OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Damien Adams (dadamsscientech.com)
Date: Fri Apr 19 2002 - 11:22:49 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Actually this feature in Windows 2000 can be disabled. And once the machine
    is removed as in the machine is no longer part of that domain I would
    believe that this cached account information would be removed.

    To remove password caching check out this e-mail, part of a previous thread
    entitled "Password Caching"
    http://online.securityfocus.com/archive/88/199760

    Damien

    >-----Original Message-----
    >From: Bejon Parsinia [mailto:bejonsupertel.com]
    >Sent: Friday, April 19, 2002 12:53 AM
    >To: 'Mike Coppins'; focus-mssecurityfocus.com
    >Subject: RE: windows domain question
    >
    >
    >Mike,
    >
    >Speaking from experience, depending on the policies in place on
    >the network,
    >the laptop very well could retain sensitive information about the domain.
    >My example is as follows, I take my laptop home with me every night. It is
    >running Win2k Pro. I can leave my login information exactly the same as
    >when I have it plugged into my domain at the office when I login to the
    >laptop at home without any sort of VPN or public access to my network.
    >
    >What does this mean? The laptop contains cached information (username,
    >password, domain name) that does not necessarily expire. I am just logging
    >in to use my laptop at home without connecting to any resources other than
    >my internet connection at the house. Dangerous, you bet. You can run
    >utilities to capture and recover those passwords very easily. No need to
    >disconnect it from the domain whatsoever.
    >
    >Hope this helps,
    >
    >Bejon
    >
    >-----Original Message-----
    >From: Mike Coppins [mailto:mikelegolas.com]
    >Sent: Thursday, April 18, 2002 9:46 AM
    >To: focus-mssecurityfocus.com
    >Subject: windows domain question
    >
    >
    >If you connect a machine to a Windows domain, so things like SIDs change,
    >machine IDs synchronised, etc, and then disconnected, what happens exactly?
    >Does the node that gets disconnected generate a new machine SID or does
    >information get left behind on the node?
    >
    >Putting the question into a scenario might help :) If a laptop (NT4 or
    >Win2k) is connected to a domain, then is removed from the domain (as in, an
    >admin goes into network properties and tells the machine that it is part of
    >a bog standard workgroup again, is the laptop going to retain any
    >information that it belonged to a domain before, and possibly security
    >sensitive information about the domain?
    >
    >
    >
    >--
    >Mike Coppins
    >mikelegolas.com
    >http://www.legolas.com/
    >Currently looking for work: http://www.legolas.com/mikes/cv.html
    >
    >
    >