In theory, yeah that works. Lots of potential pitfalls, though. Make sure that sensitive data is stored with ACLs that only allow the Admin user access. Don't use UAC to gain access to that data from the non-Admin account via the Admin credentials (this modifies the ACLs). Hope there's no local elevation of privilege vulnerabilities (there are some, whether they're currently known or not).
Mind, these attacks are only relevant in the case of somebody gaining access to your Surface already. Me knowing you Microsoft Account username and password wouldn't let me remotely log into your Surface, for example.
Thank you for your response. I wish I could say your answer puts me at ease. The fact you are from Seattle makes me give more credence to your statement about the existing vulnerabilities in the elevation of privileges area. Do you know if a new BitLocker Recovery Key is created when a user establishes a new Local Administrative User Account and changes the Windows Live User account to Non-Admin? If so, when does this happen exactly? I thought I read on the MicroSoft website that a recovery key is only established when signing into MicroSoft for the first time. It seems to me that if its the same BitLocker recovery key after making the User Account changes I talked about as a proposed security procedure, then the ultimate decision as to whether to reveal the contents of my surface may rest with someone other than myself because hackers could steal the recovery key from MicroSoft, or MicroSoft could be forced to provide this recovery key to a third party.
If this concern is valid, or am I missing something here? Could you recommend any procedure for putting the final decision to reveal data back into the Surface owners hands?
|Thread Tools||Search this Thread|