Penetration Testing mailing list archives
Re: pwdump 2 & 3
From: Chris Buechler <cbuechler () gmail com>
Date: Thu, 16 Dec 2004 18:22:02 -0500
On Thu, 16 Dec 2004 10:39:17 +0100, miguel.dilaj () pharma novartis com <miguel.dilaj () pharma novartis com> wrote:
Take into account that the caching can be (and should be? ;-) disabled with the following registry key: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\CACHEDLOGONSCOUNT (change it to 1 to disable the caching)
Also, FYI, you can set this domain-wide in group policy if you have Active Directory. Under Computer Configuration, Windows Settings, Local Policies, Security Options. "Interactive logon: Number of previous logons to cache (in case domain controller is not available)" Keep in mind if you disable this completely on laptops, users won't be able to log into their domain account when disconnected from the network. You could maintain local user accounts for field use, but that would create a support nightmare. Depends on your environment, your policies, and the level of risk. -Chris
Current thread:
- pwdump 2 & 3 Guillaume Lavoix (Dec 15)
- Re: pwdump 2 & 3 IndianZ (Dec 15)
- edirectory pasword hashes Maarten Hartsuijker (Dec 15)
- <Possible follow-ups>
- Re: pwdump 2 & 3 miguel . dilaj (Dec 16)
- Re: pwdump 2 & 3 Chris Buechler (Dec 17)
- Re: pwdump 2 & 3 Barrie Dempster (Dec 22)
- Re: pwdump 2 & 3 Chris Buechler (Dec 17)