Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Microsoft
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Windows AutoAdminLogon Security

from [Nicolas RUFF] Network Security [Permanent Link]
Subject: Re: Windows AutoAdminLogon Security
Date: Tue, 23 Jan 2007 23:17:01 +0100 
Scenario: A Windows domain with an n day password expiration policy
and Windows 2000 SP4 PCs with all the latest security patches. I know
that a Windows user will have to change their password today, so I
set AutoAdminLogon to 1 in their registry. When they switch off their
PC and go home I am able to log on to their PC, using their account,
but without requiring a password.

Surely this can't be the way it's supposed to work?! I thought that
the DefaultPassword registry entry had to contain the password for
DefaultUserName before auto logon would work yet it seems to work if
DefaultPassword is missing. Can anyone else confirm this behaviour or
suggest what I may have done wrong?


Sorry for coming so late, but isn't the password stored in LSA Secrets
instead ?

If you used this feature before, then the password might linger there.

Did you try to run LSADUMP2 ? You might see your admin password cleartext.

Regards,
- Nicolas RUFF
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Re: Windows AutoAdminLogon Security, Nicolas RUFF <=
Previous by Date:  Re: Secure Remote access - windows 2003, Nicolas RUFF
Next by Date:  RE: IPSec and GRE (47), juan carlos davila
Previous by Thread:  IE security zone assignment on 2003 terminal server, Daniel Schmidt
Next by Thread:  Automatic spam mover, Lars
Indexes:  [Date] [Thread] [Top] [All Lists]