There is a registry edit that you can make to prevent pwd's from being
cached.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon]
"CachedLogonsCount"="0"

This should be part of your hardening process.

-- 
Sean Waddell
Network Engineer
The ESP Group
Dimitri Limanovski wrote:
> 
> If I'm not mistaken, by default WindowsNT/2000 will remember (cache) user
> credentials, both local and network, unless defined otherwise via domain
> security policy or by hand in the registry.
> Now, where does OS keep this "cached" password? To test I first logged to
> the network using one of the test machines. I then disconnected from the
> network and logged using the same network credentials while actually
> "offline". No problems there. (BTW, network password is remembered because
> you'll get an error when trying to use anything else). I then used pwdump2
> and extracted password hashes. I then tried to LophtCrack it but was only
> presented with the list of local users and their corresponding passwords.
> Now, what happened to "cached" network username/password? Where does Windows
> keep this information and is it possible to extract them?
> Thanks in advance,
> 
> Dimitri

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]