[prev in list] [next in list] [prev in thread] [next in thread] 

List:       focus-ms
Subject:    Re: Windows AutoAdminLogon Security
From:       Nicolas RUFF <nicolas.ruff () gmail ! com>
Date:       2007-01-23 22:17:01
Message-ID: 45B6895D.9080801 () gmail ! com
[Download RAW message or body]

> Scenario: A Windows domain with an n day password expiration policy
> and Windows 2000 SP4 PCs with all the latest security patches. I know
> that a Windows user will have to change their password today, so I
> set AutoAdminLogon to 1 in their registry. When they switch off their
> PC and go home I am able to log on to their PC, using their account,
> but without requiring a password.
>
> Surely this can't be the way it's supposed to work?! I thought that
> the DefaultPassword registry entry had to contain the password for
> DefaultUserName before auto logon would work yet it seems to work if
> DefaultPassword is missing. Can anyone else confirm this behaviour or
> suggest what I may have done wrong?

Sorry for coming so late, but isn't the password stored in LSA Secrets
instead ?

If you used this feature before, then the password might linger there.

Did you try to run LSADUMP2 ? You might see your admin password cleartext.

Regards,
- Nicolas RUFF
[prev in list] [next in list] [prev in thread] [next in thread]