knowledge/permission.

Chalk this up as added to the long list of things about Vista that annoy me.

Anywhoo, from what I've read it's okay to simply delete the account -- assuming I don't run programs that use it. I'm going to do just that, but I'm going to wait until after I talk to Geek Squad, as I need to bring my computer in anyway. For more information on that see my post: IRQL_NOT_LESS_OR_EQUAL.

2 comments:

captain cloud said...

I have found a way to break into an "XP" password protected computers back door using this account. I am not sure if it will work on vista. You should be able to delete it if you do not need it for web hosting apps, but if you do, I would strongly recomend changing the password on the ASP account.

r32argent said...

Thanks for the advice!

The ASP account "disappeared" after a Windows update, a while ago; I hope the vulnerability has been sufficiently dealt with beyond just removing it from the account list.