[prev in list] [next in list] [prev in thread] [next in thread]
List: focus-ms
Subject: Re: Windows AutoAdminLogon Security
From: Nicolas RUFF <nicolas.ruff () gmail ! com>
Date: 2007-01-23 22:17:01
Message-ID: 45B6895D.9080801 () gmail ! com
[Download RAW message or body]
> Scenario: A Windows domain with an n day password expiration policy
> and Windows 2000 SP4 PCs with all the latest security patches. I know
> that a Windows user will have to change their password today, so I
> set AutoAdminLogon to 1 in their registry. When they switch off their
> PC and go home I am able to log on to their PC, using their account,
> but without requiring a password.
>
> Surely this can't be the way it's supposed to work?! I thought that
> the DefaultPassword registry entry had to contain the password for
> DefaultUserName before auto logon would work yet it seems to work if
> DefaultPassword is missing. Can anyone else confirm this behaviour or
> suggest what I may have done wrong?
Sorry for coming so late, but isn't the password stored in LSA Secrets
instead ?
If you used this feature before, then the password might linger there.
Did you try to run LSADUMP2 ? You might see your admin password cleartext.
Regards,
- Nicolas RUFF
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic