Home page logo

basics logo Security Basics mailing list archives

RE: Cached Password concern
From: "dave kleiman" <dave () isecureu com>
Date: Mon, 1 Dec 2003 18:26:22 -0500


What are your options?

Do you have the budget to buy software to protect the laptops (DriveCrypt

Are you forced to allow cached domain accounts on the laptop?

Are you just looking for the best way (without other software) to protect
the credentials or the Data or Both?

Dave Kleiman, CISSP, MCSE, CIFI
dave () isecureu com

"High achievement always takes place in the framework of high expectation."
Jack Kinder


-----Original Message-----
From: sunny budd [mailto:sunnybudd () hotmail com] 
Sent: Monday, December 01, 2003 05:56
To: security-basics () securityfocus com
Subject: Cached Password concern

Hi all

I am working on a laptop users security policy and I have a concern about 
cached domain user credentials in Windows 2000 SP4 as We use our domain 
admin password to logon to laptops while they are being built.  I would like

to recommend against this practice but need some information on how easy it 
is to extract this stuff from a stolen laptop.  I have heard that these 
passwords are protected by "syskey" and are impossible to extract.  Is this 
true or does anyone know how to get at these passwords?


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]