Warning: iconv_mime_decode() [function.iconv-mime-decode]: Malformed string in /home/secureg/public_html/lib/standard.lib.php on line 2251
Protecting the Automatic Logon Password
Protecting the Automatic Logon Password

Protecting the Automatic Logon Password
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Microsoft Applications Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Protecting the Automatic Logon Password simple_user 07-18-2007
Posted by =?Utf-8?B?c2ltcGxlX3VzZXI=?= on July 18, 2007, 11:02 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Hi there,
I was trying to change the way of automatic logon.
I wrote simple executable using LSA to set password by LsaStorePrivateData
(). Then I deleted reg.key value ‘DefaultPassword’
I restarted PC (WindowsXP installed) but it didn’t get through – it show
log-on dialog and I have to enter password manually.
I thought that Winlogon should be able to retrieve ‘secret’ password and not
to look for ‘DefaultPassword’ value.
Do I missing something here? Any additional steps needs?

Regards,


Posted by S. Pidgorny on July 18, 2007, 4:51 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
I think automatic logon is designed to require the DefaultPassword value.
Therefore LSA private data won't help, as there is no setting that allow
system to use it for automatic logon (AFAIK).

What are you trying to achieve with this?

--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-

* http://sl.mvps.org * http://msmvps.com/blogs/sp *

> Hi there,
> I was trying to change the way of automatic logon.
> I wrote simple executable using LSA to set password by LsaStorePrivateData
> (). Then I deleted reg.key value 'DefaultPassword'
> I restarted PC (WindowsXP installed) but it didn't get through - it show
> log-on dialog and I have to enter password manually.
> I thought that Winlogon should be able to retrieve 'secret' password and
> not
> to look for 'DefaultPassword' value.
> Do I missing something here? Any additional steps needs?
>
> Regards,
>



Posted by =?Utf-8?B?c2ltcGxlX3VzZXI=?= on July 18, 2007, 5:16 pm
If you were  Registered and logged in, you could reply and use other advanced thread options


"S. Pidgorny <MVP>" wrote:

> I think automatic logon is designed to require the DefaultPassword value.
> Therefore LSA private data won't help, as there is no setting that allow
> system to use it for automatic logon (AFAIK).
>
> What are you trying to achieve with this?
>
> --
> Svyatoslav Pidgorny, MS MVP - Security, MCSE
> -= F1 is the key =-
>
> * http://sl.mvps.org * http://msmvps.com/blogs/sp *
>
> > Hi there,
> > I was trying to change the way of automatic logon.
> > I wrote simple executable using LSA to set password by LsaStorePrivateData
> > (). Then I deleted reg.key value 'DefaultPassword'
> > I restarted PC (WindowsXP installed) but it didn't get through - it show
> > log-on dialog and I have to enter password manually.
> > I thought that Winlogon should be able to retrieve 'secret' password and
> > not
> > to look for 'DefaultPassword' value.
> > Do I missing something here? Any additional steps needs?
> >
> > Regards,
> >
>
>
> Hi,
Idea is to protect automatic logon password. There is the article
(http://msdn2.microsoft.com/en-us/library/aa378826.aspx), which talks about
it. What I was trying to achieve is to remove plain text (DefaultPassword)
from the registry that it can’t be seen.
But at this point I’m not sure what exactly my steps should be in order to
do that ( trying to find more articles, so far not so good).
I might be wrong but it could be that I have to write custom dll in order to
perform auto logon. Any ideas or pointing to some direction are welcome 


Posted by =?Utf-8?B?SWFu?= on July 22, 2007, 6:20 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
The LSA password is used if you set autologon by running the "control
userpasswords2" applet. It is not used if you set autologon manually in the
winlogon registry key.

Was looking-into this for the next release of MyLogon, as I'd like to
integrate the setup into one applet instead of referring the user to the
Microsoft tool, as is presently done.

Having said that, the LSA is no longer secure, it has been cracked. Thus it
is questionable whether it's worth the effort of setting an LSA password.
Perhaps better just to make sure the autologon password is a throwaway one -
one which is not also used for secure services.

Basically, no password stored in the registry is safe, even if encrypted,
since it must be possible for the same computer to decrypt it by some means
or other, and if the system can decrypt it, then in principle an
Administrative user can too. The only safe stored password is a hashed one
(which is not suitable for autologon purposes)

Password revealers: http://nirsoft.net/



Similar ThreadsPosted
Password protecting a desktop folder October 5, 2006, 4:12 pm
password protecting a travel drive December 23, 2006, 11:53 am
Security settings on the Terminal Server prevent automatic logon September 12, 2005, 3:18 am
Force password change at next logon. October 14, 2008, 6:49 am
Verifying an account password without modyfying the last logon July 5, 2008, 10:36 am
Smart Card based Logon & User ID and Password June 17, 2005, 10:09 am
No password expiration alert when smart card logon is required December 27, 2005, 1:14 pm
Protecting CD copy June 16, 2005, 2:43 pm
protecting a folder November 1, 2005, 10:16 am
Protecting e-mails August 16, 2007, 9:03 pm

The site map in XML format XML site map

Contact Us | Privacy Policy