Peter Clark
December 14th 03, 07:43 AM
cached domain passwords are stored here:
hkey_local_machine\security\cache
though the cacheing can be disabled, i'm guessing that you
do not want to, as logon without pdc is required.
have a read here:
http://www.beginningtoseethelight.org/efsrecovery.php
as to the security - hummmmmmmmm. i do not know of any tool
that can extract/match passwords from cached domain logons.
asumming 2k/xp clients and 2k(+3)/ad server yes? i'm gunna
look into it.....
>-----Original Message-----
>Hi,
>
>I am currently evaluating EFS for our company for our
laptop users. Tests I
>performed using a "local" account are not very positive as
they rely on
>passwords which can be cracked. Tests I performed on a
"domain" account are
>much better but I still have one point to validate:
>
>When I am logged into the Windows domain, everything is
fine and when I
>login *locally* (disconnected), everything is fine as well
.. What I would
>like to know is "WHERE is the domain password stored when
I login locally ?"
>I could not find it by using various auditing tools. Since
cracking this
>"local machine/domain" password would be the key to access
the local EFS, I
>need to be sure that this password cannot be recovered.
>
>I am not worried about the password I provide when I login
the domain. This
>is the normal work situation. But when our users leave the
office with their
>laptops, and if one gets stolen, I wouldn't want it to be
possible to access
>the EFS on that machine. Could anyone explain me what is
really going on
>when a user logs in locally and accesses the EFS ?
>
>Thanks
>
>
>--
>Marc
>
>
>
>.
>
hkey_local_machine\security\cache
though the cacheing can be disabled, i'm guessing that you
do not want to, as logon without pdc is required.
have a read here:
http://www.beginningtoseethelight.org/efsrecovery.php
as to the security - hummmmmmmmm. i do not know of any tool
that can extract/match passwords from cached domain logons.
asumming 2k/xp clients and 2k(+3)/ad server yes? i'm gunna
look into it.....
>-----Original Message-----
>Hi,
>
>I am currently evaluating EFS for our company for our
laptop users. Tests I
>performed using a "local" account are not very positive as
they rely on
>passwords which can be cracked. Tests I performed on a
"domain" account are
>much better but I still have one point to validate:
>
>When I am logged into the Windows domain, everything is
fine and when I
>login *locally* (disconnected), everything is fine as well
.. What I would
>like to know is "WHERE is the domain password stored when
I login locally ?"
>I could not find it by using various auditing tools. Since
cracking this
>"local machine/domain" password would be the key to access
the local EFS, I
>need to be sure that this password cannot be recovered.
>
>I am not worried about the password I provide when I login
the domain. This
>is the normal work situation. But when our users leave the
office with their
>laptops, and if one gets stolen, I wouldn't want it to be
possible to access
>the EFS on that machine. Could anyone explain me what is
really going on
>when a user logs in locally and accesses the EFS ?
>
>Thanks
>
>
>--
>Marc
>
>
>
>.
>