NT will by default cache the last ten logins' credentials. There is a
registry setting to alter this behaviour.

Cached security credentials, including passwords, are stored and encrypted
in the
registry and protected by an access control list (ACL). RAS uses Local
Security
Authority (LSA) Secrets to store the entries. The default ACL values only
allow
administrators and the user associated with the credentials to gain access
to
these registry entries

Bob Free
Sr. Network Specialist
ISTS/ITUSS/DC/System Server Support
PG&E Auburn, Ca

-----Original Message-----
From: tbos1sears.com [mailto:tbos1sears.com]
Sent: Wednesday, July 25, 2001 1:47 PM
To: focus-mssecurityfocus.com
Subject: cached passwords

When a users logs into a NT machine, I was under the impression that the
user profile is cached locally. If this is the case, the password must
also be stored locally somewhere besides the SAM database. Can anyone
confirm this and know if there is a way to secure this (providing there is
a way to access the password).

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]