Mixed Feelings

For the last few months, I've been doing some really cool work with a group of folks whose only task is to build apps that exercise the WinFX technologies so that we can make sure stuff works the way we want it to and give feedback to the product teams when it doesn't. Because we're still in preview technology land, various features that we want to test are in various builds of each part of WinFX, so we're constantly fooling around with new combinations of the bits, which we bring together in VPC HD images and that I then have to download. Since I'm downloading the 7+ GB images from my house over VNC and since the internal VNC connection software isn't quite as robust as the VNC software we ship to the rest of the world, that means that I'm constantly being kicked off of my connection and reconnecting, sometimes 2 or 3 dozen times over the 2 days it takes me to download the image. I just finished downloading another build today.

Unfortunately, when setting the Administrator password, I managed to enter the wrong thing twice, which meant that I had no way to log into my new VPC image after 2 days of hard labor getting it to my house. So, instead of re-downloading it again, I googled for a utility to reset the Administrator password. The first link was a knowledge base article from MS that didn't help me because I hadn't yet logged in to make myself a password reset diskette (which, frankly, I never do anyway). The second link was a list of completely unsupported, possibly illegal, tools to reset the Administrator password. The first one on that list worked like a charm in several orders of magnitude less time than downloading a new VPC image.

So, now I have mixed feelings. On the one hand, I'm happy that I didn't have to go through all that trouble again, but on the other, I doesn't seem very useful to set my Administrator password to anything useful if I anyone with physical access can just reset it so easily. Of course, Keith Brown and other security experts have been saying that physical security is paramount for any other kind of security to be affective, but it was kind of unsettling to have the point driven home so starkly.