Penetration Testing mailing list archives
Re: pwdump 2 & 3
From: Barrie Dempster <barrie () reboot-robot net>
Date: Wed, 22 Dec 2004 10:34:44 +0000
On Thu, 2004-12-16 at 18:22 -0500, Chris Buechler wrote: <snip>
Also, FYI, you can set this domain-wide in group policy if you have Active Directory. Under Computer Configuration, Windows Settings, Local Policies, Security Options. "Interactive logon: Number of previous logons to cache (in case domain controller is not available)"
<snip> Your laptops could be moved to a separate OU from your desktops (common setup as GPO differs often between the two) then you could have all the Desktop machines set to 0 and the laptops set to 1 - most laptops are single user machines anyway. This would give you the best of both, your laptop users would retain their single profile and be able to access their machines whilst not connected to the network and your Desktop machines wouldn't cache credentials. With Regards.. Barrie Dempster (zeedo) - Fortiter et Strenue http://www.bsrf.org.uk [ gpg --recv-keys --keyserver www.keyserver.net 0x96025FD0 ]
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- pwdump 2 & 3 Guillaume Lavoix (Dec 15)
- Re: pwdump 2 & 3 IndianZ (Dec 15)
- edirectory pasword hashes Maarten Hartsuijker (Dec 15)
- <Possible follow-ups>
- Re: pwdump 2 & 3 miguel . dilaj (Dec 16)
- Re: pwdump 2 & 3 Chris Buechler (Dec 17)
- Re: pwdump 2 & 3 Barrie Dempster (Dec 22)
- Re: pwdump 2 & 3 Chris Buechler (Dec 17)