ACRALS.CO.UK

• Next message: Gudknecht, Jerome: "Re: Custom NT domain policy to tweak IE Zones and set Outlook sec urit y."
• Previous message: Pulka Adrian: "Directory and file auditing"
• Maybe in reply to: Hayday, John (ISSReading): "ISS SAVANT Advisory 00/26"
• Maybe reply: Alan Ramsbottom: "Re: ISS SAVANT Advisory 00/26"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

One incidental experiment I tried shortly after playing with Aprils chntpw
was increasing the security level of the EFS private key. It didn't work
because when you export, zap and reimport an EFS "cert" at Medium or High
Security levels it is ignored and LSASRV (or whatever) generates a new one.

However you can successfully reimport at the default security level leaving
the "Mark private key as exportable" box unchecked. Provided you have a
backup safely tucked away (typically a .pfx file) I think this treatment is
worth considering for most private keys in most scenarios to umm.. raise the
bar a little for any passing malware that wants run off with them.

Note, I've never been able to find any useful information on the virtues of
that High Security private key storage level. More explicitly, is the extra
private key password just kept in the users head or is it also obsfucated on
the system? There are obvious parallels to effects of Syskey modes so the
answer is clearly significant and MS really should get around to one..

-Alan-

• Next message: Gudknecht, Jerome: "Re: Custom NT domain policy to tweak IE Zones and set Outlook sec urit y."
• Previous message: Pulka Adrian: "Directory and file auditing"
• Maybe in reply to: Hayday, John (ISSReading): "ISS SAVANT Advisory 00/26"
• Maybe reply: Alan Ramsbottom: "Re: ISS SAVANT Advisory 00/26"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]