1

In my Windows 8.1 LAN consisting of 14 computers, there are several servers which are dedicated to very specific tasks. (For example is the "Save Server" responsible to run a daily batch script, which does connect to various clients and robocopies relevant files from there to its Storage Space.)

To start such a specialized machine, all that is required is that the operator remotely starts the machine in question (by pressing a command button in a native application, which provides power via a native home automation system). Such, the selected machine receives power, starts up as per UEFI settings, and auto-executes its script (which on some of the machines, for example on the "Save Server", also contains a Shutdown command when all is done). Typically, the on-time of these machines is 15 to 120 minutes a day.

In order to run a batch script on power-on, these servers have no password for the default user. (If there was one, a person would need to appear physically in front of the machine and enter the credentials, which is unfeasible.)

If it is "guaranteed" that there is no internal threat, is the omission of a password a vulnerability, exploitable from the outside?

After all, the "outside world" first needs to get through my Internet gateway which is (strongly) password-protected.

(Or put in other words, how do Google et al. handle their server farms? I can not imagine, that all those machines are password-protected, individually.)

Herb
  • 121
  • 5
  • 4
    "*In order to run a batch script on power-on, these servers have no password for the default user. (If there was one, a person would need to appear physically in front of the machine and enter the credentials)*" - that's not true. Run a scheduled task triggered on system startup. Make the script run as a service. – TessellatingHeckler Jun 07 '17 at 06:09
  • 3
    Your question is based on a false assumption that one can ever guaranty that there are no internal threats. – EEAA Jun 07 '17 at 11:41

2 Answers2

5

Your question has a flaw in it, which immediately makes you jump to the conclusion that your situation is something normal that bigger companies also struggle with.

Running a batch job on power-on for the purpose of executing scripts remotely is a very round-a-bout way of managing your servers.
Most server farms don't actually shut down their servers, as they are virtualized machines with limited resources that are shared when not in use.

And even if a server had to be quickly spun up to do some larger jobs (such as resource intensive ETL jobs).
Then most sensitive scripts or packages will be password protected, encrypted. Or if scripts and batches need to be triggered remotely, there are plenty of ways to do so.
With the most common way being to just put in a scheduled task that runs as system.

Now for your primary question, is a user without a password a security flaw?
Yes, it is. You just created another hole in your security. It doesn't matter where it is.
If it gets out through social engineering that your servers run with users without passwords, and through some fluke you get compromised you just opened a nice additional entry.

Reaces
  • 5,597
  • 4
  • 38
  • 46
-2

It is Windows 8.1. The passwords are there to limit users access to other users files. They serve no security purpose. They are easily nulled, and getting past them is trivial. Not necessarily from remote access, mind, but for the purpose of access, it's windows, where every user runs as admin by default, and if the machine is compromised, it's already running, hence a startup password makes no difference.

Is it smart to run such jobs the way you do? No. Does the lack of passwords (and probably differentiated users) make a difference? Not really. Should there be passwords, and users with limited rights? Definitely, since that will increase the difficulty of gaining access. Should you use something else than Windows 8.1? Probably.

junkfoodjunkie
  • 95
  • 2