|
Penetration Testing
mailing list archives
Re: pwdump 2 & 3
From: Chris Buechler <cbuechler () gmail com>
Date: Thu, 16 Dec 2004 18:22:02 -0500
On Thu, 16 Dec 2004 10:39:17 +0100, miguel.dilaj () pharma novartis com
<miguel.dilaj () pharma novartis com> wrote:
Take into account that the caching can be (and should be? ;-) disabled
with the following registry key:
HKLM\SOFTWARE\MICROSOFT\WINDOWS
NT\CURRENTVERSION\WINLOGON\CACHEDLOGONSCOUNT (change it to 1 to disable
the caching)
Also, FYI, you can set this domain-wide in group policy if you have
Active Directory. Under Computer Configuration, Windows Settings,
Local Policies, Security Options. "Interactive logon: Number of
previous logons to cache (in case domain controller is not available)"
Keep in mind if you disable this completely on laptops, users won't be
able to log into their domain account when disconnected from the
network. You could maintain local user accounts for field use, but
that would create a support nightmare. Depends on your environment,
your policies, and the level of risk.
-Chris
 By Date 
By Thread
Current thread:
- pwdump 2 & 3 Guillaume Lavoix (Dec 15)
- <Possible follow-ups>
- Re: pwdump 2 & 3 miguel . dilaj (Dec 16)
- Re: pwdump 2 & 3 Chris Buechler (Dec 17)
|
Intro
